Skip to content

fix: add not-before and not-after check in sign CSR#5342

Merged
sheensantoscapadngan merged 1 commit intomainfrom
misc/add-not-before-and-not-after-check-in-sign-cert
Feb 2, 2026
Merged

fix: add not-before and not-after check in sign CSR#5342
sheensantoscapadngan merged 1 commit intomainfrom
misc/add-not-before-and-not-after-check-in-sign-cert

Conversation

@sheensantoscapadngan
Copy link
Member

@sheensantoscapadngan sheensantoscapadngan commented Feb 2, 2026
edited
Loading

Context

This ensures that not after and not before values are validated against the certificate policy during for sign certificate from profile flow

Screenshots

Steps to verify the change

Type

  • Fix
  • Feature
  • Improvement
  • Breaking
  • Docs
  • Chore

Checklist

  • Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
  • Tested locally
  • Updated docs (if needed)
  • Read the contributing guide

@maidul98
Copy link
Collaborator

maidul98 commented Feb 2, 2026

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sheensantoscapadngan sheensantoscapadngan changed the title misc: add not-before and not-after check in sign CSR fix: add not-before and not-after check in sign CSR Feb 2, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 2, 2026

Greptile Overview

Greptile Summary

Fixed validation error when signing CSR with explicit date range by conditionally setting either notBefore/notAfter or validity.ttl fields to avoid "Cannot specify both" validation error.

  • When notAfter is provided, the code now sets notBefore and notAfter fields for date-range based validation
  • When notAfter is not provided, the code sets validity.ttl for duration-based validation
  • This ensures proper validation of certificate validity periods against the certificate policy without triggering mutual exclusivity errors

Confidence Score: 4/5

  • Safe to merge after verifying edge case behavior for partial date inputs
  • The fix correctly addresses the validation error by using conditional logic to set either date-based or TTL-based validity fields. The change is minimal and focused, with proper validation happening downstream. Score reduced by 1 due to edge case where providing only notBefore silently ignores it.
  • No files require special attention

Important Files Changed

Filename Overview
backend/src/services/certificate-v3/certificate-v3-service.ts Added conditional logic to prevent validation error when both TTL and date range are specified, ensuring only one validity mechanism is used

greptile-apps[bot]
greptile-apps bot reviewed Feb 2, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

@sheensantoscapadngan sheensantoscapadngan merged commit 751f440 into main Feb 2, 2026
10 of 17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@carlosmonastyrski carlosmonastyrski carlosmonastyrski approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sheensantoscapadngan @maidul98 @carlosmonastyrski