max date on UI as per max validity configs
This commit is contained in:
parent
5b3f40467b
commit
bc5579e9bf
|
@ -172,6 +172,17 @@ Specifying the `SQLALCHEMY_MAX_OVERFLOW` to 0 will enforce limit to not create c
|
||||||
PUBLIC_CA_MAX_VALIDITY_DAYS = 365
|
PUBLIC_CA_MAX_VALIDITY_DAYS = 365
|
||||||
|
|
||||||
|
|
||||||
|
.. data:: INTERNAL_CA_MAX_VALIDITY_DAYS
|
||||||
|
:noindex:
|
||||||
|
Use this config to override the limit of 365 days of validity for certificates issued by internal CA. Any CA which is
|
||||||
|
not listed in PUBLIC_CA_AUTHORITY_NAMES will be treated as internal. Below example overrides the default validity of
|
||||||
|
365 days and sets it to 90 days.
|
||||||
|
|
||||||
|
::
|
||||||
|
|
||||||
|
INTERNAL_CA_MAX_VALIDITY_DAYS = 90
|
||||||
|
|
||||||
|
|
||||||
.. data:: DEBUG_DUMP
|
.. data:: DEBUG_DUMP
|
||||||
:noindex:
|
:noindex:
|
||||||
|
|
||||||
|
|
|
@ -109,6 +109,7 @@ class RootAuthorityCertificateOutputSchema(LemurOutputSchema):
|
||||||
cn = fields.String()
|
cn = fields.String()
|
||||||
not_after = fields.DateTime()
|
not_after = fields.DateTime()
|
||||||
not_before = fields.DateTime()
|
not_before = fields.DateTime()
|
||||||
|
max_issuance_date = fields.DateTime()
|
||||||
owner = fields.Email()
|
owner = fields.Email()
|
||||||
status = fields.Boolean()
|
status = fields.Boolean()
|
||||||
user = fields.Nested(UserNestedOutputSchema)
|
user = fields.Nested(UserNestedOutputSchema)
|
||||||
|
@ -134,6 +135,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
|
||||||
owner = fields.Email()
|
owner = fields.Email()
|
||||||
plugin = fields.Nested(PluginOutputSchema)
|
plugin = fields.Nested(PluginOutputSchema)
|
||||||
active = fields.Boolean()
|
active = fields.Boolean()
|
||||||
|
authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_date"])
|
||||||
|
|
||||||
|
|
||||||
authority_update_schema = AuthorityUpdateSchema()
|
authority_update_schema = AuthorityUpdateSchema()
|
||||||
|
|
|
@ -311,6 +311,16 @@ class Certificate(db.Model):
|
||||||
def validity_range(self):
|
def validity_range(self):
|
||||||
return self.not_after - self.not_before
|
return self.not_after - self.not_before
|
||||||
|
|
||||||
|
@property
|
||||||
|
def max_issuance_date(self):
|
||||||
|
public_CA = current_app.config.get("PUBLIC_CA_AUTHORITY_NAMES", [])
|
||||||
|
if self.name.lower() in [ca.lower() for ca in public_CA]:
|
||||||
|
default_validity_days = current_app.config.get("PUBLIC_CA_MAX_VALIDITY_DAYS", 397)
|
||||||
|
else:
|
||||||
|
default_validity_days = current_app.config.get("INTERNAL_CA_MAX_VALIDITY_DAYS", 365) # 1 Year
|
||||||
|
issuance_validity_days = min(abs(self.not_after - arrow.utcnow()).days, default_validity_days)
|
||||||
|
return arrow.utcnow().shift(days=issuance_validity_days)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def subject(self):
|
def subject(self):
|
||||||
return self.parsed_cert.subject
|
return self.parsed_cert.subject
|
||||||
|
|
|
@ -154,7 +154,7 @@
|
||||||
is-open="popup1.opened"
|
is-open="popup1.opened"
|
||||||
datepicker-options="dateOptions"
|
datepicker-options="dateOptions"
|
||||||
close-text="Close"
|
close-text="Close"
|
||||||
max-date="certificate.authority.authorityCertificate.notAfter"
|
max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
|
||||||
min-date="certificate.authority.authorityCertificate.notBefore"
|
min-date="certificate.authority.authorityCertificate.notBefore"
|
||||||
alt-input-formats="altInputFormats"
|
alt-input-formats="altInputFormats"
|
||||||
placeholder="Start Date"
|
placeholder="Start Date"
|
||||||
|
@ -174,7 +174,7 @@
|
||||||
is-open="popup2.opened"
|
is-open="popup2.opened"
|
||||||
datepicker-options="dateOptions"
|
datepicker-options="dateOptions"
|
||||||
close-text="Close"
|
close-text="Close"
|
||||||
max-date="certificate.authority.authorityCertificate.notAfter"
|
max-date="certificate.authority.authorityCertificate.maxIssuanceDate"
|
||||||
min-date="certificate.authority.authorityCertificate.notBefore"
|
min-date="certificate.authority.authorityCertificate.notBefore"
|
||||||
alt-input-formats="altInputFormats"
|
alt-input-formats="altInputFormats"
|
||||||
placeholder="End Date"
|
placeholder="End Date"
|
||||||
|
|
Loading…
Reference in New Issue