max date on UI as per max validity configs

This commit is contained in:
sayali 2020-08-18 14:47:55 -07:00 committed by Hossein Shafagh
parent 4d7c6844e5
commit 7011a4df8b
4 changed files with 25 additions and 2 deletions

View File

@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
PUBLIC_CA_MAX_VALIDITY_DAYS = 365 PUBLIC_CA_MAX_VALIDITY_DAYS = 365
.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS
:noindex:
Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is
not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of
365 days and sets it to 90 days.
::
INTERNAL_CA_MAX_VALIDITY_DAYS = 90
.. data:: DEBUG_DUMP .. data:: DEBUG_DUMP
:noindex: :noindex:

View File

@ -110,6 +110,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
cn = fields.String() cn = fields.String()
not_after = fields.DateTime() not_after = fields.DateTime()
not_before = fields.DateTime() not_before = fields.DateTime()
max_issuance_date = fields.DateTime()
owner = fields.Email() owner = fields.Email()
status = fields.Boolean() status = fields.Boolean()
user = fields.Nested(UserNestedOutputSchema) user = fields.Nested(UserNestedOutputSchema)
@ -135,6 +136,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
owner = fields.Email() owner = fields.Email()
plugin = fields.Nested(PluginOutputSchema) plugin = fields.Nested(PluginOutputSchema)
active = fields.Boolean() active = fields.Boolean()
authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
authority_update_schema = AuthorityUpdateSchema() authority_update_schema = AuthorityUpdateSchema()

View File

@ -311,6 +311,16 @@ class Certificate(db.Model):
def validity_range(self): def validity_range(self):
return self.not_after - self.not_before return self.not_after - self.not_before
@property
def max_issuance_date(self):
public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
if self.name.lower() in [ca.lower() for ca in public_CA]:
default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
else:
default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365) # 1 Year
issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
return arrow.utcnow().shift(days=issuance_validity_days)
@property @property
def subject(self): def subject(self):
return self.parsed_cert.subject return self.parsed_cert.subject

View File

@ -154,7 +154,7 @@
is-open="popup1.opened" is-open="popup1.opened"
datepicker-options="dateOptions" datepicker-options="dateOptions"
close-text="Close" close-text="Close"
max-date="certificate.authority.authorityCertificate.notAfter" max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
min-date="certificate.authority.authorityCertificate.notBefore" min-date="certificate.authority.authorityCertificate.notBefore"
alt-input-formats="altInputFormats" alt-input-formats="altInputFormats"
placeholder="Start Date" placeholder="Start Date"
@ -174,7 +174,7 @@
is-open="popup2.opened" is-open="popup2.opened"
datepicker-options="dateOptions" datepicker-options="dateOptions"
close-text="Close" close-text="Close"
max-date="certificate.authority.authorityCertificate.notAfter" max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
min-date="certificate.authority.authorityCertificate.notBefore" min-date="certificate.authority.authorityCertificate.notBefore"
alt-input-formats="altInputFormats" alt-input-formats="altInputFormats"
placeholder="End Date" placeholder="End Date"