summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/vpn/_checks.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/vpn/_checks.py')
-rw-r--r--src/leap/bitmask/vpn/_checks.py25
1 files changed, 23 insertions, 2 deletions
diff --git a/src/leap/bitmask/vpn/_checks.py b/src/leap/bitmask/vpn/_checks.py
index 3921d03b..6c089628 100644
--- a/src/leap/bitmask/vpn/_checks.py
+++ b/src/leap/bitmask/vpn/_checks.py
@@ -1,5 +1,9 @@
import os
+from datetime import datetime
+from time import mktime
+
+from leap.common.certs import get_cert_time_boundaries
from leap.common.config import get_path_prefix
@@ -11,10 +15,21 @@ class ImproperlyConfigured(Exception):
def is_service_ready(provider):
- _has_valid_cert(provider)
+ if not _has_valid_cert(provider):
+ raise ImproperlyConfigured('Missing VPN certificate')
+
return True
+def cert_expires(provider):
+ path = get_vpn_cert_path(provider)
+ with open(path, 'r') as f:
+ cert = f.read()
+ _, to = get_cert_time_boundaries(cert)
+ expiry_date = datetime.fromtimestamp(mktime(to))
+ return expiry_date
+
+
def get_vpn_cert_path(provider):
return os.path.join(get_path_prefix(),
'leap', 'providers', provider,
@@ -25,4 +40,10 @@ def _has_valid_cert(provider):
cert_path = get_vpn_cert_path(provider)
has_file = os.path.isfile(cert_path)
if not has_file:
- raise ImproperlyConfigured('Missing VPN certificate')
+ return False
+
+ expiry = cert_expires(provider)
+ if datetime.now() > expiry:
+ return False
+
+ return True
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 03:06:39 +0000