Cert validity should not exceed 397 days for publicly trusted issuers
This commit is contained in:
parent
9bcfcebb3a
commit
7a83799bcd
|
@ -152,6 +152,18 @@ def dates(data):
|
||||||
data["authority"].authority_certificate.not_after
|
data["authority"].authority_certificate.not_after
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
# Allow no more than PUBLIC_CA_MAX_VALIDITY_DAYS (Default: 397) days of validity
|
||||||
|
# for certs issued by public CA
|
||||||
|
# The list of public issuers can be managed through a config named PUBLIC_CA
|
||||||
|
public_CA = current_app.config.get("PUBLIC_CA", [])
|
||||||
|
if data["authority"].name.lower() in [ca.lower() for ca in public_CA]:
|
||||||
|
max_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
|
||||||
|
if (
|
||||||
|
(data.get("validity_end").date() - data.get("validity_start").date()).days
|
||||||
|
> max_validity_days
|
||||||
|
):
|
||||||
|
raise ValidationError("Certificate cannot be valid for more than " +
|
||||||
|
str(max_validity_days) + " days")
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
|
@ -82,11 +82,11 @@ def determine_end_date(end_date):
|
||||||
:param end_date:
|
:param end_date:
|
||||||
:return: validity_end
|
:return: validity_end
|
||||||
"""
|
"""
|
||||||
default_years = current_app.config.get("DIGICERT_DEFAULT_VALIDITY", 1)
|
default_days = current_app.config.get("DIGICERT_DEFAULT_VALIDITY_DAYS", 397)
|
||||||
max_validity_end = arrow.utcnow().shift(years=current_app.config.get("DIGICERT_MAX_VALIDITY", default_years))
|
max_validity_end = arrow.utcnow().shift(days=current_app.config.get("DIGICERT_MAX_VALIDITY_DAYS", default_days))
|
||||||
|
|
||||||
if not end_date:
|
if not end_date:
|
||||||
end_date = arrow.utcnow().shift(years=default_years)
|
end_date = arrow.utcnow().shift(days=default_days)
|
||||||
|
|
||||||
if end_date > max_validity_end:
|
if end_date > max_validity_end:
|
||||||
end_date = max_validity_end
|
end_date = max_validity_end
|
||||||
|
|
Loading…
Reference in New Issue