Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. (#784)
This commit is contained in:
parent
7257e791ff
commit
ecf00fe9d6
@ -83,26 +83,6 @@ def determine_validity_years(end_date):
|
||||
" years in validity")
|
||||
|
||||
|
||||
def get_issuance(options):
|
||||
"""Get the time range for certificates.
|
||||
|
||||
:param options:
|
||||
:return:
|
||||
"""
|
||||
|
||||
validity_years = options.get('validity_years')
|
||||
|
||||
if validity_years:
|
||||
options['validity_end'] = None
|
||||
return options
|
||||
else:
|
||||
if not options.get('validity_end'):
|
||||
options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
|
||||
|
||||
options['validity_years'] = determine_validity_years(options['validity_end'])
|
||||
return options
|
||||
|
||||
|
||||
def get_additional_names(options):
|
||||
"""
|
||||
Return a list of strings to be added to a SAN certificates.
|
||||
@ -126,7 +106,9 @@ def map_fields(options, csr):
|
||||
:param csr:
|
||||
:return: dict or valid DigiCert options
|
||||
"""
|
||||
options = get_issuance(options)
|
||||
if not options.get('validity_years'):
|
||||
if not options.get('validity_end'):
|
||||
options['validity_years'] = current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)
|
||||
|
||||
data = dict(certificate={
|
||||
"common_name": options['common_name'],
|
||||
@ -139,11 +121,11 @@ def map_fields(options, csr):
|
||||
|
||||
data['certificate']['dns_names'] = get_additional_names(options)
|
||||
|
||||
if options.get('validity_end'):
|
||||
if options.get('validity_years'):
|
||||
data['validity_years'] = options['validity_years']
|
||||
else:
|
||||
data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD')
|
||||
|
||||
data['validity_years'] = options.get('validity_years')
|
||||
|
||||
return data
|
||||
|
||||
|
||||
@ -155,7 +137,13 @@ def map_cis_fields(options, csr):
|
||||
:param csr:
|
||||
:return:
|
||||
"""
|
||||
options = get_issuance(options)
|
||||
if not options.get('validity_years'):
|
||||
if not options.get('validity_end'):
|
||||
options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
|
||||
options['validity_years'] = determine_validity_years(options['validity_end'])
|
||||
else:
|
||||
options['validity_end'] = arrow.utcnow().replace(years=options['validity_years'])
|
||||
|
||||
data = {
|
||||
"profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'),
|
||||
"common_name": options['common_name'],
|
||||
|
@ -36,8 +36,7 @@ def test_map_fields_with_validity_end_and_start(app):
|
||||
'signature_hash': 'sha256'
|
||||
},
|
||||
'organization': {'id': 111111},
|
||||
'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD'),
|
||||
'validity_years': 1
|
||||
'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
|
||||
}
|
||||
|
||||
|
||||
@ -107,35 +106,35 @@ def test_map_cis_fields(app):
|
||||
'profile_name': None
|
||||
}
|
||||
|
||||
|
||||
def test_issuance():
|
||||
from lemur.plugins.lemur_digicert.plugin import get_issuance
|
||||
options = {
|
||||
'common_name': 'example.com',
|
||||
'owner': 'bob@example.com',
|
||||
'description': 'test certificate',
|
||||
'extensions': {
|
||||
'sub_alt_names': {
|
||||
'names': [x509.DNSName(x) for x in names]
|
||||
}
|
||||
},
|
||||
'organization': 'Example, Inc.',
|
||||
'organizational_unit': 'Example Org',
|
||||
'validity_years': 2
|
||||
}
|
||||
|
||||
with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime):
|
||||
options = {
|
||||
'validity_end': arrow.get(2018, 5, 7),
|
||||
'validity_start': arrow.get(2016, 10, 30)
|
||||
data = map_cis_fields(options, CSR_STR)
|
||||
|
||||
assert data == {
|
||||
'common_name': 'example.com',
|
||||
'csr': CSR_STR,
|
||||
'additional_dns_names': names,
|
||||
'signature_hash': 'sha256',
|
||||
'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
|
||||
'validity': {
|
||||
'valid_to': arrow.get(2018, 11, 3).format('YYYY-MM-DD')
|
||||
},
|
||||
'profile_name': None
|
||||
}
|
||||
|
||||
new_options = get_issuance(options)
|
||||
assert new_options['validity_years'] == 2
|
||||
|
||||
options = {
|
||||
'validity_end': arrow.get(2017, 5, 7),
|
||||
'validity_start': arrow.get(2016, 10, 30)
|
||||
}
|
||||
|
||||
new_options = get_issuance(options)
|
||||
assert new_options['validity_years'] == 1
|
||||
|
||||
options = {
|
||||
'validity_end': arrow.get(2020, 5, 7),
|
||||
'validity_start': arrow.get(2016, 10, 30)
|
||||
}
|
||||
|
||||
with pytest.raises(Exception):
|
||||
period = get_issuance(options)
|
||||
|
||||
|
||||
def test_signature_hash(app):
|
||||
from lemur.plugins.lemur_digicert.plugin import signature_hash
|
||||
|
Loading…
Reference in New Issue
Block a user