serverless-ca · paulschwarzenberger · May 15, 2024 · May 14, 2024
@@ -93,7 +93,7 @@ def is_invalid_certificate_request(ca_name, common_name, lifetime, force_issue):
     if not force_issue and not db_issue_certificate(common_name):
         return {"error": "Certificate already issued"}
 
-    if int(lifetime) < 1:
+    if lifetime < 1:
         return {"error": f"{lifetime} is too short"}
 
     return None
@@ -133,14 +133,15 @@ def get_csr_info(event):
     common_name = event["common_name"]  # string, DNS common name, also used for certificate SAN if no SANs provided
     country = event.get("country")  # string, country code
     email_address = event.get("email_address")  # string, email address
+    lifetime = event.get("lifetime", 30)  # integer, days until certificate expires. Defaults to 30.
     locality = event.get("locality")  # string, location
     organization = event.get("organization")  # string, organization name
     organizational_unit = event.get("organizational_unit")  # string, organizational unit name
     purposes = event.get("purposes")  # list of strings, e.g. ["client_auth", "server_auth"]
     sans = event.get("sans")  # list of strings, DNS Subject Alternative Names
 
     return create_csr_info_1(common_name, locality, organization, organizational_unit, country), create_csr_info_2(
-        30, email_address, purposes, sans
+        int(lifetime), email_address, purposes, sans
     )
 
 
@@ -152,14 +153,10 @@ def lambda_handler(event, context):  # pylint:disable=unused-argument, too-many-
     # process input
     print(f"Input: {event}")
 
-    # integer, days until certificate expires, defaults to 30
-    lifetime = 30
-    if "lifetime" in event:
-        lifetime = int(event.get("lifetime"))
-
     csr_info_1, csr_info_2 = get_csr_info(event)
 
     common_name = csr_info_1["commonName"]
+    lifetime = csr_info_2.get("lifetime")  # integer, days until certificate expires
     csr_file = event.get("csr_file")  # string, reference to static file
     force_issue = event.get("force_issue")  # boolean, force certificate generation even if one already exists
     cert_bundle = event.get("cert_bundle")  # boolean, include Root CA and Issuing CA with client certificate