Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into master

This commit is contained in:
sirferl 2020-08-20 11:33:18 +02:00 committed by GitHub
parent 1b73b1d080 41b35fb13d
commit 4f148f3bc3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 62 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/administration.rst
View File

@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
PUBLIC_CA_MAX_VALIDITY_DAYS = 365 PUBLIC_CA_MAX_VALIDITY_DAYS = 365
.. data:: DEFAULT_MAX_VALIDITY_DAYS
:noindex:
Use this config to override the default limit of 1095 days (3 years) of validity. Any CA which is not listed in
PUBLIC_CA_AUTHORITY_NAMES will be using this validity to display date range on UI. Below example overrides the
default validity of 1095 days and sets it to 365 days.
::
DEFAULT_MAX_VALIDITY_DAYS = 365
.. data:: DEBUG_DUMP .. data:: DEBUG_DUMP
:noindex: :noindex:
@ -229,7 +240,7 @@ and are used when Lemur creates the CSR for your certificates.
:: ::
LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = "Operations" LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ""
.. data:: LEMUR_DEFAULT_ISSUER_PLUGIN .. data:: LEMUR_DEFAULT_ISSUER_PLUGIN

2
lemur/authorities/schemas.py
View File

@ -109,6 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
cn = fields.String() cn = fields.String()
not_after = fields.DateTime() not_after = fields.DateTime()
not_before = fields.DateTime() not_before = fields.DateTime()
max_issuance_days = fields.Integer()
owner = fields.Email() owner = fields.Email()
status = fields.Boolean() status = fields.Boolean()
user = fields.Nested(UserNestedOutputSchema) user = fields.Nested(UserNestedOutputSchema)
@ -134,6 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
owner = fields.Email() owner = fields.Email()
plugin = fields.Nested(PluginOutputSchema) plugin = fields.Nested(PluginOutputSchema)
active = fields.Boolean() active = fields.Boolean()
authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days"])
authority_update_schema = AuthorityUpdateSchema() authority_update_schema = AuthorityUpdateSchema()

8
lemur/certificates/models.py
View File

@ -311,6 +311,14 @@ class Certificate(db.Model):
def validity_range(self): def validity_range(self):
return self.not_after - self.not_before return self.not_after - self.not_before
@property
def max_issuance_days(self):
public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
if self.name.lower() in [ca.lower() for ca in public_CA]:
return current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
return current_app.config.get("DEFAULT_MAX_VALIDITY_DAYS", 1095) # 3 years default
@property @property
def subject(self): def subject(self):
return self.parsed_cert.subject return self.parsed_cert.subject

3
lemur/static/app/angular/authorities/authority/distinguishedName.tpl.html
View File

@ -46,8 +46,7 @@
Organizational Unit Organizational Unit
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control" required/> <input name="organizationalUnit" ng-model="authority.organizationalUnit" placeholder="Organizational Unit" class="form-control"/>
<p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must enter a organizational unit</p>
</div> </div>
</div> </div>
</div> </div>

4
lemur/static/app/angular/certificates/certificate/distinguishedName.tpl.html
View File

@ -62,9 +62,7 @@
</label> </label>
<div class="col-sm-10"> <div class="col-sm-10">
<input name="organizationalUnit" ng-model="certificate.organizationalUnit" placeholder="Organizational Unit" <input name="organizationalUnit" ng-model="certificate.organizationalUnit" placeholder="Organizational Unit"
class="form-control" required/> class="form-control"/>
<p ng-show="dnForm.organization.$invalid && !dnForm.organizationalUnit.$pristine" class="help-block">You must
enter a organizational unit</p>
</div> </div>
</div> </div>
</div> </div>

5
lemur/static/app/angular/certificates/certificate/tracking.tpl.html
View File

@ -151,6 +151,7 @@
uib-tooltip="yyyy/MM/dd" uib-tooltip="yyyy/MM/dd"
uib-datepicker-popup="yyyy/MM/dd" uib-datepicker-popup="yyyy/MM/dd"
ng-model="certificate.validityStart" ng-model="certificate.validityStart"
ng-change="certificate.setValidityEndDateRange(certificate.validityStart)"
is-open="popup1.opened" is-open="popup1.opened"
datepicker-options="dateOptions" datepicker-options="dateOptions"
close-text="Close" close-text="Close"
@ -174,8 +175,8 @@
is-open="popup2.opened" is-open="popup2.opened"
datepicker-options="dateOptions" datepicker-options="dateOptions"
close-text="Close" close-text="Close"
max-date="certificate.authority.authorityCertificate.notAfter" max-date="certificate.authority.authorityCertificate.maxValidityEnd"
min-date="certificate.authority.authorityCertificate.notBefore" min-date="certificate.authority.authorityCertificate.minValidityEnd"
alt-input-formats="altInputFormats" alt-input-formats="altInputFormats"
placeholder="End Date" placeholder="End Date"
/> />

18
lemur/static/app/angular/certificates/services.js vendored
View File

@ -164,6 +164,20 @@ angular.module('lemur')
this.extensions.keyUsage.useDecipherOnly = true; this.extensions.keyUsage.useDecipherOnly = true;
} }
} }
},
setValidityEndDateRange: function (value) {
// clear selected validity end date as we are about to calculate new range
if(this.validityEnd) {
this.validityEnd = '';
}
// Minimum end date will be same as selected start date
this.authority.authorityCertificate.minValidityEnd = value;
// Move max end date by maxIssuanceDays
let endDate = new Date(value);
endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
this.authority.authorityCertificate.maxValidityEnd = endDate;
} }
}); });
}); });
@ -264,6 +278,9 @@ angular.module('lemur')
} }
} }
certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
if (certificate.dnsProviderId) { if (certificate.dnsProviderId) {
certificate.dnsProvider = {id: certificate.dnsProviderId}; certificate.dnsProvider = {id: certificate.dnsProviderId};
} }
@ -292,3 +309,4 @@ angular.module('lemur')
return CertificateService; return CertificateService;
}); });

17
lemur/static/app/angular/pending_certificates/services.js vendored
View File

@ -144,6 +144,20 @@ angular.module('lemur')
this.extensions.keyUsage.useDecipherOnly = true; this.extensions.keyUsage.useDecipherOnly = true;
} }
} }
},
setValidityEndDateRange: function (value) {
// clear selected validity end date as we are about to calculate new range
if(this.validityEnd) {
this.validityEnd = '';
}
// Minimum end date will be same as selected start date
this.authority.authorityCertificate.minValidityEnd = value;
// Move max end date by maxIssuanceDays
let endDate = new Date(value);
endDate.setDate(endDate.getDate() + this.authority.authorityCertificate.maxIssuanceDays);
this.authority.authorityCertificate.maxValidityEnd = endDate;
} }
}); });
}); });
@ -230,6 +244,9 @@ angular.module('lemur')
certificate.authority = defaults.authority; certificate.authority = defaults.authority;
} }
} }
certificate.authority.authorityCertificate.minValidityEnd = defaults.authority.authorityCertificate.notBefore;
certificate.authority.authorityCertificate.maxValidityEnd = defaults.authority.authorityCertificate.notAfter;
}); });
}; };