added several enhancements following advice from peer

2020-09-14 16:24:53 +02:00 · 2020-09-14 16:24:53 +02:00 · e011cc9251
parent 9778eb7b25
commit e011cc9251
1 changed files with 21 additions and 11 deletions
--- a/lemur/plugins/lemur_entrust/plugin.py
+++ b/lemur/plugins/lemur_entrust/plugin.py
@ -19,6 +19,21 @@ def log_status_code(r, *args, **kwargs):
    """
    metrics.send("ENTRUST_status_code_{}".format(r.status_code), "counter", 1)

+def determine_end_date(end_date):
+    """
+    Determine appropriate end date
+    :param end_date:
+    :return: validity_end
+    """
+    #ENTRUST only allows 13 months of max certificate duration
+    max_validity_end = arrow.utcnow().shift(years=1, months=+1).format('YYYY-MM-DD')
+
+    if not end_date:
+        end_date = max_validity_end 
+
+    if end_date > max_validity_end:
+        end_date = max_validity_end
+    return end_date

 def process_options(options):
    """
@ -33,7 +48,11 @@ def process_options(options):
    # else default to "STANDARD_SSL"
    authority = options.get("authority").name.upper()
    product_type = current_app.config.get("ENTRUST_PRODUCT_{0}".format(authority), "STANDARD_SSL")
-    expiry_date = arrow.utcnow().shift(years=1, days=+10).format('YYYY-MM-DD')
+
+    if options.get("validity_end"):
+        validity_end = determine_end_date(options.get("validity_end"))
+    else:
+        validity_end = determine_end_date(False)

    tracking_data = {
        "requesterName": current_app.config.get("ENTRUST_NAME"),
@ -45,7 +64,7 @@ def process_options(options):
        "signingAlg": "SHA-2",
        "eku": "SERVER_AND_CLIENT_AUTH",
        "certType": product_type,
-        "certExpiryDate": expiry_date,
+        "certExpiryDate": validity_end,
        "tracking": tracking_data
    }
    return data
@ -197,15 +216,6 @@ class EntrustSourcePlugin(SourcePlugin):

    author = "sirferl"
    author_url = "https://github.com/sirferl/lemur"
-    options = [
-        {
-            "name": "dummy",
-            "type": "str",
-            "required": False,
-            "validation": "/^[0-9]{12,12}$/",
-            "helpMessage": "Just to prevent error",
-        }
-    ]

    def get_certificates(self, options, **kwargs):
        # Not needed for ENTRUST