Skip to content

Commit

Permalink
Add timezone (utc) info into the cert not_valid_after field (#701)
Browse files Browse the repository at this point in the history 
* Add timezone (utc) info into the certificate datetime not_valid_after field.

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>

* Removing timestamp from the comparison.

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>

---------

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>
  • Loading branch information
@perone
perone authored Jul 6, 2023
1 parent bbf0ac8 commit 04f8fc1
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions sigstore/sign.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,10 +137,9 @@ def _signing_cert(
"""Get or request a signing certificate from Fulcio."""
# If it exists, verify if the current certificate is expired
if self.__cached_signing_certificate:
if (
datetime.now(timezone.utc).timestamp()
> self.__cached_signing_certificate.cert.not_valid_after.timestamp()
):
not_valid_after = self.__cached_signing_certificate.cert.not_valid_after
not_valid_after_tzutc = not_valid_after.replace(tzinfo=timezone.utc)
if datetime.now(timezone.utc) > not_valid_after_tzutc:
raise ExpiredCertificate
return self.__cached_signing_certificate

Expand Down

0 comments on commit 04f8fc1

Please sign in to comment.