Ensuring that certificates returned from digicert are in the proper format (#564)
This commit is contained in:
parent
81272a2f7a
commit
e94cf6ddc9
|
@ -86,10 +86,10 @@ def find_duplicates(cert):
|
|||
:param cert:
|
||||
:return:
|
||||
"""
|
||||
if cert.chain:
|
||||
return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all()
|
||||
if cert['chain']:
|
||||
return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all()
|
||||
else:
|
||||
return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all()
|
||||
return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all()
|
||||
|
||||
|
||||
def export(cert, export_plugin):
|
||||
|
|
|
@ -65,7 +65,7 @@ def create(**kwargs):
|
|||
"""
|
||||
endpoint = Endpoint(**kwargs)
|
||||
database.create(endpoint)
|
||||
metrics.send('endpoint_added', 'counter', 1)
|
||||
metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label})
|
||||
return endpoint
|
||||
|
||||
|
||||
|
@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs):
|
|||
endpoint.policy = kwargs['policy']
|
||||
endpoint.certificate = kwargs['certificate']
|
||||
endpoint.source = kwargs['source']
|
||||
metrics.send('endpoint_added', 'counter', 1)
|
||||
metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label})
|
||||
database.update(endpoint)
|
||||
return endpoint
|
||||
|
||||
|
@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert):
|
|||
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
|
||||
endpoint.certificate = new_cert
|
||||
database.update(endpoint)
|
||||
metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label})
|
||||
except Exception as e:
|
||||
metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
|
||||
metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
|
||||
current_app.logger.exception(e)
|
||||
raise e
|
||||
|
||||
|
|
|
@ -787,12 +787,13 @@ def validate_sources(source_strings):
|
|||
|
||||
if 'all' in source_strings:
|
||||
sources = source_service.get_all()
|
||||
|
||||
else:
|
||||
for source_str in source_strings:
|
||||
source = source_service.get_by_label(source_str)
|
||||
|
||||
if not source:
|
||||
sys.stderr.write("Unable to find specified source with label: {0}".format(source_str))
|
||||
sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str))
|
||||
sys.exit(1)
|
||||
|
||||
sources.append(source)
|
||||
return sources
|
||||
|
|
|
@ -42,7 +42,6 @@ def is_valid(listener_tuple):
|
|||
:param listener_tuple:
|
||||
"""
|
||||
lb_port, i_port, lb_protocol, arn = listener_tuple
|
||||
current_app.logger.debug(lb_protocol)
|
||||
if lb_protocol.lower() in ['ssl', 'https']:
|
||||
if not arn:
|
||||
raise InvalidListener
|
||||
|
|
|
@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin):
|
|||
# retrieve ceqrtificate
|
||||
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
|
||||
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
|
||||
return str(end_entity), str(intermediate)
|
||||
return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())
|
||||
|
||||
@staticmethod
|
||||
def create_authority(options):
|
||||
|
@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
|
|||
# retrieve certificate
|
||||
certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
|
||||
end_entity = pem.parse(certificate_pem)[0]
|
||||
return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
|
||||
return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
|
||||
|
||||
@staticmethod
|
||||
def create_authority(options):
|
||||
|
|
|
@ -118,7 +118,6 @@ def sync_endpoints(source):
|
|||
certificate = endpoint.pop('certificate', None)
|
||||
|
||||
if certificate_name:
|
||||
current_app.logger.debug(certificate_name)
|
||||
cert = cert_service.get_by_name(certificate_name)
|
||||
|
||||
elif certificate:
|
||||
|
@ -206,7 +205,6 @@ def clean(source):
|
|||
return
|
||||
|
||||
for certificate in certificates:
|
||||
current_app.logger.debug(certificate)
|
||||
cert = cert_service.get_by_name(certificate)
|
||||
|
||||
if cert:
|
||||
|
|
Loading…
Reference in New Issue