diff options
author | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-09-10 01:17:24 +0300 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2020-09-10 01:17:24 +0300 |
commit | 7b1b52e03f06310bc23f688fe3f373881950a9f7 (patch) | |
tree | cf5bd5fa856dd7052bcc00d169286d5c1dcd10e7 /src/saml2/sigver.py | |
parent | beab8537f4a9deb87495c645dbdb189e16f48d30 (diff) | |
download | pysaml2-7b1b52e03f06310bc23f688fe3f373881950a9f7.tar.gz |
Refactor active_cert check
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
Diffstat (limited to 'src/saml2/sigver.py')
-rw-r--r-- | src/saml2/sigver.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py index 3d744088..3cf7c215 100644 --- a/src/saml2/sigver.py +++ b/src/saml2/sigver.py @@ -12,6 +12,7 @@ import uuid import six from time import mktime +import pytz from six.moves.urllib import parse @@ -373,16 +374,15 @@ def active_cert(key): try: cert_str = pem_format(key) cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str) - if not cert.has_expired() == 0: - raise Exception('Cert is expired.') - if OpenSSLWrapper().certificate_not_valid_yet(cert): - raise Exception('Certificate not valid yet.') - return True - except AssertionError: - return False except AttributeError: return False + now = pytz.UTC.localize(datetime.datetime.utcnow()) + valid_from = dateutil.parser.parse(cert.get_notBefore()) + valid_to = dateutil.parser.parse(cert.get_notAfter()) + active = not cert.has_expired() and valid_from <= now < valid_to + return active + def cert_from_key_info(key_info, ignore_age=False): """ Get all X509 certs from a KeyInfo instance. Care is taken to make sure |