Skip to content

Commit 7b1b52e

Browse files
c00kiemon5terc00kiemon5ter
committed
Refactor active_cert check
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
1 parent beab853 commit 7b1b52e

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

src/saml2/sigver.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import six
1313

1414
from time import mktime
15+
import pytz
1516

1617
from six.moves.urllib import parse
1718

@@ -373,16 +374,15 @@ def active_cert(key):
373374
try:
374375
cert_str = pem_format(key)
375376
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_str)
376-
if not cert.has_expired() == 0:
377-
raise Exception('Cert is expired.')
378-
if OpenSSLWrapper().certificate_not_valid_yet(cert):
379-
raise Exception('Certificate not valid yet.')
380-
return True
381-
except AssertionError:
382-
return False
383377
except AttributeError:
384378
return False
385379

380+
now = pytz.UTC.localize(datetime.datetime.utcnow())
381+
valid_from = dateutil.parser.parse(cert.get_notBefore())
382+
valid_to = dateutil.parser.parse(cert.get_notAfter())
383+
active = not cert.has_expired() and valid_from <= now < valid_to
384+
return active
385+
386386

387387
def cert_from_key_info(key_info, ignore_age=False):
388388
""" Get all X509 certs from a KeyInfo instance. Care is taken to make sure

0 commit comments

Comments
 (0)