Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Splitting out the default date issuance logic for CIS and CC. CIS assumes years is converted to validity_end while CC prefers validity_years over validity_end. (#784)

This commit is contained in:
kevgliss 2017-05-10 12:05:03 -07:00 committed by GitHub
parent 7257e791ff
commit ecf00fe9d6
2 changed files with 39 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
lemur/plugins/lemur_digicert/plugin.py
View File

@ -83,26 +83,6 @@ def determine_validity_years(end_date):
" years in validity") " years in validity")
def get_issuance(options):
"""Get the time range for certificates.
:param options:
:return:
"""
validity_years = options.get('validity_years')
if validity_years:
options['validity_end'] = None
return options
else:
if not options.get('validity_end'):
options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
options['validity_years'] = determine_validity_years(options['validity_end'])
return options
def get_additional_names(options): def get_additional_names(options):
""" """
Return a list of strings to be added to a SAN certificates. Return a list of strings to be added to a SAN certificates.
@ -126,7 +106,9 @@ def map_fields(options, csr):
:param csr: :param csr:
:return: dict or valid DigiCert options :return: dict or valid DigiCert options
""" """
options = get_issuance(options) if not options.get('validity_years'):
if not options.get('validity_end'):
options['validity_years'] = current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1)
data = dict(certificate={ data = dict(certificate={
"common_name": options['common_name'], "common_name": options['common_name'],
@ -139,11 +121,11 @@ def map_fields(options, csr):
data['certificate']['dns_names'] = get_additional_names(options) data['certificate']['dns_names'] = get_additional_names(options)
if options.get('validity_end'): if options.get('validity_years'):
data['validity_years'] = options['validity_years']
else:
data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD') data['custom_expiration_date'] = options['validity_end'].format('YYYY-MM-DD')
data['validity_years'] = options.get('validity_years')
return data return data
@ -155,7 +137,13 @@ def map_cis_fields(options, csr):
:param csr: :param csr:
:return: :return:
""" """
options = get_issuance(options) if not options.get('validity_years'):
if not options.get('validity_end'):
options['validity_end'] = arrow.utcnow().replace(years=current_app.config.get('DIGICERT_DEFAULT_VALIDITY', 1))
options['validity_years'] = determine_validity_years(options['validity_end'])
else:
options['validity_end'] = arrow.utcnow().replace(years=options['validity_years'])
data = { data = {
"profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'), "profile_name": current_app.config.get('DIGICERT_CIS_PROFILE_NAME'),
"common_name": options['common_name'], "common_name": options['common_name'],

53
lemur/plugins/lemur_digicert/tests/test_digicert.py
View File

@ -36,8 +36,7 @@ def test_map_fields_with_validity_end_and_start(app):
'signature_hash': 'sha256' 'signature_hash': 'sha256'
}, },
'organization': {'id': 111111}, 'organization': {'id': 111111},
'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD'), 'custom_expiration_date': arrow.get(2017, 5, 7).format('YYYY-MM-DD')
'validity_years': 1
} }
@ -107,35 +106,35 @@ def test_map_cis_fields(app):
'profile_name': None 'profile_name': None
} }
options = {
def test_issuance(): 'common_name': 'example.com',
from lemur.plugins.lemur_digicert.plugin import get_issuance 'owner': 'bob@example.com',
'description': 'test certificate',
'extensions': {
'sub_alt_names': {
'names': [x509.DNSName(x) for x in names]
}
},
'organization': 'Example, Inc.',
'organizational_unit': 'Example Org',
'validity_years': 2
}
with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime): with freeze_time(time_to_freeze=arrow.get(2016, 11, 3).datetime):
options = { data = map_cis_fields(options, CSR_STR)
'validity_end': arrow.get(2018, 5, 7),
'validity_start': arrow.get(2016, 10, 30) assert data == {
'common_name': 'example.com',
'csr': CSR_STR,
'additional_dns_names': names,
'signature_hash': 'sha256',
'organization': {'name': 'Example, Inc.', 'units': ['Example Org']},
'validity': {
'valid_to': arrow.get(2018, 11, 3).format('YYYY-MM-DD')
},
'profile_name': None
} }
new_options = get_issuance(options)
assert new_options['validity_years'] == 2
options = {
'validity_end': arrow.get(2017, 5, 7),
'validity_start': arrow.get(2016, 10, 30)
}
new_options = get_issuance(options)
assert new_options['validity_years'] == 1
options = {
'validity_end': arrow.get(2020, 5, 7),
'validity_start': arrow.get(2016, 10, 30)
}
with pytest.raises(Exception):
period = get_issuance(options)
def test_signature_hash(app): def test_signature_hash(app):
from lemur.plugins.lemur_digicert.plugin import signature_hash from lemur.plugins.lemur_digicert.plugin import signature_hash