From dcf7a025d923e5a1b0414ba220d48e8214005105 Mon Sep 17 00:00:00 2001
From: Peter Eckersley <pde@eff.org>
Date: Wed, 18 Jul 2018 07:06:52 -0700
Subject: [PATCH] Move cert manager's vancy validity checking into storage

So that other things can also use it
---
 certbot/cert_manager.py |  2 +-
 certbot/storage.py      | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/certbot/cert_manager.py b/certbot/cert_manager.py
index d1205835a..cacd1d165 100644
--- a/certbot/cert_manager.py
+++ b/certbot/cert_manager.py
@@ -354,7 +354,7 @@ def _describe_certs(config, parsed_certs, parse_failures):
             notify(_report_human_readable(config, parsed_certs))
         if parse_failures:
             notify("\nThe following renewal configuration files "
-               "were invalid:")
+                   "were invalid:")
             notify(_report_lines(parse_failures))
 
     disp = zope.component.getUtility(interfaces.IDisplay)
diff --git a/certbot/storage.py b/certbot/storage.py
index 32d6771c2..9541ec652 100644
--- a/certbot/storage.py
+++ b/certbot/storage.py
@@ -18,6 +18,7 @@ from certbot import constants
 from certbot import crypto_util
 from certbot import errors
 from certbot import error_handler
+from certbot import ocsp
 from certbot import util
 
 from certbot.plugins import common as plugins_common
@@ -965,6 +966,37 @@ class RenewableCert(object):
                 return True
         return False
 
+    def validity_string(self):
+        """
+        Return a string describing whther the cert is valid or not.
+
+        :rtype: str
+        :returns: eg "VALID: 1 day" | "EXPIRED" | "REVOKED" | "TEST_CERT"
+                   | "VALID: 13 hours" | "VALID: 72 days" | "EXPIRED, REVOKED"
+        """
+
+        checker = ocsp.RevocationChecker()
+        now = pytz.UTC.fromutc(datetime.datetime.utcnow())
+        reasons = []
+        if cert.is_test_cert:
+            reasons.append('TEST_CERT')
+        if cert.target_expiry <= now:
+            reasons.append('EXPIRED')
+        if checker.ocsp_revoked(cert.cert, cert.chain):
+            reasons.append('REVOKED')
+
+        if reasons:
+            status = "INVALID: " + ", ".join(reasons)
+        else:
+            diff = cert.target_expiry - now
+            if diff.days == 1:
+                status = "VALID: 1 day"
+            elif diff.days < 1:
+                status = "VALID: {0} hour(s)".format(diff.seconds // 3600)
+            else:
+                status = "VALID: {0} days".format(diff.days)
+        return status
+
     @classmethod
     def new_lineage(cls, lineagename, cert, privkey, chain, cli_config):
         # pylint: disable=too-many-locals