def get_certificates(exclude=None):
"""
Finds all certificates that are eligible for notifications.
:param exclude:
:return:
"""
now = arrow.utcnow()
max = now + timedelta(days=90)
q = database.db.session.query(Certificate) \
.filter(Certificate.not_after <= max) \
.filter(Certificate.notify == True) \
.filter(Certificate.expired == False) # noqa
exclude_conditions = []
if exclude:
for e in exclude:
exclude_conditions.append(~Certificate.name.ilike('%{}%'.format(e)))
q = q.filter(and_(*exclude_conditions))
certs = []
for c in windowed_query(q, Certificate.id, 100):
if needs_notification(c):
certs.append(c)
return certs
def get_expiring_authority_certificates():
"""
Finds all certificate authority certificates that are eligible for expiration notifications.
:return:
"""
now = arrow.utcnow()
authority_expiration_intervals = current_app.config.get(
"LEMUR_AUTHORITY_CERT_EXPIRATION_EMAIL_INTERVALS", [365, 180])
max_not_after = now + timedelta(days=max(authority_expiration_intervals) +
1)
q = (database.db.session.query(Certificate).filter(
Certificate.not_after < max_not_after).filter(
Certificate.notify == true()).filter(
Certificate.expired == false()).filter(
Certificate.revoked == false()).filter(
Certificate.root_authority_id.isnot(None)).filter(
Certificate.authority_id.is_(None)))
certs = []
for c in windowed_query(q, Certificate.id, 10000):
days_remaining = (c.not_after - now).days
if days_remaining in authority_expiration_intervals:
certs.append(c)
return certs
def get_certificates_for_security_summary_email(exclude=None):
"""
Finds all certificates that are eligible for expiration notifications for the security expiration summary.
:param exclude:
:return:
"""
now = arrow.utcnow()
threshold_days = current_app.config.get(
"LEMUR_EXPIRATION_SUMMARY_EMAIL_THRESHOLD_DAYS", 14)
max_not_after = now + timedelta(days=threshold_days + 1)
q = (database.db.session.query(Certificate).filter(
Certificate.not_after <= max_not_after).filter(
Certificate.notify == true()).filter(
Certificate.expired == false()).filter(
Certificate.revoked == false()))
exclude_conditions = []
if exclude:
for e in exclude:
exclude_conditions.append(
~Certificate.name.ilike("%{}%".format(e)))
q = q.filter(and_(*exclude_conditions))
certs = []
for c in windowed_query(q, Certificate.id, 10000):
days_remaining = (c.not_after - now).days
if days_remaining <= threshold_days:
certs.append(c)
return certs
def get_certificates(exclude=None):
"""
Finds all certificates that are eligible for expiration notifications.
:param exclude:
:return:
"""
now = arrow.utcnow()
max = now + timedelta(days=90)
q = (database.db.session.query(Certificate).filter(
Certificate.not_after <= max).filter(
Certificate.notify == true()).filter(
Certificate.expired == false()).filter(
Certificate.revoked == false()))
exclude_conditions = []
if exclude:
for e in exclude:
exclude_conditions.append(
~Certificate.name.ilike("%{}%".format(e)))
q = q.filter(and_(*exclude_conditions))
certs = []
for c in windowed_query(q, Certificate.id, 10000):
if needs_notification(c):
certs.append(c)
return certs
def get_certs_for_expiring_deployed_cert_check(exclude_domains,
exclude_owners):
threshold_days = current_app.config.get(
"LEMUR_EXPIRING_DEPLOYED_CERT_THRESHOLD_DAYS", 14)
max_not_after = arrow.utcnow().shift(
days=+threshold_days).format("YYYY-MM-DD")
q = (database.db.session.query(Certificate).filter(
Certificate.not_after <= max_not_after).filter(
Certificate.expired == false()).filter(
Certificate.revoked == false()).filter(
Certificate.in_rotation_window == true()))
exclude_conditions = []
if exclude_domains:
for e in exclude_domains:
exclude_conditions.append(
~Certificate.name.ilike("%{}%".format(e)))
q = q.filter(and_(*exclude_conditions))
if exclude_owners:
for e in exclude_owners:
exclude_conditions.append(~Certificate.owner.ilike("{}".format(e)))
q = q.filter(and_(*exclude_conditions))
return windowed_query(q, Certificate.id, 10000)
def get_certificates():
"""
Finds all certificates that are eligible for notifications.
:return:
"""
now = arrow.utcnow()
max = now + timedelta(days=90)
q = database.db.session.query(Certificate) \
.filter(Certificate.not_after <= max) \
.filter(Certificate.notify == True) \
.filter(Certificate.expired == False) # noqa
certs = []
for c in windowed_query(q, Certificate.id, 100):
if needs_notification(c):
certs.append(c)
return certs