From 61073db2bc74a841d65996066001dfd5ef3d86a8 Mon Sep 17 00:00:00 2001 From: Thomas Lamprecht Date: Mon, 11 Nov 2024 09:51:57 +0100 Subject: [PATCH] certificate: factor out obtaining the expiration timestamp This can be useful to have, e.g., when requiring different behaviors the nearer an expiry gets. Signed-off-by: Thomas Lamprecht --- src/PVE/Certificate.pm | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/PVE/Certificate.pm b/src/PVE/Certificate.pm index f67f6cd..0d44e84 100644 --- a/src/PVE/Certificate.pm +++ b/src/PVE/Certificate.pm @@ -316,11 +316,9 @@ sub get_certificate_info { return $info; }; -# Checks whether certificate expires before $timestamp (UNIX epoch) -sub check_expiry { - my ($cert_path, $timestamp) = @_; - - $timestamp //= time(); +# Obtain the expiration timestamp of a X.509 certificate as a UNIX epoch. +sub get_expiration_as_epoch { + my ($cert_path) = @_; my $cert = $read_certificate->($cert_path); my $not_after = eval { convert_asn1_to_epoch(Net::SSLeay::X509_get_notAfter($cert)) }; @@ -330,6 +328,17 @@ sub check_expiry { die $err if $err; + return $not_after; +}; + +# Checks whether certificate expires before $timestamp (UNIX epoch) +sub check_expiry { + my ($cert_path, $timestamp) = @_; + + $timestamp //= time(); + + my $not_after = get_expiration_as_epoch($cert_path); + return ($not_after < $timestamp) ? 1 : 0; };