added several enhancements following advice from peer

2020-09-14 16:24:53 +02:00 · 2020-09-14 16:24:53 +02:00 · e011cc9251
parent 9778eb7b25
commit e011cc9251
1 changed files with 21 additions and 11 deletions
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -19,6 +19,21 @@ def log_status_code(r, *args, **kwargs):
    """
    metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1)
 def determine_end_date(end_date):
    """
    Determine appropriate end date
    :param end_date:
    :return: validity_end
    """
    #ENTRUST only allows 13 months of max certificate duration
    max_validity_end = arrow.utcnow().shift(years=1, months=+1).format('YYYY-MM-DD')
    if not end_date:
        end_date = max_validity_end 
    if end_date > max_validity_end:
        end_date = max_validity_end
    return end_date
 def process_options(options):
    """
@ -33,7 +48,11 @@ def process_options(options):
    # else default to "STANDARD_SSL"
    authority = options.get("authority").name.upper()
    product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL")
-    expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD')
+
    if options.get("validity_end"):
        validity_end = determine_end_date(options.get("validity_end"))
    else:
        validity_end = determine_end_date(False)
    tracking_data = {
        "requesterName": current_app.config.get("ENTRUST_NAME"),
@ -45,7 +64,7 @@ def process_options(options):
        "signingAlg": "SHA-2",
        "eku": "SERVER_AND_CLIENT_AUTH",
        "certType": product_type,
-        "certExpiryDate": expiry_date,
+        "certExpiryDate": validity_end,
        "tracking": tracking_data
    }
    return data
@ -197,15 +216,6 @@ class EntrustSourcePlugin(SourcePlugin):
    author = "sirferl"
    author_url = "https://github.com/sirferl/lemur"
    options = [
        {
            "name": "dummy",
            "type": "str",
            "required": False,
            "validation": "/^[0-9]{12,12}$/",
            "helpMessage": "Just to prevent error",
        }
    ]
    def get_certificates(self, options, **kwargs):
        # Not needed for ENTRUST