From ecf00fe9d6b892c20133695b56e819b6d0f29558 Mon Sep 17 00:00:00 2001 From: kevgliss Date: Wed, 10 May 2017 12:05:03 -0700 Subject: [PATCH] Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. (#784) --- lemur/plugins/lemur_digicert/plugin.py | 38 +++++-------- .../lemur_digicert/tests/test_digicert.py | 53 +++++++++---------- 2 files changed, 39 insertions(+), 52 deletions(-) diff --git a/lemur/plugins/lemur_digicert/plugin.py b/lemur/plugins/lemur_digicert/plugin.py index 0c81e76f..54d0950e 100644 --- a/lemur/plugins/lemur_digicert/plugin.py +++ b/lemur/plugins/lemur_digicert/plugin.py @@ -83,26 +83,6 @@ def determine_validity_years(end_date): " years in validity") -def get_issuance(options): - """Get the time range for certificates. - - :param options: - :return: - """ - - validity_years = options.get('validity_years') - - if validity_years: - options['validity_end'] = None - return options - else: - if not options.get('validity_end'): - options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)) - - options['validity_years'] = determine_validity_years(options['validity_end']) - return options - - def get_additional_names(options): """ Return a list of strings to be added to a SAN certificates. @@ -126,7 +106,9 @@ def map_fields(options, csr): :param csr: :return: dict or valid DigiCert options """ - options = get_issuance(options) + if not options.get('validity_years'): + if not options.get('validity_end'): + options['validity_years'] = current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1) data = dict(certificate={ "common_name": options['common_name'], @@ -139,11 +121,11 @@ def map_fields(options, csr): data['certificate']['dns_names'] = get_additional_names(options) - if options.get('validity_end'): + if options.get('validity_years'): + data['validity_years'] = options['validity_years'] + else: data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD') - data['validity_years'] = options.get('validity_years') - return data @@ -155,7 +137,13 @@ def map_cis_fields(options, csr): :param csr: :return: """ - options = get_issuance(options) + if not options.get('validity_years'): + if not options.get('validity_end'): + options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)) + options['validity_years'] = determine_validity_years(options['validity_end']) + else: + options['validity_end'] = arrow.utcnow().replace(years=options['validity_years']) + data = { "profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'), "common_name": options['common_name'], diff --git a/lemur/plugins/lemur_digicert/tests/test_digicert.py b/lemur/plugins/lemur_digicert/tests/test_digicert.py index 39c87c05..9719c4bf 100644 --- a/lemur/plugins/lemur_digicert/tests/test_digicert.py +++ b/lemur/plugins/lemur_digicert/tests/test_digicert.py @@ -36,8 +36,7 @@ def test_map_fields_with_validity_end_and_start(app): 'signature_hash': 'sha256' }, 'organization': {'id': 111111}, - 'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD'), - 'validity_years': 1 + 'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD') } @@ -107,35 +106,35 @@ def test_map_cis_fields(app): 'profile_name': None } - -def test_issuance(): - from lemur.plugins.lemur_digicert.plugin import get_issuance + options = { + 'common_name': 'example.com', + 'owner': 'bob@example.com', + 'description': 'test certificate', + 'extensions': { + 'sub_alt_names': { + 'names': [x509.DNSName(x) for x in names] + } + }, + 'organization': 'Example, Inc.', + 'organizational_unit': 'Example Org', + 'validity_years': 2 + } with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime): - options = { - 'validity_end': arrow.get(2018, 5, 7), - 'validity_start': arrow.get(2016, 10, 30) + data = map_cis_fields(options, CSR_STR) + + assert data == { + 'common_name': 'example.com', + 'csr': CSR_STR, + 'additional_dns_names': names, + 'signature_hash': 'sha256', + 'organization': {'name': 'Example, Inc.', 'units': ['Example Org']}, + 'validity': { + 'valid_to': arrow.get(2018, 11, 3).format('YYYY-MM-DD') + }, + 'profile_name': None } - new_options = get_issuance(options) - assert new_options['validity_years'] == 2 - - options = { - 'validity_end': arrow.get(2017, 5, 7), - 'validity_start': arrow.get(2016, 10, 30) - } - - new_options = get_issuance(options) - assert new_options['validity_years'] == 1 - - options = { - 'validity_end': arrow.get(2020, 5, 7), - 'validity_start': arrow.get(2016, 10, 30) - } - - with pytest.raises(Exception): - period = get_issuance(options) - def test_signature_hash(app): from lemur.plugins.lemur_digicert.plugin import signature_hash