From e94cf6ddc9d8db47316f6679b66921ec8800e73a Mon Sep 17 00:00:00 2001 From: kevgliss Date: Tue, 6 Dec 2016 12:05:18 -0800 Subject: [PATCH] Ensuring that certificates returned from digicert are in the proper format (#564) --- lemur/certificates/service.py | 6 +++--- lemur/endpoints/service.py | 7 ++++--- lemur/manage.py | 13 +++++++------ lemur/plugins/lemur_aws/elb.py | 1 - lemur/plugins/lemur_digicert/plugin.py | 4 ++-- lemur/sources/service.py | 2 -- 6 files changed, 16 insertions(+), 17 deletions(-) diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index 8065d51f..ea2ebc5d 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -86,10 +86,10 @@ def find_duplicates(cert): :param cert: :return: """ - if cert.chain: - return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all() + if cert['chain']: + return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all() else: - return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all() + return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all() def export(cert, export_plugin): diff --git a/lemur/endpoints/service.py b/lemur/endpoints/service.py index 86b07e43..2d2f5ecc 100644 --- a/lemur/endpoints/service.py +++ b/lemur/endpoints/service.py @@ -65,7 +65,7 @@ def create(**kwargs): """ endpoint = Endpoint(**kwargs) database.create(endpoint) - metrics.send('endpoint_added', 'counter', 1) + metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label}) return endpoint @@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs): endpoint.policy = kwargs['policy'] endpoint.certificate = kwargs['certificate'] endpoint.source = kwargs['source'] - metrics.send('endpoint_added', 'counter', 1) + metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label}) database.update(endpoint) return endpoint @@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert): endpoint.source.plugin.update_endpoint(endpoint, new_cert) endpoint.certificate = new_cert database.update(endpoint) + metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label}) except Exception as e: - metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name}) + metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name}) current_app.logger.exception(e) raise e diff --git a/lemur/manage.py b/lemur/manage.py index ab7cb592..513e1530 100755 --- a/lemur/manage.py +++ b/lemur/manage.py @@ -787,14 +787,15 @@ def validate_sources(source_strings): if 'all' in source_strings: sources = source_service.get_all() + else: + for source_str in source_strings: + source = source_service.get_by_label(source_str) - for source_str in source_strings: - source = source_service.get_by_label(source_str) + if not source: + sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str)) + sys.exit(1) - if not source: - sys.stderr.write("Unable to find specified source with label: {0}".format(source_str)) - - sources.append(source) + sources.append(source) return sources diff --git a/lemur/plugins/lemur_aws/elb.py b/lemur/plugins/lemur_aws/elb.py index 8bc1b58f..bc235304 100644 --- a/lemur/plugins/lemur_aws/elb.py +++ b/lemur/plugins/lemur_aws/elb.py @@ -42,7 +42,6 @@ def is_valid(listener_tuple): :param listener_tuple: """ lb_port, i_port, lb_protocol, arn = listener_tuple - current_app.logger.debug(lb_protocol) if lb_protocol.lower() in ['ssl', 'https']: if not arn: raise InvalidListener diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py index b3ab7b79..36550747 100644 --- a/lemur/plugins/lemur_digicert/plugin.py +++ b/lemur/plugins/lemur_digicert/plugin.py @@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin): # retrieve ceqrtificate certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id) end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content) - return str(end_entity), str(intermediate) + return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines()) @staticmethod def create_authority(options): @@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin): # retrieve certificate certificate_pem = get_cis_certificate(self.session, base_url, data['id']) end_entity = pem.parse(certificate_pem)[0] - return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE') + return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE') @staticmethod def create_authority(options): diff --git a/lemur/sources/service.py b/lemur/sources/service.py index 878cdbc7..272d9f80 100644 --- a/lemur/sources/service.py +++ b/lemur/sources/service.py @@ -118,7 +118,6 @@ def sync_endpoints(source): certificate = endpoint.pop('certificate', None) if certificate_name: - current_app.logger.debug(certificate_name) cert = cert_service.get_by_name(certificate_name) elif certificate: @@ -206,7 +205,6 @@ def clean(source): return for certificate in certificates: - current_app.logger.debug(certificate) cert = cert_service.get_by_name(certificate) if cert: