Adds option to restrict certificate expiration dates to weekdays. (#453)

* Adding ability to restrict certificate creation to weekdays.

* Ensuring that we test for weekends.

lemur/common/missing.py

@@ -1,13 +1,26 @@
 import arrow
+from flask import current_app
+
+from lemur.common.utils import is_weekend
 
 
-def dates(data):
-    # ensure that validity_start and validity_end are always set
-    if not(data.get('validity_start') and data.get('validity_end')):
-        if data.get('validity_years'):
-            num_years = data['validity_years']
-            now = arrow.utcnow()
-            then = now.replace(years=+int(num_years))
+def convert_validity_years(data):
+    """
+    Convert validity years to validity_start and validity_end
 
-            data['validity_start'] = now.isoformat()
-            data['validity_end'] = then.isoformat()
+    :param data:
+    :return:
+    """
+    if data.get('validity_years'):
+        now = arrow.utcnow()
+        data['validity_start'] = now.date().isoformat()
+
+        end = now.replace(years=+int(data['validity_years']))
+        data['validity_end'] = end.date().isoformat()
+
+        if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
+            if is_weekend(end):
+                end = end.replace(days=-2)
+                data['validity_end'] = end.date().isoformat()
+
+    return data

lemur/common/utils.py

@@ -41,3 +41,14 @@ def parse_certificate(body):
             return x509.load_pem_x509_certificate(body, default_backend())
         return x509.load_pem_x509_certificate(bytes(body, 'utf8'), default_backend())
     return x509.load_pem_x509_certificate(body.encode('utf-8'), default_backend())
+
+
+def is_weekend(date):
+    """
+    Determines if a given date is on a weekend.
+
+    :param date:
+    :return:
+    """
+    if date.weekday() > 5:
+        return True

lemur/common/validators.py

@@ -1,16 +1,14 @@
-
-import arrow
 import re
-from flask import current_app
-from marshmallow.exceptions import ValidationError
 
+from flask import current_app
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import serialization
+from marshmallow.exceptions import ValidationError
 
-from lemur.common.utils import parse_certificate
-from lemur.domains import service as domain_service
 from lemur.auth.permissions import SensitiveDomainPermission
+from lemur.common.utils import parse_certificate, is_weekend
+from lemur.domains import service as domain_service
 
 
 def public_certificate(body):
@@ -102,6 +100,10 @@ def dates(data):
         raise ValidationError('If validity end is specified so must validity start.')
 
     if data.get('validity_start') and data.get('validity_end'):
+        if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
+            if is_weekend(data.get('validity_end')):
+                raise ValidationError('Validity end must not land on a weekend.')
+
         if not data['validity_start'] < data['validity_end']:
             raise ValidationError('Validity start must be before validity end.')
 
@@ -112,13 +114,4 @@ def dates(data):
             if data.get('validity_end').replace(hour=0, minute=0, second=0, tzinfo=None) > data['authority'].authority_certificate.not_after.replace(hour=0, minute=0, second=0):
                 raise ValidationError('Validity end must not be after {0}'.format(data['authority'].authority_certificate.not_after))
 
-    if data.get('validity_years'):
-        now = arrow.utcnow()
-        end = now.replace(years=+data['validity_years'])
-
-        if data.get('authority'):
-            if now.naive < data['authority'].authority_certificate.not_before:
-                raise ValidationError('Validity start must not be before {0}'.format(data['authority'].authority_certificate.not_before))
-
-            if end.naive > data['authority'].authority_certificate.not_after:
-                raise ValidationError('Validity end must not be after {0}'.format(data['authority'].authority_certificate.not_after))
+    return data