Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix cert_validate timezone warnings #4

Merged
merged 1 commit into from
Aug 18, 2024
Merged

Fix cert_validate timezone warnings #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions sep2tools/cert_validate.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
import logging
from datetime import datetime
from datetime import datetime, timezone
from pathlib import Path

from cryptography import x509

log = logging.getLogger(__name__)
INDEF_EXPIRY = datetime(9999, 12, 31, 23, 59, 59, 0) # As per standard
INDEF_EXPIRY = datetime(9999, 12, 31, 23, 59, 59, 0, timezone.utc) # As per standard


def get_pem_certificate_policy_oids(cert_path: Path) -> list[str]:
Expand Down Expand Up @@ -38,20 +38,20 @@ def validate_pem_certificate(cert_path: Path) -> bool:
cert = x509.load_pem_x509_certificate(cert_data)

# Check the validity period
current_time = datetime.utcnow()
if not cert.not_valid_before <= current_time:
current_time_utc = datetime.now(timezone.utc)
Copy link
Contributor Author

@longzheng longzheng Aug 16, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed in cert_create.py you're using a different module from dateutil import tz and tz.UTC.

But I saw from the documentation the datetime module has a timezone export that seems to do the same thing, not sure if I'm missing something since I'm not experienced with Python.

If it is the same thing then potential cert_create.py could be updated to use this and then the dateutil module is no longer needed?

SEP2-Tools/sep2tools/cert_create.py

Line 342 in 5aab6b4

valid_from = datetime.now(tz=tz.UTC)

if not cert.not_valid_before_utc <= current_time_utc:
msg = "Certificate is not valid yet. "
msg += "Not valid before {cert.not_valid_before}"
log.error(msg)
valid = False
if not current_time <= cert.not_valid_after:
if not current_time_utc <= cert.not_valid_after_utc:
msg = "Certificate is no longer valid. "
msg += "Not valid after {cert.not_valid_after}"
log.error(msg)
valid = False
if cert.not_valid_after != INDEF_EXPIRY:
if cert.not_valid_after_utc != INDEF_EXPIRY:
msg = f"Certificate expiry not {INDEF_EXPIRY} as per standard. "
msg += f"Expires {cert.not_valid_after}"
msg += f"Expires {cert.not_valid_after_utc}"
log.warning(msg)
valid = False

Expand Down
Loading