Move cert manager's vancy validity checking into storage

So that other things can also use it
2026-06-03 22:08:07 -04:00 · 2018-07-18 07:06:52 -07:00 · 2018-07-18 07:06:52 -07:00 · dcf7a025d9
commit dcf7a025d9
parent 8175a1ea22
2 changed files with 33 additions and 1 deletions
--- a/certbot/cert_manager.py
+++ b/certbot/cert_manager.py
@ -354,7 +354,7 @@ def _describe_certs(config, parsed_certs, parse_failures):
            notify(_report_human_readable(config, parsed_certs))
        if parse_failures:
            notify("\nThe following renewal configuration files "
-               "were invalid:")
+                   "were invalid:")
            notify(_report_lines(parse_failures))

    disp = zope.component.getUtility(interfaces.IDisplay)
--- a/certbot/storage.py
+++ b/certbot/storage.py
@ -18,6 +18,7 @@ from certbot import constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import error_handler
+from certbot import ocsp
 from certbot import util

 from certbot.plugins import common as plugins_common
@ -965,6 +966,37 @@ class RenewableCert(object):
                return True
        return False

+    def validity_string(self):
+        """
+        Return a string describing whther the cert is valid or not.
+
+        :rtype: str
+        :returns: eg "VALID: 1 day" | "EXPIRED" | "REVOKED" | "TEST_CERT"
+                   | "VALID: 13 hours" | "VALID: 72 days" | "EXPIRED, REVOKED"
+        """
+
+        checker = ocsp.RevocationChecker()
+        now = pytz.UTC.fromutc(datetime.datetime.utcnow())
+        reasons = []
+        if cert.is_test_cert:
+            reasons.append('TEST_CERT')
+        if cert.target_expiry <= now:
+            reasons.append('EXPIRED')
+        if checker.ocsp_revoked(cert.cert, cert.chain):
+            reasons.append('REVOKED')
+
+        if reasons:
+            status = "INVALID: " + ", ".join(reasons)
+        else:
+            diff = cert.target_expiry - now
+            if diff.days == 1:
+                status = "VALID: 1 day"
+            elif diff.days < 1:
+                status = "VALID: {0} hour(s)".format(diff.seconds // 3600)
+            else:
+                status = "VALID: {0} days".format(diff.days)
+        return status
+
    @classmethod
    def new_lineage(cls, lineagename, cert, privkey, chain, cli_config):
        # pylint: disable=too-many-locals