This is done in two places:
* Certificate import validator -- throws validation errors.
* Certificate model constructor -- to ensure integrity of Lemur's data
even when issuer plugins or other code paths have bugs.
In preparation for certificate integrity-checking: invalid certificate
chains and mismatching private keys will no longer be allowed anywhere
in Lemur code.
The test vector certs were generated using the Lemur "cryptography"
authority plugin.
* Certificates are now more similar to real-world usage: long serial
numbers, etc.
* Private key is included for all certs, so it's easy to re-generate
anything if needed.
* Initial work on certificate rotation.
* Adding ability to get additional certificate info.
* - Adding endpoint rotation.
- Removes the g requirement from all services to enable easier testing.
When importing a certificate, the private key is passed to the
import/upload process from the UI as a str object. In Python3 this
raises two issues when processing the private key - the private key
validation fails and database insert of the certificate fails.
The fix in both cases is to correctly encode the private key as a bytes
object.
Curtis Castrapel
Marti Raudsepp
kevgliss
Charles Hendrie