Ensuring that certificates returned from digicert are in the proper format (#564)
This commit is contained in:
parent
81272a2f7a
commit
e94cf6ddc9
|
@ -86,10 +86,10 @@ def find_duplicates(cert):
|
||||||
:param cert:
|
:param cert:
|
||||||
:return:
|
:return:
|
||||||
"""
|
"""
|
||||||
if cert.chain:
|
if cert['chain']:
|
||||||
return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all()
|
return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all()
|
||||||
else:
|
else:
|
||||||
return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all()
|
return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all()
|
||||||
|
|
||||||
|
|
||||||
def export(cert, export_plugin):
|
def export(cert, export_plugin):
|
||||||
|
|
|
@ -65,7 +65,7 @@ def create(**kwargs):
|
||||||
"""
|
"""
|
||||||
endpoint = Endpoint(**kwargs)
|
endpoint = Endpoint(**kwargs)
|
||||||
database.create(endpoint)
|
database.create(endpoint)
|
||||||
metrics.send('endpoint_added', 'counter', 1)
|
metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label})
|
||||||
return endpoint
|
return endpoint
|
||||||
|
|
||||||
|
|
||||||
|
@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs):
|
||||||
endpoint.policy = kwargs['policy']
|
endpoint.policy = kwargs['policy']
|
||||||
endpoint.certificate = kwargs['certificate']
|
endpoint.certificate = kwargs['certificate']
|
||||||
endpoint.source = kwargs['source']
|
endpoint.source = kwargs['source']
|
||||||
metrics.send('endpoint_added', 'counter', 1)
|
metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label})
|
||||||
database.update(endpoint)
|
database.update(endpoint)
|
||||||
return endpoint
|
return endpoint
|
||||||
|
|
||||||
|
@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert):
|
||||||
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
|
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
|
||||||
endpoint.certificate = new_cert
|
endpoint.certificate = new_cert
|
||||||
database.update(endpoint)
|
database.update(endpoint)
|
||||||
|
metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label})
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
|
metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
|
||||||
current_app.logger.exception(e)
|
current_app.logger.exception(e)
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
|
|
|
@ -787,12 +787,13 @@ def validate_sources(source_strings):
|
||||||
|
|
||||||
if 'all' in source_strings:
|
if 'all' in source_strings:
|
||||||
sources = source_service.get_all()
|
sources = source_service.get_all()
|
||||||
|
else:
|
||||||
for source_str in source_strings:
|
for source_str in source_strings:
|
||||||
source = source_service.get_by_label(source_str)
|
source = source_service.get_by_label(source_str)
|
||||||
|
|
||||||
if not source:
|
if not source:
|
||||||
sys.stderr.write("Unable to find specified source with label: {0}".format(source_str))
|
sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str))
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
sources.append(source)
|
sources.append(source)
|
||||||
return sources
|
return sources
|
||||||
|
|
|
@ -42,7 +42,6 @@ def is_valid(listener_tuple):
|
||||||
:param listener_tuple:
|
:param listener_tuple:
|
||||||
"""
|
"""
|
||||||
lb_port, i_port, lb_protocol, arn = listener_tuple
|
lb_port, i_port, lb_protocol, arn = listener_tuple
|
||||||
current_app.logger.debug(lb_protocol)
|
|
||||||
if lb_protocol.lower() in ['ssl', 'https']:
|
if lb_protocol.lower() in ['ssl', 'https']:
|
||||||
if not arn:
|
if not arn:
|
||||||
raise InvalidListener
|
raise InvalidListener
|
||||||
|
|
|
@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin):
|
||||||
# retrieve ceqrtificate
|
# retrieve ceqrtificate
|
||||||
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
|
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
|
||||||
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
|
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
|
||||||
return str(end_entity), str(intermediate)
|
return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_authority(options):
|
def create_authority(options):
|
||||||
|
@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
|
||||||
# retrieve certificate
|
# retrieve certificate
|
||||||
certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
|
certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
|
||||||
end_entity = pem.parse(certificate_pem)[0]
|
end_entity = pem.parse(certificate_pem)[0]
|
||||||
return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
|
return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def create_authority(options):
|
def create_authority(options):
|
||||||
|
|
|
@ -118,7 +118,6 @@ def sync_endpoints(source):
|
||||||
certificate = endpoint.pop('certificate', None)
|
certificate = endpoint.pop('certificate', None)
|
||||||
|
|
||||||
if certificate_name:
|
if certificate_name:
|
||||||
current_app.logger.debug(certificate_name)
|
|
||||||
cert = cert_service.get_by_name(certificate_name)
|
cert = cert_service.get_by_name(certificate_name)
|
||||||
|
|
||||||
elif certificate:
|
elif certificate:
|
||||||
|
@ -206,7 +205,6 @@ def clean(source):
|
||||||
return
|
return
|
||||||
|
|
||||||
for certificate in certificates:
|
for certificate in certificates:
|
||||||
current_app.logger.debug(certificate)
|
|
||||||
cert = cert_service.get_by_name(certificate)
|
cert = cert_service.get_by_name(certificate)
|
||||||
|
|
||||||
if cert:
|
if cert:
|
||||||
|
|
Loading…
Reference in New Issue