mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Remove dead code from acme support. (#11393)
This commit is contained in:
parent
5505da2109
commit
4d6d38ac2f
1
changelog.d/11393.misc
Normal file
1
changelog.d/11393.misc
Normal file
@ -0,0 +1 @@
|
|||||||
|
Remove dead code from supporting ACME.
|
@ -14,7 +14,6 @@
|
|||||||
|
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
from datetime import datetime
|
|
||||||
from typing import List, Optional, Pattern
|
from typing import List, Optional, Pattern
|
||||||
|
|
||||||
from OpenSSL import SSL, crypto
|
from OpenSSL import SSL, crypto
|
||||||
@ -133,55 +132,6 @@ class TlsConfig(Config):
|
|||||||
self.tls_certificate: Optional[crypto.X509] = None
|
self.tls_certificate: Optional[crypto.X509] = None
|
||||||
self.tls_private_key: Optional[crypto.PKey] = None
|
self.tls_private_key: Optional[crypto.PKey] = None
|
||||||
|
|
||||||
def is_disk_cert_valid(self, allow_self_signed=True):
|
|
||||||
"""
|
|
||||||
Is the certificate we have on disk valid, and if so, for how long?
|
|
||||||
|
|
||||||
Args:
|
|
||||||
allow_self_signed (bool): Should we allow the certificate we
|
|
||||||
read to be self signed?
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
int: Days remaining of certificate validity.
|
|
||||||
None: No certificate exists.
|
|
||||||
"""
|
|
||||||
if not os.path.exists(self.tls_certificate_file):
|
|
||||||
return None
|
|
||||||
|
|
||||||
try:
|
|
||||||
with open(self.tls_certificate_file, "rb") as f:
|
|
||||||
cert_pem = f.read()
|
|
||||||
except Exception as e:
|
|
||||||
raise ConfigError(
|
|
||||||
"Failed to read existing certificate file %s: %s"
|
|
||||||
% (self.tls_certificate_file, e)
|
|
||||||
)
|
|
||||||
|
|
||||||
try:
|
|
||||||
tls_certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem)
|
|
||||||
except Exception as e:
|
|
||||||
raise ConfigError(
|
|
||||||
"Failed to parse existing certificate file %s: %s"
|
|
||||||
% (self.tls_certificate_file, e)
|
|
||||||
)
|
|
||||||
|
|
||||||
if not allow_self_signed:
|
|
||||||
if tls_certificate.get_subject() == tls_certificate.get_issuer():
|
|
||||||
raise ValueError(
|
|
||||||
"TLS Certificate is self signed, and this is not permitted"
|
|
||||||
)
|
|
||||||
|
|
||||||
# YYYYMMDDhhmmssZ -- in UTC
|
|
||||||
expiry_data = tls_certificate.get_notAfter()
|
|
||||||
if expiry_data is None:
|
|
||||||
raise ValueError(
|
|
||||||
"TLS Certificate has no expiry date, and this is not permitted"
|
|
||||||
)
|
|
||||||
expires_on = datetime.strptime(expiry_data.decode("ascii"), "%Y%m%d%H%M%SZ")
|
|
||||||
now = datetime.utcnow()
|
|
||||||
days_remaining = (expires_on - now).days
|
|
||||||
return days_remaining
|
|
||||||
|
|
||||||
def read_certificate_from_disk(self):
|
def read_certificate_from_disk(self):
|
||||||
"""
|
"""
|
||||||
Read the certificates and private key from disk.
|
Read the certificates and private key from disk.
|
||||||
|
Loading…
Reference in New Issue
Block a user