commit 43e239fad888eb213b0cb22dbff3b34b55fc64f8 Author: Damian Johnson atagar@torproject.org Date: Sun Mar 26 17:49:07 2017 +0200

Add an is_expired() method to certificates

Method to check if the certificate is presently expired or not. We should *not* consider a certificate to be invalid because it's expired. Stem is used to parse past descriptors just as well as current ones. Good thing to be able to easily check but doesn't belong in a validate() function. --- stem/descriptor/certificate.py | 10 ++++++++++ test/unit/descriptor/certificate.py | 1 + 2 files changed, 11 insertions(+)

diff --git a/stem/descriptor/certificate.py b/stem/descriptor/certificate.py index 094667d..5d60458 100644 --- a/stem/descriptor/certificate.py +++ b/stem/descriptor/certificate.py @@ -177,6 +177,16 @@ class Ed25519CertificateV1(Ed25519Certificate): if remaining_data: raise ValueError('Ed25519 certificate had %i bytes of unused extension data' % len(remaining_data))

+ def is_expired(self): + """ + Checks if this certificate is presently expired or not. + + :returns: **True** if the certificate has expired, **False** otherwise + """ + + return datetime.datetime.now() > self.expiration + +

class Ed25519Extension(collections.namedtuple('Ed25519Extension', ['type', 'flags', 'flag_int', 'data'])): """ diff --git a/test/unit/descriptor/certificate.py b/test/unit/descriptor/certificate.py index 1444a10..57f6643 100644 --- a/test/unit/descriptor/certificate.py +++ b/test/unit/descriptor/certificate.py @@ -59,6 +59,7 @@ class TestEd25519Certificate(unittest.TestCase): ], cert.extensions)

self.assertEqual(ExtensionType.HAS_SIGNING_KEY, cert.extensions[0].type) + self.assertTrue(cert.is_expired())

def test_with_real_cert(self): cert = Ed25519Certificate.parse(ED25519_CERT)