summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormathieui <mathieui@mathieui.net>2021-07-03 11:08:18 +0200
committermathieui <mathieui@mathieui.net>2021-07-03 11:17:15 +0200
commitf1b429199f553678e060cde3d283b660d53d1a7b (patch)
treed63f28321d33b47b2cb5dbecacd3a0a807966afc
parentdb48c8f4da2448343284f871ac9464c45ce0b66f (diff)
downloadslixmpp-f1b429199f553678e060cde3d283b660d53d1a7b.tar.gz
slixmpp-f1b429199f553678e060cde3d283b660d53d1a7b.tar.bz2
slixmpp-f1b429199f553678e060cde3d283b660d53d1a7b.tar.xz
slixmpp-f1b429199f553678e060cde3d283b660d53d1a7b.zip
cert: add some typing
-rw-r--r--slixmpp/xmlstream/cert.py22
1 files changed, 14 insertions, 8 deletions
diff --git a/slixmpp/xmlstream/cert.py b/slixmpp/xmlstream/cert.py
index 28ef585a..41679a7e 100644
--- a/slixmpp/xmlstream/cert.py
+++ b/slixmpp/xmlstream/cert.py
@@ -1,5 +1,6 @@
import logging
from datetime import datetime, timedelta
+from typing import Dict, Set, Tuple, Optional
# Make a call to strptime before starting threads to
# prevent thread safety issues.
@@ -32,13 +33,13 @@ class CertificateError(Exception):
pass
-def decode_str(data):
+def decode_str(data: bytes) -> str:
encoding = 'utf-16-be' if isinstance(data, BMPString) else 'utf-8'
return bytes(data).decode(encoding)
-def extract_names(raw_cert):
- results = {'CN': set(),
+def extract_names(raw_cert: bytes) -> Dict[str, Set[str]]:
+ results: Dict[str, Set[str]] = {'CN': set(),
'DNS': set(),
'SRV': set(),
'URI': set(),
@@ -96,7 +97,7 @@ def extract_names(raw_cert):
return results
-def extract_dates(raw_cert):
+def extract_dates(raw_cert: bytes) -> Tuple[Optional[datetime], Optional[datetime]]:
if not HAVE_PYASN1:
log.warning("Could not find pyasn1 and pyasn1_modules. " + \
"SSL certificate expiration COULD NOT BE VERIFIED.")
@@ -125,24 +126,29 @@ def extract_dates(raw_cert):
return not_before, not_after
-def get_ttl(raw_cert):
+def get_ttl(raw_cert: bytes) -> Optional[timedelta]:
not_before, not_after = extract_dates(raw_cert)
- if not_after is None:
+ if not_after is None or not_before is None:
return None
return not_after - datetime.utcnow()
-def verify(expected, raw_cert):
+def verify(expected: str, raw_cert: bytes) -> Optional[bool]:
if not HAVE_PYASN1:
log.warning("Could not find pyasn1 and pyasn1_modules. " + \
"SSL certificate COULD NOT BE VERIFIED.")
- return
+ return None
not_before, not_after = extract_dates(raw_cert)
cert_names = extract_names(raw_cert)
now = datetime.utcnow()
+ if not not_before or not not_after:
+ raise CertificateError(
+ "Error while checking the dates of the certificate"
+ )
+
if not_before > now:
raise CertificateError(
'Certificate has not entered its valid date range.')