From a9724e73830be5c6ee00f6cd81bf2aff6865b071 Mon Sep 17 00:00:00 2001
From: Hossein Shafagh <hshafagh@netflix.com>
Date: Thu, 24 Jan 2019 17:23:40 -0800
Subject: [PATCH] Resolving the 2 years error from UI during cert creation:

Though a CA would accept two year validity, we were getting error for being beyond 2 years.
This is because our current conversion is just current date plus 2 years,
1/25/2019 + 2 years ==> 1/25/2019
This is more strictly seen two years and 1 day extra, violating the 2 year's limit.
---
 lemur/common/missing.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lemur/common/missing.py b/lemur/common/missing.py
index a4bbba77..508019b2 100644
--- a/lemur/common/missing.py
+++ b/lemur/common/missing.py
@@ -16,6 +16,9 @@ def convert_validity_years(data):
         data['validity_start'] = now.isoformat()
 
         end = now.replace(years=+int(data['validity_years']))
+        # some CAs want to see exactly two years validity, and not two years plus one day, as is the case currently
+        # 1/25/2019 + 2 years ==> 1/25/2019 (two years and 1 day extra, violating the 2 year's limit)
+        end = end.replace(days=-1)
         if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
             if is_weekend(end):
                 end = end.replace(days=-2)