revocation should only check for not expired and not revoked certs

This commit is contained in:
Hossein Shafagh 2020-10-21 18:52:55 -07:00
parent 55f219e97a
commit 92eec5cc9c

View File

@ -105,7 +105,7 @@ def get_all_certs():
def get_all_valid_certs(authority_plugin_name): def get_all_valid_certs(authority_plugin_name):
""" """
Retrieves all valid (not expired) certificates within Lemur, for the given authority plugin names Retrieves all valid (not expired & not revoked) certificates within Lemur, for the given authority plugin names
ignored if no authority_plugin_name provided. ignored if no authority_plugin_name provided.
Note that depending on the DB size retrieving all certificates might an expensive operation Note that depending on the DB size retrieving all certificates might an expensive operation
@ -116,11 +116,12 @@ def get_all_valid_certs(authority_plugin_name):
return ( return (
Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter( Certificate.query.outerjoin(Authority, Authority.id == Certificate.authority_id).filter(
Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter( Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
Authority.plugin_name.in_(authority_plugin_name)).all() Authority.plugin_name.in_(authority_plugin_name)).filter(Certificate.revoked.is_(False)).all()
) )
else: else:
return ( return (
Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).all() Certificate.query.filter(Certificate.not_after > arrow.now().format("YYYY-MM-DD")).filter(
Certificate.revoked.is_(False)).all()
) )