1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

Expose certificate and CRL lifetime via session API call

This commit is contained in:
Lauri Võsandi 2016-03-29 15:43:34 +03:00
parent d8f1e36ecf
commit 09a67718ab
3 changed files with 16 additions and 1 deletions

View File

@ -67,6 +67,10 @@ class SessionResource(object):
autosign_subnets = config.AUTOSIGN_SUBNETS, autosign_subnets = config.AUTOSIGN_SUBNETS,
request_subnets = config.REQUEST_SUBNETS, request_subnets = config.REQUEST_SUBNETS,
admin_subnets=config.ADMIN_SUBNETS, admin_subnets=config.ADMIN_SUBNETS,
signature = dict(
certificate_lifetime=config.CERTIFICATE_LIFETIME,
revocation_list_lifetime=config.REVOCATION_LIST_LIFETIME
)
) if req.context.get("user").is_admin() else None, ) if req.context.get("user").is_admin() else None,
features=dict( features=dict(
tagging=config.TAGGING_BACKEND, tagging=config.TAGGING_BACKEND,

View File

@ -484,7 +484,11 @@ else {
output += "\n E-mail disabled\n"; output += "\n E-mail disabled\n";
; ;
} }
output += "</p>\n\n<p>Authenticated users allowed from:\n\n"; output += "</p>\n\n<p>Web signed certificate attributes:</p>\n\n<ul>\n <li>Certificate lifetime: ";
output += runtime.suppressValue(runtime.memberLookup((runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"signature")),"certificate_lifetime"), env.opts.autoescape);
output += " days</li>\n <li>Revocation list lifetime: ";
output += runtime.suppressValue(runtime.memberLookup((runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"signature")),"revocation_list_lifetime"), env.opts.autoescape);
output += " seconds</li>\n</ul>\n\n<p>Authenticated users allowed from:\n\n";
if(runtime.inOperator("0.0.0.0/0",runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"user_subnets"))) { if(runtime.inOperator("0.0.0.0/0",runtime.memberLookup((runtime.memberLookup((runtime.contextOrFrameLookup(context, frame, "session")),"authority")),"user_subnets"))) {
output += "\n anywhere\n </p>\n"; output += "\n anywhere\n </p>\n";
; ;

View File

@ -29,6 +29,13 @@ as such require complete reset of X509 infrastructure if some of them needs to b
E-mail disabled E-mail disabled
{% endif %}</p> {% endif %}</p>
<p>Web signed certificate attributes:</p>
<ul>
<li>Certificate lifetime: {{ session.authority.signature.certificate_lifetime }} days</li>
<li>Revocation list lifetime: {{ session.authority.signature.revocation_list_lifetime }} seconds</li>
</ul>
<p>Authenticated users allowed from: <p>Authenticated users allowed from:
{% if "0.0.0.0/0" in session.authority.user_subnets %} {% if "0.0.0.0/0" in session.authority.user_subnets %}