def get_cert_days(module, cert_file): ''' Return the days the certificate in cert_file remains valid and -1 if the file was not found. If cert_file contains more than one certificate, only the first one will be considered. ''' if HAS_CURRENT_CRYPTOGRAPHY: return cryptography_get_cert_days(module, cert_file) if not os.path.exists(cert_file): return -1 openssl_bin = module.get_bin_path('openssl', True) openssl_cert_cmd = [ openssl_bin, "x509", "-in", cert_file, "-noout", "-text" ] dummy, out, dummy = module.run_command(openssl_cert_cmd, check_rc=True, encoding=None) try: not_after_str = re.search(r"\s+Not After\s*:\s+(.*)", out.decode('utf8')).group(1) not_after = datetime.fromtimestamp( time.mktime(time.strptime(not_after_str, '%b %d %H:%M:%S %Y %Z'))) except AttributeError: raise ModuleFailException( "No 'Not after' date found in {0}".format(cert_file)) except ValueError: raise ModuleFailException( "Failed to parse 'Not after' date of {0}".format(cert_file)) now = datetime.utcnow() return (not_after - now).days
def test_certdays_cryptography(now, expected_days, tmpdir): fn = tmpdir / 'test-cert.pem' fn.write(TEST_CERT) module = MagicMock() days = cryptography_get_cert_days(module, str(fn), now=now) assert days == expected_days