Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

maximum 1 year validity for digicert

This commit is contained in:
sayali 2020-08-11 18:02:42 -07:00 committed by Hossein Shafagh
parent e06dea106f
commit 3cb386cc0f
2 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lemur/plugins/lemur_digicert/plugin.py
View File

@ -61,18 +61,16 @@ def signature_hash(signing_algorithm):
def determine_validity_years(years): def determine_validity_years(years):
"""Given an end date determine how many years into the future that date is.
:param years:
:return: validity in years
""" """
default_years = current_app.config.get("DIGICERT_DEFAULT_VALIDITY", 1) Considering maximum allowed certificate validity period of 398 days, this method should not return
max_years = current_app.config.get("DIGICERT_MAX_VALIDITY", default_years) more than 1 year of validity. Thus changing it to return 1.
Lemur will change this method in future to handle validity in months (determine_validity_months)
instead of years. This will allow flexibility to handle short-lived certificates.
if years > max_years: :param years:
return max_years :return: 1
if years not in [1, 2, 3]: """
return default_years return 1
return years
def determine_end_date(end_date): def determine_end_date(end_date):

11
lemur/plugins/lemur_digicert/tests/test_digicert.py
View File

@ -14,8 +14,6 @@ def config_mock(*args):
"DIGICERT_ORG_ID": 111111, "DIGICERT_ORG_ID": 111111,
"DIGICERT_PRIVATE": False, "DIGICERT_PRIVATE": False,
"DIGICERT_DEFAULT_SIGNING_ALGORITHM": "sha256", "DIGICERT_DEFAULT_SIGNING_ALGORITHM": "sha256",
"DIGICERT_DEFAULT_VALIDITY": 1,
"DIGICERT_MAX_VALIDITY": 2,
"DIGICERT_CIS_PROFILE_NAMES": {"digicert": 'digicert'}, "DIGICERT_CIS_PROFILE_NAMES": {"digicert": 'digicert'},
"DIGICERT_CIS_SIGNING_ALGORITHMS": {"digicert": 'digicert'}, "DIGICERT_CIS_SIGNING_ALGORITHMS": {"digicert": 'digicert'},
} }
@ -24,10 +22,9 @@ def config_mock(*args):
@patch("lemur.plugins.lemur_digicert.plugin.current_app") @patch("lemur.plugins.lemur_digicert.plugin.current_app")
def test_determine_validity_years(mock_current_app): def test_determine_validity_years(mock_current_app):
mock_current_app.config.get = Mock(return_value=2)
assert plugin.determine_validity_years(1) == 1 assert plugin.determine_validity_years(1) == 1
assert plugin.determine_validity_years(0) == 2 assert plugin.determine_validity_years(0) == 1
assert plugin.determine_validity_years(3) == 2 assert plugin.determine_validity_years(3) == 1
@patch("lemur.plugins.lemur_digicert.plugin.current_app") @patch("lemur.plugins.lemur_digicert.plugin.current_app")
@ -52,7 +49,7 @@ def test_map_fields_with_validity_years(mock_current_app):
"owner": "bob@example.com", "owner": "bob@example.com",
"description": "test certificate", "description": "test certificate",
"extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}}, "extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}},
"validity_years": 2 "validity_years": 1
} }
expected = { expected = {
"certificate": { "certificate": {
@ -62,7 +59,7 @@ def test_map_fields_with_validity_years(mock_current_app):
"signature_hash": "sha256", "signature_hash": "sha256",
}, },
"organization": {"id": 111111}, "organization": {"id": 111111},
"validity_years": 2, "validity_years": 1,
} }
assert expected == plugin.map_fields(options, CSR_STR) assert expected == plugin.map_fields(options, CSR_STR)