Ensuring that certificates returned from digicert are in the proper format (#564)

This commit is contained in:
kevgliss 2016-12-06 12:05:18 -08:00 committed by GitHub
parent 81272a2f7a
commit e94cf6ddc9
6 changed files with 16 additions and 17 deletions

View File

@ -86,10 +86,10 @@ def find_duplicates(cert):
:param cert: :param cert:
:return: :return:
""" """
if cert.chain: if cert['chain']:
return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all() return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all()
else: else:
return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all() return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all()
def export(cert, export_plugin): def export(cert, export_plugin):

View File

@ -65,7 +65,7 @@ def create(**kwargs):
""" """
endpoint = Endpoint(**kwargs) endpoint = Endpoint(**kwargs)
database.create(endpoint) database.create(endpoint)
metrics.send('endpoint_added', 'counter', 1) metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label})
return endpoint return endpoint
@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs):
endpoint.policy = kwargs['policy'] endpoint.policy = kwargs['policy']
endpoint.certificate = kwargs['certificate'] endpoint.certificate = kwargs['certificate']
endpoint.source = kwargs['source'] endpoint.source = kwargs['source']
metrics.send('endpoint_added', 'counter', 1) metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label})
database.update(endpoint) database.update(endpoint)
return endpoint return endpoint
@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert):
endpoint.source.plugin.update_endpoint(endpoint, new_cert) endpoint.source.plugin.update_endpoint(endpoint, new_cert)
endpoint.certificate = new_cert endpoint.certificate = new_cert
database.update(endpoint) database.update(endpoint)
metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label})
except Exception as e: except Exception as e:
metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name}) metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
current_app.logger.exception(e) current_app.logger.exception(e)
raise e raise e

View File

@ -787,12 +787,13 @@ def validate_sources(source_strings):
if 'all' in source_strings: if 'all' in source_strings:
sources = source_service.get_all() sources = source_service.get_all()
else:
for source_str in source_strings: for source_str in source_strings:
source = source_service.get_by_label(source_str) source = source_service.get_by_label(source_str)
if not source: if not source:
sys.stderr.write("Unable to find specified source with label: {0}".format(source_str)) sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str))
sys.exit(1)
sources.append(source) sources.append(source)
return sources return sources

View File

@ -42,7 +42,6 @@ def is_valid(listener_tuple):
:param listener_tuple: :param listener_tuple:
""" """
lb_port, i_port, lb_protocol, arn = listener_tuple lb_port, i_port, lb_protocol, arn = listener_tuple
current_app.logger.debug(lb_protocol)
if lb_protocol.lower() in ['ssl', 'https']: if lb_protocol.lower() in ['ssl', 'https']:
if not arn: if not arn:
raise InvalidListener raise InvalidListener

View File

@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin):
# retrieve ceqrtificate # retrieve ceqrtificate
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id) certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content) end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
return str(end_entity), str(intermediate) return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())
@staticmethod @staticmethod
def create_authority(options): def create_authority(options):
@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
# retrieve certificate # retrieve certificate
certificate_pem = get_cis_certificate(self.session, base_url, data['id']) certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
end_entity = pem.parse(certificate_pem)[0] end_entity = pem.parse(certificate_pem)[0]
return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE') return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
@staticmethod @staticmethod
def create_authority(options): def create_authority(options):

View File

@ -118,7 +118,6 @@ def sync_endpoints(source):
certificate = endpoint.pop('certificate', None) certificate = endpoint.pop('certificate', None)
if certificate_name: if certificate_name:
current_app.logger.debug(certificate_name)
cert = cert_service.get_by_name(certificate_name) cert = cert_service.get_by_name(certificate_name)
elif certificate: elif certificate:
@ -206,7 +205,6 @@ def clean(source):
return return
for certificate in certificates: for certificate in certificates:
current_app.logger.debug(certificate)
cert = cert_service.get_by_name(certificate) cert = cert_service.get_by_name(certificate)
if cert: if cert: