Skip to content

Commit

Permalink
Support InvalidityDate.invalidity_date_utc.
Browse files Browse the repository at this point in the history
  • Loading branch information
felixfontein committed Apr 23, 2024
1 parent 3899f79 commit 5606630
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
2 changes: 2 additions & 0 deletions changelogs/fragments/730-cryptography-invalidity_date.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- When using cryptography >= 43.0.0, use offset-aware ``datetime.datetime`` objects (with timezone UTC) instead of offset-naive UTC timestamps for the ``InvalidityDate`` X.509 CRL extension (https://github.com/ansible-collections/community.crypto/issues/726, https://github.com/ansible-collections/community.crypto/pull/730).
8 changes: 7 additions & 1 deletion plugins/module_utils/crypto/cryptography_crl.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@
__metaclass__ = type


from ansible_collections.community.crypto.plugins.module_utils.version import LooseVersion as _LooseVersion

try:
import cryptography
from cryptography import x509
except ImportError:
# Error handled in the calling module.
Expand All @@ -32,6 +35,8 @@
# to True and adjust get_invalidity_date() accordingly.
# (https://github.com/pyca/cryptography/issues/10818)
CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE = False
if HAS_CRYPTOGRAPHY:
CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE = _LooseVersion(cryptography.__version__) >= _LooseVersion('43.0.0')

TIMESTAMP_FORMAT = "%Y%m%d%H%M%SZ"

Expand Down Expand Up @@ -139,7 +144,8 @@ def get_revocation_date(obj):


def get_invalidity_date(obj):
# TODO: special handling if CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE is True
if CRYPTOGRAPHY_TIMEZONE_INVALIDITY_DATE:
return obj.invalidity_date_utc
return obj.invalidity_date


Expand Down

0 comments on commit 5606630

Please sign in to comment.