revocation should only check for not expired and not revoked certs

2020-10-21 18:52:55 -07:00 · 2020-10-21 18:52:55 -07:00 · 92eec5cc9c
parent 55f219e97a
commit 92eec5cc9c
1 changed files with 4 additions and 3 deletions
--- a/lemur/certificates/service.py
+++ b/lemur/certificates/service.py
@ -105,7 +105,7 @@ def get_all_certs():

 def get_all_valid_certs(authority_plugin_name):
    """
-    Retrieves all valid (not expired) certificates within Lemur, for the given authority plugin names
+    Retrieves all valid (not expired & not revoked) certificates within Lemur, for the given authority plugin names
    ignored if no authority_plugin_name provided.

    Note that depending on the DB size retrieving all certificates might an expensive operation
@ -116,11 +116,12 @@ def get_all_valid_certs(authority_plugin_name):
        return (
            Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter(
                Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
-                Authority.plugin_name.in_(authority_plugin_name)).all()
+                Authority.plugin_name.in_(authority_plugin_name)).filter(Certificate.revoked.is_(False)).all()
        )
    else:
        return (
-            Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).all()
+            Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
+                Certificate.revoked.is_(False)).all()
        )