Max end date as per start date + default validity 3 years

lemur/authorities/schemas.py

@@ -109,7 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
     cn = fields.String()
     not_after = fields.DateTime()
     not_before = fields.DateTime()
-    max_issuance_date = fields.DateTime()
+    max_issuance_days = fields.Integer()
     owner = fields.Email()
     status = fields.Boolean()
     user = fields.Nested(UserNestedOutputSchema)
@@ -135,7 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
     owner = fields.Email()
     plugin = fields.Nested(PluginOutputSchema)
     active = fields.Boolean()
-    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
+    authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
 
 
 authority_update_schema = AuthorityUpdateSchema()

lemur/certificates/models.py

@@ -312,14 +312,12 @@ class Certificate(db.Model):
         return self.not_after - self.not_before
 
     @property
-    def max_issuance_date(self):
+    def max_issuance_days(self):
         public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
         if self.name.lower() in [ca.lower() for ca in public_CA]:
-            default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
-        else:
-            default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365)   # 1 Year
-        issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
-        return arrow.utcnow().shift(days=issuance_validity_days)
+            return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
+
+        return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095)   # 3 years default
 
     @property
     def subject(self):

lemur/static/app/angular/certificates/certificate/tracking.tpl.html

@@ -151,10 +151,11 @@
                  uib-tooltip="yyyy/MM/dd"
                  uib-datepicker-popup="yyyy/MM/dd"
                  ng-model="certificate.validityStart"
+                 ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
                  is-open="popup1.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
+                 max-date="certificate.authority.authorityCertificate.notAfter"
                  min-date="certificate.authority.authorityCertificate.notBefore"
                  alt-input-formats="altInputFormats"
                  placeholder="Start Date"
@@ -174,8 +175,8 @@
                  is-open="popup2.opened"
                  datepicker-options="dateOptions"
                  close-text="Close"
-                 max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
-                 min-date="certificate.authority.authorityCertificate.notBefore"
+                 max-date="certificate.authority.authorityCertificate.maxValidityEnd"
+                 min-date="certificate.authority.authorityCertificate.minValidityEnd"
                  alt-input-formats="altInputFormats"
                  placeholder="End Date"
           />

lemur/static/app/angular/certificates/services.js

@@ -164,6 +164,18 @@ angular.module('lemur')
               this.extensions.keyUsage.useDecipherOnly = true;
             }
           }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) this.validityEnd = '';
+
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
         }
       });
     });
@@ -264,6 +276,9 @@ angular.module('lemur')
           }
         }
 
+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
+
         if (certificate.dnsProviderId) {
           certificate.dnsProvider = {id: certificate.dnsProviderId};
         }
@@ -292,3 +307,4 @@ angular.module('lemur')
 
     return CertificateService;
   });
+

lemur/static/app/angular/pending_certificates/services.js

@@ -144,6 +144,18 @@ angular.module('lemur')
               this.extensions.keyUsage.useDecipherOnly = true;
             }
           }
+        },
+        setValidityEndDateRange: function (value) {
+          // clear selected validity end date as we are about to calculate new range
+          if(this.validityEnd) this.validityEnd = '';
+
+          // Minimum end date will be same as selected start date
+          this.authority.authorityCertificate.minValidityEnd = value;
+
+          // Move max end date by maxIssuanceDays
+          let endDate = new Date(value);
+          endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
+          this.authority.authorityCertificate.maxValidityEnd = endDate;
         }
       });
     });
@@ -230,6 +242,9 @@ angular.module('lemur')
             certificate.authority = defaults.authority;
           }
         }
+
+        certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
+        certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
       });
     };