Ensuring that certificates returned from digicert are in the proper format (#564)

2016-12-06 12:05:18 -08:00 · 2016-12-06 12:05:18 -08:00 · e94cf6ddc9
parent 81272a2f7a
commit e94cf6ddc9
6 changed files with 16 additions and 17 deletions
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -86,10 +86,10 @@ def find_duplicates(cert):
    :param cert:
    :return:
    """
-    if cert.chain:
-        return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all()
+    if cert['chain']:
+        return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all()
    else:
-        return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all()
+        return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all()


 def export(cert, export_plugin):
--- a/lemur/endpoints/service.py
+++ b/lemur/endpoints/service.py
@ -65,7 +65,7 @@ def create(**kwargs):
    """
    endpoint = Endpoint(**kwargs)
    database.create(endpoint)
-    metrics.send('endpoint_added', 'counter', 1)
+    metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label})
    return endpoint


@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs):
    endpoint.policy = kwargs['policy']
    endpoint.certificate = kwargs['certificate']
    endpoint.source = kwargs['source']
-    metrics.send('endpoint_added', 'counter', 1)
+    metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label})
    database.update(endpoint)
    return endpoint

@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert):
        endpoint.source.plugin.update_endpoint(endpoint, new_cert)
        endpoint.certificate = new_cert
        database.update(endpoint)
+        metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label})
    except Exception as e:
-        metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
+        metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
        current_app.logger.exception(e)
        raise e

--- a/lemur/manage.py
+++ b/lemur/manage.py
@ -787,14 +787,15 @@ def validate_sources(source_strings):

    if 'all' in source_strings:
        sources = source_service.get_all()
+    else:
+        for source_str in source_strings:
+            source = source_service.get_by_label(source_str)

-    for source_str in source_strings:
-        source = source_service.get_by_label(source_str)
+            if not source:
+                sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str))
+                sys.exit(1)

-        if not source:
-            sys.stderr.write("Unable to find specified source with label: {0}".format(source_str))
-
-        sources.append(source)
+            sources.append(source)
    return sources


--- a/lemur/plugins/lemur_aws/elb.py
+++ b/lemur/plugins/lemur_aws/elb.py
@ -42,7 +42,6 @@ def is_valid(listener_tuple):
    :param listener_tuple:
    """
    lb_port, i_port, lb_protocol, arn = listener_tuple
-    current_app.logger.debug(lb_protocol)
    if lb_protocol.lower() in ['ssl', 'https']:
        if not arn:
            raise InvalidListener
--- a/lemur/plugins/lemur_digicert/plugin.py
+++ b/lemur/plugins/lemur_digicert/plugin.py
@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin):
        # retrieve ceqrtificate
        certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
        end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
-        return str(end_entity), str(intermediate)
+        return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())

    @staticmethod
    def create_authority(options):
@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
        # retrieve certificate
        certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
        end_entity = pem.parse(certificate_pem)[0]
-        return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
+        return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')

    @staticmethod
    def create_authority(options):
--- a/lemur/sources/service.py
+++ b/lemur/sources/service.py
@ -118,7 +118,6 @@ def sync_endpoints(source):
        certificate = endpoint.pop('certificate', None)

        if certificate_name:
-            current_app.logger.debug(certificate_name)
            cert = cert_service.get_by_name(certificate_name)

        elif certificate:
@ -206,7 +205,6 @@ def clean(source):
        return

    for certificate in certificates:
-        current_app.logger.debug(certificate)
        cert = cert_service.get_by_name(certificate)

        if cert: