[bug] flag vpn_ready == false if cert expired

We were not renewing the vpn cert. Now the UI will trigger a cert
renewal by telling it that is the vpn is not ready if the cert is
expired.

- Resolves: #9059

1 files changed, 23 insertions, 2 deletions

diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py
index 3921d03b..6c089628 100644
--- a/src/leap/bitmask/vpn/_checks.py
+++ b/src/leap/bitmask/vpn/_checks.py
@@ -1,5 +1,9 @@
 import os
 
+from datetime import datetime
+from time import mktime
+
+from leap.common.certs import get_cert_time_boundaries
 from leap.common.config import get_path_prefix
 
 
@@ -11,10 +15,21 @@ class ImproperlyConfigured(Exception):
 
 
 def is_service_ready(provider):
-    _has_valid_cert(provider)
+    if not _has_valid_cert(provider):
+        raise ImproperlyConfigured('Missing VPN certificate')
+
     return True
 
 
+def cert_expires(provider):
+    path = get_vpn_cert_path(provider)
+    with open(path, 'r') as f:
+        cert = f.read()
+    _, to = get_cert_time_boundaries(cert)
+    expiry_date = datetime.fromtimestamp(mktime(to))
+    return expiry_date
+
+
 def get_vpn_cert_path(provider):
     return os.path.join(get_path_prefix(),
                         'leap', 'providers', provider,
@@ -25,4 +40,10 @@ def _has_valid_cert(provider):
     cert_path = get_vpn_cert_path(provider)
     has_file = os.path.isfile(cert_path)
     if not has_file:
-        raise ImproperlyConfigured('Missing VPN certificate')
+        return False
+
+    expiry = cert_expires(provider)
+    if datetime.now() > expiry:
+        return False
+
+    return True