From 49c4a9c3b279a96ae31ddd350009f40a0b96e7f5 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 22 May 2020 17:29:30 -0700 Subject: [PATCH] making the revocation to be scoped based on the authority plugin name --- lemur/certificates/cli.py | 2 +- lemur/certificates/service.py | 15 +++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lemur/certificates/cli.py b/lemur/certificates/cli.py index e5e1191b..5ebe7e0f 100644 --- a/lemur/certificates/cli.py +++ b/lemur/certificates/cli.py @@ -468,7 +468,7 @@ def check_revoked(): as `unknown`. """ - certs = get_all_valid_certs(current_app.config.get("CHECK_REVOCATION_AUTHORITY_IDS", [])) + certs = get_all_valid_certs(current_app.config.get("SUPPORTED_REVOCATION_AUTHORITY_PLUGINS", [])) for cert in certs: try: if cert.chain: diff --git a/lemur/certificates/service.py b/lemur/certificates/service.py index d25a136a..8566fdf7 100644 --- a/lemur/certificates/service.py +++ b/lemur/certificates/service.py @@ -102,17 +102,20 @@ def get_all_certs(): return Certificate.query.all() -def get_all_valid_certs(authority_ids): +def get_all_valid_certs(authority_plugin_name): """ - Retrieves all valid (not expired) certificates within Lemur, for the given authority_ids - ignored if no authority_ids provided. + Retrieves all valid (not expired) certificates within Lemur, for the given authority plugin names + ignored if no authority_plugin_name provided. + + Note that depending on the DB size retrieving all certificates might an expensive operation :return: """ - if authority_ids: + if authority_plugin_name: return ( - Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")) - .filter(Certificate.authority_id.in_(authority_ids)).all() + Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter( + Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter( + Authority.plugin_name.in_(authority_plugin_name)).all() ) else: return (