From 09a67718abfa6fdc17c99ffc6840c30780775526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?=
Date: Tue, 29 Mar 2016 15:43:34 +0300
Subject: [PATCH] Expose certificate and CRL lifetime via session API call
---
certidude/api/__init__.py | 4 ++++
certidude/static/js/templates.js | 6 +++++-
certidude/static/views/authority.html | 7 +++++++
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/certidude/api/__init__.py b/certidude/api/__init__.py
index 923ca65..52a5f71 100644
--- a/certidude/api/__init__.py
+++ b/certidude/api/__init__.py
@@ -67,6 +67,10 @@ class SessionResource(object):
autosign_subnets = config.AUTOSIGN_SUBNETS,
request_subnets = config.REQUEST_SUBNETS,
admin_subnets=config.ADMIN_SUBNETS,
+ signature = dict(
+ certificate_lifetime=config.CERTIFICATE_LIFETIME,
+ revocation_list_lifetime=config.REVOCATION_LIST_LIFETIME
+ )
) if req.context.get("user").is_admin() else None,
features=dict(
tagging=config.TAGGING_BACKEND,
diff --git a/certidude/static/js/templates.js b/certidude/static/js/templates.js
index 918cdfe..b92d034 100644
--- a/certidude/static/js/templates.js
+++ b/certidude/static/js/templates.js
@@ -484,7 +484,11 @@ else {
output += "\n E-mail disabled\n";
;
}
-output += "
\n\nAuthenticated users allowed from:\n\n";
+output += "
\n\nWeb signed certificate attributes:
\n\n\n - Certificate lifetime: ";
+output += runtime.suppressValue(runtime.memberLookup((runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"signature")),"certificate_lifetime"), env.opts.autoescape);
+output += " days
\n - Revocation list lifetime: ";
+output += runtime.suppressValue(runtime.memberLookup((runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"signature")),"revocation_list_lifetime"), env.opts.autoescape);
+output += " seconds
\n
\n\nAuthenticated users allowed from:\n\n";
if(runtime.inOperator("0.0.0.0/0",runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"user_subnets"))) {
output += "\n anywhere\n
\n";
;
diff --git a/certidude/static/views/authority.html b/certidude/static/views/authority.html
index 05bb553..28a30bd 100644
--- a/certidude/static/views/authority.html
+++ b/certidude/static/views/authority.html
@@ -29,6 +29,13 @@ as such require complete reset of X509 infrastructure if some of them needs to b
E-mail disabled
{% endif %}
+Web signed certificate attributes:
+
+
+ - Certificate lifetime: {{ session.authority.signature.certificate_lifetime }} days
+ - Revocation list lifetime: {{ session.authority.signature.revocation_list_lifetime }} seconds
+
+
Authenticated users allowed from:
{% if "0.0.0.0/0" in session.authority.user_subnets %}