Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

expired is now called for new certs, where the not_after field might be in datetime format, and not comparable to utc

This commit is contained in:
Hossein Shafagh 2020-03-26 19:01:07 -07:00
parent 697215f8bc
commit 5206997468
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lemur/certificates/models.py
View File

@ -8,6 +8,8 @@
from datetime import timedelta from datetime import timedelta
import arrow import arrow
import pytz
import datetime
from cryptography import x509 from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives.asymmetric import rsa
from flask import current_app from flask import current_app
@ -321,8 +323,13 @@ class Certificate(db.Model):
@hybrid_property @hybrid_property
def expired(self): def expired(self):
if self.not_after <= arrow.utcnow(): if isinstance(self.not_after, datetime.datetime):
return True # can't compare offset-naive and offset-aware datetimes
if self.not_after.replace(tzinfo=pytz.UTC) <= arrow.utcnow():
return True
else:
if self.not_after <= arrow.utcnow():
return True
@expired.expression @expired.expression
def expired(cls): def expired(cls):