Merge branch 'master' into master

This commit is contained in:
sirferl 2020-08-20 11:33:18 +02:00 committed by GitHub
commit 4f148f3bc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 62 additions and 8 deletions

View File

@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
PUBLIC_CA_MAX_VALIDITY_DAYS = 365
.. data:: DEFAULT_MAX_VALIDITY_DAYS
:noindex:
Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
default validity of 1095 days and sets it to 365 days.
::
DEFAULT_MAX_VALIDITY_DAYS = 365
.. data:: DEBUG_DUMP
:noindex:
@ -229,7 +240,7 @@ and are used when Lemur creates the CSR for your certificates.
::
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations"
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ""
.. data:: LEMUR_DEFAULT_ISSUER_PLUGIN

View File

@ -109,6 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
cn = fields.String()
not_after = fields.DateTime()
not_before = fields.DateTime()
max_issuance_days = fields.Integer()
owner = fields.Email()
status = fields.Boolean()
user = fields.Nested(UserNestedOutputSchema)
@ -134,6 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
owner = fields.Email()
plugin = fields.Nested(PluginOutputSchema)
active = fields.Boolean()
authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
authority_update_schema = AuthorityUpdateSchema()

View File

@ -311,6 +311,14 @@ class Certificate(db.Model):
def validity_range(self):
return self.not_after - self.not_before
@property
def max_issuance_days(self):
public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
if self.name.lower() in [ca.lower() for ca in public_CA]:
return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095) # 3 years default
@property
def subject(self):
return self.parsed_cert.subject

View File

@ -46,8 +46,7 @@
Organizational Unit
</label>
<div class="col-sm-10">
<input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control" required/>
<p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must enter a organizational unit</p>
<input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control"/>
</div>
</div>
</div>

View File

@ -62,9 +62,7 @@
</label>
<div class="col-sm-10">
<input name="organizationalUnit" ng-model="certificate.organizationalUnit" placeholder="Organizational Unit"
class="form-control" required/>
<p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must
enter a organizational unit</p>
class="form-control"/>
</div>
</div>
</div>

View File

@ -151,6 +151,7 @@
uib-tooltip="yyyy/MM/dd"
uib-datepicker-popup="yyyy/MM/dd"
ng-model="certificate.validityStart"
ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
is-open="popup1.opened"
datepicker-options="dateOptions"
close-text="Close"
@ -174,8 +175,8 @@
is-open="popup2.opened"
datepicker-options="dateOptions"
close-text="Close"
max-date="certificate.authority.authorityCertificate.notAfter"
min-date="certificate.authority.authorityCertificate.notBefore"
max-date="certificate.authority.authorityCertificate.maxValidityEnd"
min-date="certificate.authority.authorityCertificate.minValidityEnd"
alt-input-formats="altInputFormats"
placeholder="End Date"
/>

View File

@ -164,6 +164,20 @@ angular.module('lemur')
this.extensions.keyUsage.useDecipherOnly = true;
}
}
},
setValidityEndDateRange: function (value) {
// clear selected validity end date as we are about to calculate new range
if(this.validityEnd) {
this.validityEnd = '';
}
// Minimum end date will be same as selected start date
this.authority.authorityCertificate.minValidityEnd = value;
// Move max end date by maxIssuanceDays
let endDate = new Date(value);
endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
this.authority.authorityCertificate.maxValidityEnd = endDate;
}
});
});
@ -264,6 +278,9 @@ angular.module('lemur')
}
}
certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
if (certificate.dnsProviderId) {
certificate.dnsProvider = {id: certificate.dnsProviderId};
}
@ -292,3 +309,4 @@ angular.module('lemur')
return CertificateService;
});

View File

@ -144,6 +144,20 @@ angular.module('lemur')
this.extensions.keyUsage.useDecipherOnly = true;
}
}
},
setValidityEndDateRange: function (value) {
// clear selected validity end date as we are about to calculate new range
if(this.validityEnd) {
this.validityEnd = '';
}
// Minimum end date will be same as selected start date
this.authority.authorityCertificate.minValidityEnd = value;
// Move max end date by maxIssuanceDays
let endDate = new Date(value);
endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
this.authority.authorityCertificate.maxValidityEnd = endDate;
}
});
});
@ -230,6 +244,9 @@ angular.module('lemur')
certificate.authority = defaults.authority;
}
}
certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
});
};