File diff 1f9ad2819335 → 4f3c2c135344
gimmecert/crypto.py
Show inline comments
 
@@ -127,7 +127,7 @@ def get_validity_range():
 
    :rtype: (datetime.datetime, datetime.datetime)
 
    """
 

			




	
	
	
		
 
    now = datetime.datetime.utcnow().replace(microsecond=0)

			




	
	
	
		
 
    now = datetime.datetime.now(datetime.timezone.utc).replace(microsecond=0)

			




	
	
	
		
 
    not_before = now - datetime.timedelta(minutes=15)

			




	
	
	
		
 
    not_after = now + relativedelta(years=1)

			




	
	
	
		
 

			




	
	
		
 
@@ -293,11 +293,11 @@ def issue_server_certificate(name, public_key, issuer_private_key, issuer_certif

			




	
	
	
		
 
        (cryptography.x509.SubjectAlternativeName([cryptography.x509.DNSName(dns_name) for dns_name in dns_names]), False)

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before_utc:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before_utc

			




	
	
	
		
 

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after_utc:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after_utc

			




	
	
	
		
 

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 

			




	
	
		
 
@@ -353,11 +353,11 @@ def issue_client_certificate(name, public_key, issuer_private_key, issuer_certif

			




	
	
	
		
 
        (cryptography.x509.ExtendedKeyUsage([cryptography.x509.oid.ExtendedKeyUsageOID.CLIENT_AUTH]), True),

			




	
	
	
		
 
    ]

			




	
	
	
		
 

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before_utc:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before_utc

			




	
	
	
		
 

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after_utc:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after_utc

			




	
	
	
		
 

			




	
	
	
		
 
    certificate = issue_certificate(issuer_certificate.subject, dn, issuer_private_key, public_key, not_before, not_after, extensions)

			




	
	
	
		
 

			




	
	
		
 
@@ -389,11 +389,11 @@ def renew_certificate(old_certificate, public_key, issuer_private_key, issuer_ce

			




	
	
	
		
 

			




	
	
	
		
 
    not_before, not_after = get_validity_range()

			




	
	
	
		
 

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before

			




	
	
	
		
 
    if not_before < issuer_certificate.not_valid_before_utc:

			




	
	
	
		
 
        not_before = issuer_certificate.not_valid_before_utc

			




	
	
	
		
 

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after

			




	
	
	
		
 
    if not_after > issuer_certificate.not_valid_after_utc:

			




	
	
	
		
 
        not_after = issuer_certificate.not_valid_after_utc

			




	
	
	
		
 

			




	
	
	
		
 
    new_certificate = issue_certificate(issuer_certificate.subject,

			




	
	
	
		
 
                                        old_certificate.subject,

			




        

    



    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.