Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adds option to restrict certificate expiration dates to weekdays. (#453)

Browse Source 
* Adding ability to restrict certificate creation to weekdays.

* Ensuring that we test for weekends.
This commit is contained in:
kevgliss
2016-10-15 00:04:35 -07:00
committed by GitHub
parent 1b861baf0a
commit dcb18a57c4
11 changed files with 97 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lemur/common/validators.py
View File

@ -1,16 +1,14 @@
import arrow
import re
from flask import current_app
from marshmallow.exceptions import ValidationError
from flask import current_app
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from marshmallow.exceptions import ValidationError
from lemur.common.utils import parse_certificate
from lemur.domains import service as domain_service
from lemur.auth.permissions import SensitiveDomainPermission
from lemur.common.utils import parse_certificate, is_weekend
from lemur.domains import service as domain_service
def public_certificate(body):
@ -102,6 +100,10 @@ def dates(data):
raise ValidationError('If validity end is specified so must validity start.')
if data.get('validity_start') and data.get('validity_end'):
if not current_app.config.get('LEMUR_ALLOW_WEEKEND_EXPIRATION', True):
if is_weekend(data.get('validity_end')):
raise ValidationError('Validity end must not land on a weekend.')
if not data['validity_start'] < data['validity_end']:
raise ValidationError('Validity start must be before validity end.')
@ -112,13 +114,4 @@ def dates(data):
if data.get('validity_end').replace(hour=0, minute=0, second=0, tzinfo=None) > data['authority'].authority_certificate.not_after.replace(hour=0, minute=0, second=0):
raise ValidationError('Validity end must not be after {0}'.format(data['authority'].authority_certificate.not_after))
if data.get('validity_years'):
now = arrow.utcnow()
end = now.replace(years=+data['validity_years'])
if data.get('authority'):
if now.naive < data['authority'].authority_certificate.not_before:
raise ValidationError('Validity start must not be before {0}'.format(data['authority'].authority_certificate.not_before))
if end.naive > data['authority'].authority_certificate.not_after:
raise ValidationError('Validity end must not be after {0}'.format(data['authority'].authority_certificate.not_after))
return data