Use key_type column for cert get/rotate/reissue/display
Added unit tests
This commit is contained in:
parent
12af0ecb45
commit
cd13832377
|
@ -235,6 +235,7 @@ class Certificate(db.Model):
|
||||||
self.replaces = kwargs.get("replaces", [])
|
self.replaces = kwargs.get("replaces", [])
|
||||||
self.rotation = kwargs.get("rotation")
|
self.rotation = kwargs.get("rotation")
|
||||||
self.rotation_policy = kwargs.get("rotation_policy")
|
self.rotation_policy = kwargs.get("rotation_policy")
|
||||||
|
self.key_type = kwargs.get("key_type")
|
||||||
self.signing_algorithm = defaults.signing_algorithm(cert)
|
self.signing_algorithm = defaults.signing_algorithm(cert)
|
||||||
self.bits = defaults.bitstrength(cert)
|
self.bits = defaults.bitstrength(cert)
|
||||||
self.external_id = kwargs.get("external_id")
|
self.external_id = kwargs.get("external_id")
|
||||||
|
|
|
@ -155,6 +155,14 @@ class CertificateInputSchema(CertificateCreationSchema):
|
||||||
key_type = cert_utils.get_key_type_from_csr(data["csr"])
|
key_type = cert_utils.get_key_type_from_csr(data["csr"])
|
||||||
if key_type:
|
if key_type:
|
||||||
data["key_type"] = key_type
|
data["key_type"] = key_type
|
||||||
|
|
||||||
|
# This code will be exercised for certificate import (without CSR)
|
||||||
|
if data.get("key_type") is None:
|
||||||
|
if data.get("body"):
|
||||||
|
data["key_type"] = utils.get_key_type_from_certificate(data["body"])
|
||||||
|
else:
|
||||||
|
data["key_type"] = "RSA2048" # default value
|
||||||
|
|
||||||
return missing.convert_validity_years(data)
|
return missing.convert_validity_years(data)
|
||||||
|
|
||||||
|
|
||||||
|
@ -277,6 +285,7 @@ class CertificateOutputSchema(LemurOutputSchema):
|
||||||
serial = fields.String()
|
serial = fields.String()
|
||||||
serial_hex = Hex(attribute="serial")
|
serial_hex = Hex(attribute="serial")
|
||||||
signing_algorithm = fields.String()
|
signing_algorithm = fields.String()
|
||||||
|
key_type = fields.String(allow_none=True)
|
||||||
|
|
||||||
status = fields.String()
|
status = fields.String()
|
||||||
user = fields.Nested(UserNestedOutputSchema)
|
user = fields.Nested(UserNestedOutputSchema)
|
||||||
|
|
|
@ -251,10 +251,13 @@ angular.module('lemur')
|
||||||
$scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone
|
$scope.certificate.csr = null; // should not clone CSR in case other settings are changed in clone
|
||||||
$scope.certificate.validityStart = null;
|
$scope.certificate.validityStart = null;
|
||||||
$scope.certificate.validityEnd = null;
|
$scope.certificate.validityEnd = null;
|
||||||
$scope.certificate.keyType = 'RSA2048'; // default algo to show during clone
|
|
||||||
$scope.certificate.description = 'Cloning from cert ID ' + editId;
|
$scope.certificate.description = 'Cloning from cert ID ' + editId;
|
||||||
$scope.certificate.replacedBy = []; // should not clone 'replaced by' info
|
$scope.certificate.replacedBy = []; // should not clone 'replaced by' info
|
||||||
$scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
|
$scope.certificate.removeReplaces(); // should not clone 'replacement cert' info
|
||||||
|
|
||||||
|
if(!$scope.certificate.keyType) {
|
||||||
|
$scope.certificate.keyType = 'RSA2048'; // default algo to show during clone if backend did not return algo
|
||||||
|
}
|
||||||
CertificateService.getDefaults($scope.certificate);
|
CertificateService.getDefaults($scope.certificate);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -111,6 +111,8 @@
|
||||||
<div class="list-group-item">
|
<div class="list-group-item">
|
||||||
<dt>Key Length</dt>
|
<dt>Key Length</dt>
|
||||||
<dd>{{ certificate.bits }}</dd>
|
<dd>{{ certificate.bits }}</dd>
|
||||||
|
<dt>Key Type</dt>
|
||||||
|
<dd>{{ certificate.keyType }}</dd>
|
||||||
<dt>Signing Algorithm</dt>
|
<dt>Signing Algorithm</dt>
|
||||||
<dd>{{ certificate.signingAlgorithm }}</dd>
|
<dd>{{ certificate.signingAlgorithm }}</dd>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -52,7 +52,8 @@ LEMUR_ALLOW_WEEKEND_EXPIRATION = False
|
||||||
|
|
||||||
# Database
|
# Database
|
||||||
|
|
||||||
# modify this if you are not using a local database
|
# modify this if you are not using a local database. Please do not use any DB used for development or production purpose
|
||||||
|
# Please note that Unit Tests drop the whole schema, recreate and again drop everything at the end
|
||||||
SQLALCHEMY_DATABASE_URI = os.getenv(
|
SQLALCHEMY_DATABASE_URI = os.getenv(
|
||||||
"SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur"
|
"SQLALCHEMY_DATABASE_URI", "postgresql://lemur:lemur@localhost:5432/lemur"
|
||||||
)
|
)
|
||||||
|
|
|
@ -155,6 +155,7 @@ def test_get_certificate_primitives(certificate):
|
||||||
with freeze_time(datetime.date(year=2016, month=10, day=30)):
|
with freeze_time(datetime.date(year=2016, month=10, day=30)):
|
||||||
primitives = get_certificate_primitives(certificate)
|
primitives = get_certificate_primitives(certificate)
|
||||||
assert len(primitives) == 26
|
assert len(primitives) == 26
|
||||||
|
assert (primitives["key_type"] == "RSA2048")
|
||||||
|
|
||||||
|
|
||||||
def test_certificate_output_schema(session, certificate, issuer_plugin):
|
def test_certificate_output_schema(session, certificate, issuer_plugin):
|
||||||
|
@ -759,6 +760,7 @@ def test_reissue_certificate(
|
||||||
certificate.authority = crypto_authority
|
certificate.authority = crypto_authority
|
||||||
new_cert = reissue_certificate(certificate)
|
new_cert = reissue_certificate(certificate)
|
||||||
assert new_cert
|
assert new_cert
|
||||||
|
assert (new_cert.key_type == "RSA2048")
|
||||||
|
|
||||||
|
|
||||||
def test_create_csr():
|
def test_create_csr():
|
||||||
|
|
Loading…
Reference in New Issue