Add timezone (utc) info into the cert not_valid_after field (#701)

perone · web-flow · commit 04f8fc198b10 · 2023-07-06T18:24:12.000-04:00
* Add timezone (utc) info into the certificate datetime not_valid_after field.

Signed-off-by: Christian S. Perone &lt;christian.perone@gmail.com&gt;

* Removing timestamp from the comparison.

Signed-off-by: Christian S. Perone &lt;christian.perone@gmail.com&gt;

---------

Signed-off-by: Christian S. Perone &lt;christian.perone@gmail.com&gt;
diff --git a/sigstore/sign.py b/sigstore/sign.py
@@ -137,10 +137,9 @@ def _signing_cert(
         """Get or request a signing certificate from Fulcio."""
         # If it exists, verify if the current certificate is expired
         if self.__cached_signing_certificate:
-            if (
-                datetime.now(timezone.utc).timestamp()
-                > self.__cached_signing_certificate.cert.not_valid_after.timestamp()
-            ):
+            not_valid_after = self.__cached_signing_certificate.cert.not_valid_after
+            not_valid_after_tzutc = not_valid_after.replace(tzinfo=timezone.utc)
+            if datetime.now(timezone.utc) > not_valid_after_tzutc:
                 raise ExpiredCertificate
             return self.__cached_signing_certificate
 
