From f1b429199f553678e060cde3d283b660d53d1a7b Mon Sep 17 00:00:00 2001
From: mathieui <mathieui@mathieui.net>
Date: Sat, 3 Jul 2021 11:08:18 +0200
Subject: cert: add some typing

---
 slixmpp/xmlstream/cert.py | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

(limited to 'slixmpp/xmlstream/cert.py')

diff --git a/slixmpp/xmlstream/cert.py b/slixmpp/xmlstream/cert.py
index 28ef585a..41679a7e 100644
--- a/slixmpp/xmlstream/cert.py
+++ b/slixmpp/xmlstream/cert.py
@@ -1,5 +1,6 @@
 import logging
 from datetime import datetime, timedelta
+from typing import Dict, Set, Tuple, Optional
 
 # Make a call to strptime before starting threads to
 # prevent thread safety issues.
@@ -32,13 +33,13 @@ class CertificateError(Exception):
     pass
 
 
-def decode_str(data):
+def decode_str(data: bytes) -> str:
     encoding = 'utf-16-be' if isinstance(data, BMPString) else 'utf-8'
     return bytes(data).decode(encoding)
 
 
-def extract_names(raw_cert):
-    results = {'CN': set(),
+def extract_names(raw_cert: bytes) -> Dict[str, Set[str]]:
+    results: Dict[str, Set[str]] = {'CN': set(),
                'DNS': set(),
                'SRV': set(),
                'URI': set(),
@@ -96,7 +97,7 @@ def extract_names(raw_cert):
     return results
 
 
-def extract_dates(raw_cert):
+def extract_dates(raw_cert: bytes) -> Tuple[Optional[datetime], Optional[datetime]]:
     if not HAVE_PYASN1:
         log.warning("Could not find pyasn1 and pyasn1_modules. " + \
                     "SSL certificate expiration COULD NOT BE VERIFIED.")
@@ -125,24 +126,29 @@ def extract_dates(raw_cert):
     return not_before, not_after
 
 
-def get_ttl(raw_cert):
+def get_ttl(raw_cert: bytes) -> Optional[timedelta]:
     not_before, not_after = extract_dates(raw_cert)
-    if not_after is None:
+    if not_after is None or not_before is None:
         return None
     return not_after - datetime.utcnow()
 
 
-def verify(expected, raw_cert):
+def verify(expected: str, raw_cert: bytes) -> Optional[bool]:
     if not HAVE_PYASN1:
         log.warning("Could not find pyasn1 and pyasn1_modules. " + \
                     "SSL certificate COULD NOT BE VERIFIED.")
-        return
+        return None
 
     not_before, not_after = extract_dates(raw_cert)
     cert_names = extract_names(raw_cert)
 
     now = datetime.utcnow()
 
+    if not not_before or not not_after:
+        raise CertificateError(
+            "Error while checking the dates of the certificate"
+        )
+
     if not_before > now:
         raise CertificateError(
                 'Certificate has not entered its valid date range.')
-- 
cgit v1.2.3