From 7b1b52e03f06310bc23f688fe3f373881950a9f7 Mon Sep 17 00:00:00 2001
From: Ivan Kanakarakis <ivan.kanak@gmail.com>
Date: Thu, 10 Sep 2020 01:17:24 +0300
Subject: Refactor active_cert check

Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
---
 src/saml2/sigver.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/saml2/sigver.py b/src/saml2/sigver.py
index 3d744088..3cf7c215 100644
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -12,6 +12,7 @@ import uuid
 import six
 
 from time import mktime
+import pytz
 
 from six.moves.urllib import parse
 
@@ -373,16 +374,15 @@ def active_cert(key):
     try:
         cert_str = pem_format(key)
         cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
-        if not cert.has_expired() == 0:
-            raise Exception('Cert is expired.')
-        if  OpenSSLWrapper().certificate_not_valid_yet(cert):
-            raise Exception('Certificate not valid yet.')
-        return True
-    except AssertionError:
-        return False
     except AttributeError:
         return False
 
+    now = pytz.UTC.localize(datetime.datetime.utcnow())
+    valid_from = dateutil.parser.parse(cert.get_notBefore())
+    valid_to = dateutil.parser.parse(cert.get_notAfter())
+    active = not cert.has_expired() and valid_from <= now < valid_to
+    return active
+
 
 def cert_from_key_info(key_info, ignore_age=False):
     """ Get all X509 certs from a KeyInfo instance. Care is taken to make sure
-- 
cgit v1.2.1