diff --git a/docs/administration.rst b/docs/administration.rst index 9f377119..846a4c34 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c PUBLIC_CA_MAX_VALIDITY_DAYS = 365 +.. data:: DEFAULT_MAX_VALIDITY_DAYS + :noindex: + Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in + PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the + default validity of 1095 days and sets it to 365 days. + + :: + + DEFAULT_MAX_VALIDITY_DAYS = 365 + + .. data:: DEBUG_DUMP :noindex: @@ -229,7 +240,7 @@ and are used when Lemur creates the CSR for your certificates. :: - LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations" + LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "" .. data:: LEMUR_DEFAULT_ISSUER_PLUGIN diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py index c78aec94..0700c15b 100644 --- a/lemur/authorities/schemas.py +++ b/lemur/authorities/schemas.py @@ -109,6 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema): cn = fields.String() not_after = fields.DateTime() not_before = fields.DateTime() + max_issuance_days = fields.Integer() owner = fields.Email() status = fields.Boolean() user = fields.Nested(UserNestedOutputSchema) @@ -134,6 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema): owner = fields.Email() plugin = fields.Nested(PluginOutputSchema) active = fields.Boolean() + authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"]) authority_update_schema = AuthorityUpdateSchema() diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py index 58630ee6..5f6c4ba9 100644 --- a/lemur/certificates/models.py +++ b/lemur/certificates/models.py @@ -311,6 +311,14 @@ class Certificate(db.Model): def validity_range(self): return self.not_after - self.not_before + @property + def max_issuance_days(self): + public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", []) + if self.name.lower() in [ca.lower() for ca in public_CA]: + return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397) + + return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095) # 3 years default + @property def subject(self): return self.parsed_cert.subject diff --git a/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html b/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html index 33b0ba4b..c6a7d312 100644 --- a/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html +++ b/lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html @@ -46,8 +46,7 @@ Organizational Unit
- -

You must enter a organizational unit

+
diff --git a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html index 19102b03..72f168a0 100644 --- a/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html @@ -62,9 +62,7 @@
-

You must - enter a organizational unit

+ class="form-control"/>
diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html index 027add0f..07d6b0f4 100644 --- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html @@ -151,6 +151,7 @@ uib-tooltip="yyyy/MM/dd" uib-datepicker-popup="yyyy/MM/dd" ng-model="certificate.validityStart" + ng-change="certificate.setValidityEndDateRange(certificate.validityStart)" is-open="popup1.opened" datepicker-options="dateOptions" close-text="Close" @@ -174,8 +175,8 @@ is-open="popup2.opened" datepicker-options="dateOptions" close-text="Close" - max-date="certificate.authority.authorityCertificate.notAfter" - min-date="certificate.authority.authorityCertificate.notBefore" + max-date="certificate.authority.authorityCertificate.maxValidityEnd" + min-date="certificate.authority.authorityCertificate.minValidityEnd" alt-input-formats="altInputFormats" placeholder="End Date" /> diff --git a/lemur/static/app/angular/certificates/services.js b/lemur/static/app/angular/certificates/services.js index 3a23076d..881a443a 100644 --- a/lemur/static/app/angular/certificates/services.js +++ b/lemur/static/app/angular/certificates/services.js @@ -164,6 +164,20 @@ angular.module('lemur') this.extensions.keyUsage.useDecipherOnly = true; } } + }, + setValidityEndDateRange: function (value) { + // clear selected validity end date as we are about to calculate new range + if(this.validityEnd) { + this.validityEnd = ''; + } + + // Minimum end date will be same as selected start date + this.authority.authorityCertificate.minValidityEnd = value; + + // Move max end date by maxIssuanceDays + let endDate = new Date(value); + endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays); + this.authority.authorityCertificate.maxValidityEnd = endDate; } }); }); @@ -264,6 +278,9 @@ angular.module('lemur') } } + certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore; + certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter; + if (certificate.dnsProviderId) { certificate.dnsProvider = {id: certificate.dnsProviderId}; } @@ -292,3 +309,4 @@ angular.module('lemur') return CertificateService; }); + diff --git a/lemur/static/app/angular/pending_certificates/services.js b/lemur/static/app/angular/pending_certificates/services.js index 4e1b23e4..2f99eb7d 100644 --- a/lemur/static/app/angular/pending_certificates/services.js +++ b/lemur/static/app/angular/pending_certificates/services.js @@ -144,6 +144,20 @@ angular.module('lemur') this.extensions.keyUsage.useDecipherOnly = true; } } + }, + setValidityEndDateRange: function (value) { + // clear selected validity end date as we are about to calculate new range + if(this.validityEnd) { + this.validityEnd = ''; + } + + // Minimum end date will be same as selected start date + this.authority.authorityCertificate.minValidityEnd = value; + + // Move max end date by maxIssuanceDays + let endDate = new Date(value); + endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays); + this.authority.authorityCertificate.maxValidityEnd = endDate; } }); }); @@ -230,6 +244,9 @@ angular.module('lemur') certificate.authority = defaults.authority; } } + + certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore; + certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter; }); };