Allow download of old crls with old extenstion crl.pem

api/tests/api/test_retrieve_crl.py

@@ -1,4 +1,5 @@
 from time import sleep
+from unittest.mock import patch
 
 import arrow
 from django.utils import timezone
@@ -91,11 +92,42 @@ def setUpTestData(cls):
 
         cls.int_certificate2.save()
 
+        subject3 = DistinguishedNameFactory(
+            countryName=cls.ca.dn.countryName,
+            stateOrProvinceName=cls.ca.dn.stateOrProvinceName,
+            organizationName=cls.ca.dn.organizationName,
+        )
+
+        cls.int_certificate_old_crl_extension = CertificateFactory(
+            expires_at=arrow.get(timezone.now()).shift(days=+5).date(),
+            name="test client intermediate certificate old extesion",
+            type=CertificateTypes.INTERMEDIATE,
+            parent=cls.ca,
+            dn=subject3,
+            passphrase_out="welkom1235",
+            passphrase_out_confirmation="welkom1235",
+            passphrase_issuer="welkom123",
+            crl_distribution_url="https://example.com/crl/cert2.crl.pem",
+            ocsp_distribution_host="https://example.com/ocsp/",
+        )
+        with patch.object(Certificate, "full_clean", return_value=None):
+            cls.int_certificate_old_crl_extension.save()
+
     def test_retrieve_crl_root_certificate(self):
         test_uri = f"{self.base_url}{self.ca.pk}/crl"
         response = self.client.get(test_uri, format="json")
         self.assertEqual(response.status_code, status.HTTP_200_OK)
 
+    def test_retrieve_crl_int_certificate(self):
+        test_uri = f"{self.base_url}{self.int_certificate2.pk}/crl"
+        response = self.client.get(test_uri, format="json")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_retrieve_crl_int_old_crl_extension_certificate(self):
+        test_uri = f"{self.base_url}{self.int_certificate_old_crl_extension.pk}/crl"
+        response = self.client.get(test_uri, format="json")
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
     def test_retrieve_crl_root_certificate_last_modified_update(self):
         test_uri = f"{self.base_url}{self.ca.pk}/crl"
         response = self.client.get(test_uri, format="json")

api/views.py

@@ -306,7 +306,7 @@ def get(self, request, pk, *args, **kwargs):
             except KeyStore.DoesNotExist:
                 raise Http404("Certificate has no keystore, " "generation of certificate object went wrong")
 
-            matches = re.findall(r"[^\/]+\.crl$", cert.crl_distribution_url)
+            matches = re.findall(r"[^\/]+\.crl(.pem)?$", cert.crl_distribution_url)
             if not matches:
                 raise RuntimeError(
                     f"Unexpected wrong format crl distribution url: "

changelog.md

@@ -1,6 +1,9 @@
 # Change Log
 The BounCA change history
 
+## [0.4.4] - Release 2023-04-20
+* Bugfix allow retrieving crls with old extension crl.pem
+
 ## [0.4.3] - Release 2023-02-21
 * Bugfix when creating root certificate dont check for issuer passphrase
 

docs/source/conf.py

@@ -49,7 +49,7 @@
 # The short X.Y version.
 version = ""
 # The full version, including alpha/beta/rc tags.
-release = "0.4.0"
+release = "0.4.4"
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

setup.py

@@ -48,7 +48,7 @@ def run(self):
 
 setup(
     name="bounca",
-    version="0.4.0",
+    version="0.4.4",
     cmdclass=cmdclass,
     entry_points={"console_scripts": ["djadmin = manage:main"]},
     scripts=["manage.py"],