Ensuring that certificates returned from digicert are in the proper format (#564)

This commit is contained in:
kevgliss 2016-12-06 12:05:18 -08:00 committed by GitHub
parent 81272a2f7a
commit e94cf6ddc9
6 changed files with 16 additions and 17 deletions

View File

@ -86,10 +86,10 @@ def find_duplicates(cert):
:param cert:
:return:
"""
if cert.chain:
return Certificate.query.filter_by(body=cert.body.strip(), chain=cert.chain.strip()).all()
if cert['chain']:
return Certificate.query.filter_by(body=cert['body'].strip(), chain=cert['chain'].strip()).all()
else:
return Certificate.query.filter_by(body=cert.body.strip(), chain=None).all()
return Certificate.query.filter_by(body=cert['body'].strip(), chain=None).all()
def export(cert, export_plugin):

View File

@ -65,7 +65,7 @@ def create(**kwargs):
"""
endpoint = Endpoint(**kwargs)
database.create(endpoint)
metrics.send('endpoint_added', 'counter', 1)
metrics.send('endpoint_added', 'counter', 1, metric_tags={'source': endpoint.source.label})
return endpoint
@ -95,7 +95,7 @@ def update(endpoint_id, **kwargs):
endpoint.policy = kwargs['policy']
endpoint.certificate = kwargs['certificate']
endpoint.source = kwargs['source']
metrics.send('endpoint_added', 'counter', 1)
metrics.send('endpoint_updated', 'counter', 1, metric_tags={'source': endpoint.source.label})
database.update(endpoint)
return endpoint
@ -106,8 +106,9 @@ def rotate_certificate(endpoint, new_cert):
endpoint.source.plugin.update_endpoint(endpoint, new_cert)
endpoint.certificate = new_cert
database.update(endpoint)
metrics.send('certificate_rotate_success', 'counter', 1, metric_tags={'endpoint': endpoint.name, 'source': endpoint.source.label})
except Exception as e:
metrics.send('rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
metrics.send('certificate_rotate_failure', 'counter', 1, metric_tags={'endpoint': endpoint.name})
current_app.logger.exception(e)
raise e

View File

@ -787,12 +787,13 @@ def validate_sources(source_strings):
if 'all' in source_strings:
sources = source_service.get_all()
else:
for source_str in source_strings:
source = source_service.get_by_label(source_str)
if not source:
sys.stderr.write("Unable to find specified source with label: {0}".format(source_str))
sys.stderr.write("Unable to find specified source with label: {0}\n".format(source_str))
sys.exit(1)
sources.append(source)
return sources

View File

@ -42,7 +42,6 @@ def is_valid(listener_tuple):
:param listener_tuple:
"""
lb_port, i_port, lb_protocol, arn = listener_tuple
current_app.logger.debug(lb_protocol)
if lb_protocol.lower() in ['ssl', 'https']:
if not arn:
raise InvalidListener

View File

@ -312,7 +312,7 @@ class DigiCertIssuerPlugin(IssuerPlugin):
# retrieve ceqrtificate
certificate_url = "{0}/services/v2/certificate/{1}/download/format/pem_all".format(base_url, certificate_id)
end_entity, intermediate, root = pem.parse(self.session.get(certificate_url).content)
return str(end_entity), str(intermediate)
return "\n".join(str(end_entity).splitlines()), "\n".join(str(end_entity).splitlines())
@staticmethod
def create_authority(options):
@ -377,7 +377,7 @@ class DigiCertCISIssuerPlugin(IssuerPlugin):
# retrieve certificate
certificate_pem = get_cis_certificate(self.session, base_url, data['id'])
end_entity = pem.parse(certificate_pem)[0]
return str(end_entity), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
return "\n".join(str(end_entity).splitlines()), current_app.config.get('DIGICERT_CIS_INTERMEDIATE')
@staticmethod
def create_authority(options):

View File

@ -118,7 +118,6 @@ def sync_endpoints(source):
certificate = endpoint.pop('certificate', None)
if certificate_name:
current_app.logger.debug(certificate_name)
cert = cert_service.get_by_name(certificate_name)
elif certificate:
@ -206,7 +205,6 @@ def clean(source):
return
for certificate in certificates:
current_app.logger.debug(certificate)
cert = cert_service.get_by_name(certificate)
if cert: