def get_cert_days(module, cert_file):
'''
Return the days the certificate in cert_file remains valid and -1
if the file was not found. If cert_file contains more than one
certificate, only the first one will be considered.
'''
if HAS_CURRENT_CRYPTOGRAPHY:
return cryptography_get_cert_days(module, cert_file)
if not os.path.exists(cert_file):
return -1
openssl_bin = module.get_bin_path('openssl', True)
openssl_cert_cmd = [
openssl_bin, "x509", "-in", cert_file, "-noout", "-text"
]
dummy, out, dummy = module.run_command(openssl_cert_cmd,
check_rc=True,
encoding=None)
try:
not_after_str = re.search(r"\s+Not After\s*:\s+(.*)",
out.decode('utf8')).group(1)
not_after = datetime.fromtimestamp(
time.mktime(time.strptime(not_after_str, '%b %d %H:%M:%S %Y %Z')))
except AttributeError:
raise ModuleFailException(
"No 'Not after' date found in {0}".format(cert_file))
except ValueError:
raise ModuleFailException(
"Failed to parse 'Not after' date of {0}".format(cert_file))
now = datetime.utcnow()
return (not_after - now).days
def test_certdays_cryptography(now, expected_days, tmpdir):
fn = tmpdir / 'test-cert.pem'
fn.write(TEST_CERT)
module = MagicMock()
days = cryptography_get_cert_days(module, str(fn), now=now)
assert days == expected_days
