From 04f8fc198b100bcb9e81aefd762efec6678f0b41 Mon Sep 17 00:00:00 2001
From: "Christian S. Perone" <perone@users.noreply.github.com>
Date: Thu, 6 Jul 2023 23:24:12 +0100
Subject: [PATCH] Add timezone (utc) info into the cert not_valid_after field
 (#701)

* Add timezone (utc) info into the certificate datetime not_valid_after field.

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>

* Removing timestamp from the comparison.

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>

---------

Signed-off-by: Christian S. Perone <christian.perone@gmail.com>
---
 sigstore/sign.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sigstore/sign.py b/sigstore/sign.py
index 5d366536..b1ee013b 100644
--- a/sigstore/sign.py
+++ b/sigstore/sign.py
@@ -137,10 +137,9 @@ def _signing_cert(
         """Get or request a signing certificate from Fulcio."""
         # If it exists, verify if the current certificate is expired
         if self.__cached_signing_certificate:
-            if (
-                datetime.now(timezone.utc).timestamp()
-                > self.__cached_signing_certificate.cert.not_valid_after.timestamp()
-            ):
+            not_valid_after = self.__cached_signing_certificate.cert.not_valid_after
+            not_valid_after_tzutc = not_valid_after.replace(tzinfo=timezone.utc)
+            if datetime.now(timezone.utc) > not_valid_after_tzutc:
                 raise ExpiredCertificate
             return self.__cached_signing_certificate