moving the 2 year validity issue to the Verisign plugin, and address it there
This commit is contained in:
Hossein Shafagh
parent
c47fa0f9a2
commit
48ad20faca
|
|
@ -16,9 +16,7 @@ def convert_validity_years(data):
|
||||||
data['validity_start'] = now.isoformat()
|
data['validity_start'] = now.isoformat()
|
||||||
|
|
||||||
end = now.replace(years=+int(data['validity_years']))
|
end = now.replace(years=+int(data['validity_years']))
|
||||||
# some CAs want to see exactly two years validity, and not two years plus one day, as is the case currently
|
|
||||||
# 1/25/2019 + 2 years ==> 1/25/2019 (two years and 1 day extra, violating the 2 year's limit)
|
|
||||||
end = end.replace(days=-1)
|
|
||||||
if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
|
if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
|
||||||
if is_weekend(end):
|
if is_weekend(end):
|
||||||
end = end.replace(days=-2)
|
end = end.replace(days=-2)
|
||||||
|
|
|
||||||
|
|
@ -111,10 +111,19 @@ def process_options(options):
|
||||||
|
|
||||||
data['subject_alt_names'] = ",".join(get_additional_names(options))
|
data['subject_alt_names'] = ",".join(get_additional_names(options))
|
||||||
|
|
||||||
|
if options.get('validity_end') > arrow.utcnow().replace(years=2):
|
||||||
|
raise Exception("Verisign issued certificates cannot exceed two years in validity")
|
||||||
|
|
||||||
if options.get('validity_end'):
|
if options.get('validity_end'):
|
||||||
|
# VeriSign (Symantec) only accepts strictly smaller than 2 year end date
|
||||||
|
if options.get('validity_end') < arrow.utcnow().replace(years=2).replace(days=-1):
|
||||||
period = get_default_issuance(options)
|
period = get_default_issuance(options)
|
||||||
data['specificEndDate'] = options['validity_end'].format("MM/DD/YYYY")
|
data['specificEndDate'] = options['validity_end'].format("MM/DD/YYYY")
|
||||||
data['validityPeriod'] = period
|
data['validityPeriod'] = period
|
||||||
|
else:
|
||||||
|
# allowing Symantec website setting the end date, given the validity period
|
||||||
|
data['validityPeriod'] = str(get_default_issuance(options))
|
||||||
|
options.pop('validity_end', None)
|
||||||
|
|
||||||
elif options.get('validity_years'):
|
elif options.get('validity_years'):
|
||||||
if options['validity_years'] in [1, 2]:
|
if options['validity_years'] in [1, 2]:
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,12 @@ from freezegun import freeze_time
|
||||||
def test_convert_validity_years(session):
|
def test_convert_validity_years(session):
|
||||||
from lemur.common.missing import convert_validity_years
|
from lemur.common.missing import convert_validity_years
|
||||||
|
|
||||||
with freeze_time("2016-01-02"):
|
with freeze_time("2016-01-01"):
|
||||||
data = convert_validity_years(dict(validity_years=2))
|
data = convert_validity_years(dict(validity_years=2))
|
||||||
|
|
||||||
assert data['validity_start'] == arrow.utcnow().isoformat()
|
assert data['validity_start'] == arrow.utcnow().isoformat()
|
||||||
assert data['validity_end'] == arrow.utcnow().replace(years=+2, days=-1).isoformat()
|
assert data['validity_end'] == arrow.utcnow().replace(years=+2).isoformat()
|
||||||
|
|
||||||
with freeze_time("2015-01-11"):
|
with freeze_time("2015-01-10"):
|
||||||
data = convert_validity_years(dict(validity_years=1))
|
data = convert_validity_years(dict(validity_years=1))
|
||||||
assert data['validity_end'] == arrow.utcnow().replace(years=+1, days=-3).isoformat()
|
assert data['validity_end'] == arrow.utcnow().replace(years=+1, days=-2).isoformat()
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue