diff options
author | InvalidInterrupt <InvalidInterrupt@users.noreply.github.com> | 2016-08-16 19:39:31 -0700 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2016-08-16 22:39:31 -0400 |
commit | 8e66ca6813016d9fc6f57d5f1e50530fc39f78ae (patch) | |
tree | 630a57899cf44a6c98f7928c065da04f16504267 /src | |
parent | dcbd220ee6b4e23f292897e1d6b1e26004ecfd64 (diff) | |
download | cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.tar.gz cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.tar.bz2 cryptography-8e66ca6813016d9fc6f57d5f1e50530fc39f78ae.zip |
CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/x509/base.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py index 5c4e3aad..156bc493 100644 --- a/src/cryptography/x509/base.py +++ b/src/cryptography/x509/base.py @@ -19,6 +19,20 @@ from cryptography.x509.name import Name _UNIX_EPOCH = datetime.datetime(1970, 1, 1) +def _convert_to_naive_utc_time(time): + """Normalizes a datetime to a naive datetime in UTC. + + time -- datetime to normalize. Assumed to be in UTC if not timezone + aware. + """ + if time.tzinfo is not None: + offset = time.utcoffset() + offset = offset if offset else datetime.timedelta() + return time.replace(tzinfo=None) - offset + else: + return time + + class Version(Enum): v1 = 0 v3 = 2 @@ -447,6 +461,7 @@ class CertificateBuilder(object): raise TypeError('Expecting datetime object.') if self._not_valid_before is not None: raise ValueError('The not valid before may only be set once.') + time = _convert_to_naive_utc_time(time) if time <= _UNIX_EPOCH: raise ValueError('The not valid before date must be after the unix' ' epoch (1970 January 1).') @@ -469,6 +484,7 @@ class CertificateBuilder(object): raise TypeError('Expecting datetime object.') if self._not_valid_after is not None: raise ValueError('The not valid after may only be set once.') + time = _convert_to_naive_utc_time(time) if time <= _UNIX_EPOCH: raise ValueError('The not valid after date must be after the unix' ' epoch (1970 January 1).') @@ -553,6 +569,7 @@ class CertificateRevocationListBuilder(object): raise TypeError('Expecting datetime object.') if self._last_update is not None: raise ValueError('Last update may only be set once.') + last_update = _convert_to_naive_utc_time(last_update) if last_update <= _UNIX_EPOCH: raise ValueError('The last update date must be after the unix' ' epoch (1970 January 1).') @@ -570,6 +587,7 @@ class CertificateRevocationListBuilder(object): raise TypeError('Expecting datetime object.') if self._next_update is not None: raise ValueError('Last update may only be set once.') + next_update = _convert_to_naive_utc_time(next_update) if next_update <= _UNIX_EPOCH: raise ValueError('The last update date must be after the unix' ' epoch (1970 January 1).') @@ -655,6 +673,7 @@ class RevokedCertificateBuilder(object): raise TypeError('Expecting datetime object.') if self._revocation_date is not None: raise ValueError('The revocation date may only be set once.') + time = _convert_to_naive_utc_time(time) if time <= _UNIX_EPOCH: raise ValueError('The revocation date must be after the unix' ' epoch (1970 January 1).') |