Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. (#784)

lemur/plugins/lemur_digicert/plugin.py

@@ -83,26 +83,6 @@ def determine_validity_years(end_date):
                     " years in validity")
 
 
-def get_issuance(options):
-    """Get the time range for certificates.
-
-    :param options:
-    :return:
-    """
-
-    validity_years = options.get('validity_years')
-
-    if validity_years:
-        options['validity_end'] = None
-        return options
-    else:
-        if not options.get('validity_end'):
-            options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
-
-        options['validity_years'] = determine_validity_years(options['validity_end'])
-        return options
-
-
 def get_additional_names(options):
     """
     Return a list of strings to be added to a SAN certificates.
@@ -126,7 +106,9 @@ def map_fields(options, csr):
     :param csr:
     :return: dict or valid DigiCert options
     """
-    options = get_issuance(options)
+    if not options.get('validity_years'):
+        if not options.get('validity_end'):
+            options['validity_years'] = current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)
 
     data = dict(certificate={
         "common_name": options['common_name'],
@@ -139,11 +121,11 @@ def map_fields(options, csr):
 
     data['certificate']['dns_names'] = get_additional_names(options)
 
-    if options.get('validity_end'):
+    if options.get('validity_years'):
+        data['validity_years'] = options['validity_years']
+    else:
         data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD')
 
-    data['validity_years'] = options.get('validity_years')
-
     return data
 
 
@@ -155,7 +137,13 @@ def map_cis_fields(options, csr):
     :param csr:
     :return:
     """
-    options = get_issuance(options)
+    if not options.get('validity_years'):
+        if not options.get('validity_end'):
+            options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
+        options['validity_years'] = determine_validity_years(options['validity_end'])
+    else:
+        options['validity_end'] = arrow.utcnow().replace(years=options['validity_years'])
+
     data = {
         "profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'),
         "common_name": options['common_name'],

lemur/plugins/lemur_digicert/tests/test_digicert.py

@@ -36,8 +36,7 @@ def test_map_fields_with_validity_end_and_start(app):
             'signature_hash': 'sha256'
         },
         'organization': {'id': 111111},
-        'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD'),
-        'validity_years': 1
+        'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
     }
 
 
@@ -107,35 +106,35 @@ def test_map_cis_fields(app):
         'profile_name': None
     }
 
-
-def test_issuance():
-    from lemur.plugins.lemur_digicert.plugin import get_issuance
+    options = {
+        'common_name': 'example.com',
+        'owner': 'bob@example.com',
+        'description': 'test certificate',
+        'extensions': {
+            'sub_alt_names': {
+                'names': [x509.DNSName(x) for x in names]
+            }
+        },
+        'organization': 'Example, Inc.',
+        'organizational_unit': 'Example Org',
+        'validity_years': 2
+    }
 
     with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime):
-        options = {
-            'validity_end': arrow.get(2018, 5, 7),
-            'validity_start': arrow.get(2016, 10, 30)
+        data = map_cis_fields(options, CSR_STR)
+
+        assert data == {
+            'common_name': 'example.com',
+            'csr': CSR_STR,
+            'additional_dns_names': names,
+            'signature_hash': 'sha256',
+            'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
+            'validity': {
+                'valid_to': arrow.get(2018, 11, 3).format('YYYY-MM-DD')
+            },
+            'profile_name': None
         }
 
-        new_options = get_issuance(options)
-        assert new_options['validity_years'] == 2
-
-        options = {
-            'validity_end': arrow.get(2017, 5, 7),
-            'validity_start': arrow.get(2016, 10, 30)
-        }
-
-        new_options = get_issuance(options)
-        assert new_options['validity_years'] == 1
-
-        options = {
-            'validity_end': arrow.get(2020, 5, 7),
-            'validity_start': arrow.get(2016, 10, 30)
-        }
-
-        with pytest.raises(Exception):
-            period = get_issuance(options)
-
 
 def test_signature_hash(app):
     from lemur.plugins.lemur_digicert.plugin import signature_hash