From 7011a4df8b8bfed11baaad7cc21f02f43c0b6f58 Mon Sep 17 00:00:00 2001 From: sayali Date: Tue, 18 Aug 2020 14:47:55 -0700 Subject: [PATCH] max date on UI as per max validity configs --- docs/administration.rst | 11 +++++++++++ lemur/authorities/schemas.py | 2 ++ lemur/certificates/models.py | 10 ++++++++++ .../certificates/certificate/tracking.tpl.html | 4 ++-- 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/docs/administration.rst b/docs/administration.rst index 9f377119..df027f70 100644 --- a/docs/administration.rst +++ b/docs/administration.rst @@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c PUBLIC_CA_MAX_VALIDITY_DAYS = 365 +.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS + :noindex: + Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is + not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of + 365 days and sets it to 90 days. + + :: + + INTERNAL_CA_MAX_VALIDITY_DAYS = 90 + + .. data:: DEBUG_DUMP :noindex: diff --git a/lemur/authorities/schemas.py b/lemur/authorities/schemas.py index 9f9d4686..e77c6456 100644 --- a/lemur/authorities/schemas.py +++ b/lemur/authorities/schemas.py @@ -110,6 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema): cn = fields.String() not_after = fields.DateTime() not_before = fields.DateTime() + max_issuance_date = fields.DateTime() owner = fields.Email() status = fields.Boolean() user = fields.Nested(UserNestedOutputSchema) @@ -135,6 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema): owner = fields.Email() plugin = fields.Nested(PluginOutputSchema) active = fields.Boolean() + authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"]) authority_update_schema = AuthorityUpdateSchema() diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py index 58630ee6..9ea45409 100644 --- a/lemur/certificates/models.py +++ b/lemur/certificates/models.py @@ -311,6 +311,16 @@ class Certificate(db.Model): def validity_range(self): return self.not_after - self.not_before + @property + def max_issuance_date(self): + public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", []) + if self.name.lower() in [ca.lower() for ca in public_CA]: + default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397) + else: + default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365) # 1 Year + issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days) + return arrow.utcnow().shift(days=issuance_validity_days) + @property def subject(self): return self.parsed_cert.subject diff --git a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html index 027add0f..47de640e 100644 --- a/lemur/static/app/angular/certificates/certificate/tracking.tpl.html +++ b/lemur/static/app/angular/certificates/certificate/tracking.tpl.html @@ -154,7 +154,7 @@ is-open="popup1.opened" datepicker-options="dateOptions" close-text="Close" - max-date="certificate.authority.authorityCertificate.notAfter" + max-date="certificate.authority.authorityCertificate.maxIssuanceDate" min-date="certificate.authority.authorityCertificate.notBefore" alt-input-formats="altInputFormats" placeholder="Start Date" @@ -174,7 +174,7 @@ is-open="popup2.opened" datepicker-options="dateOptions" close-text="Close" - max-date="certificate.authority.authorityCertificate.notAfter" + max-date="certificate.authority.authorityCertificate.maxIssuanceDate" min-date="certificate.authority.authorityCertificate.notBefore" alt-input-formats="altInputFormats" placeholder="End Date"