Format expired certificates differently in list_certificates

author: Konstantinos Kallas <konstantinos.kallas@hotmail.com> 2017-08-11 13:28:17 +0300
committer: Konstantinos Kallas <konstantinos.kallas@hotmail.com> 2017-08-11 13:28:17 +0300
commit: 7140c8d844468d2b6c0dbe6ae9cac8c7fa73672e (patch)
tree: 4a1910b5ac5464020ee26192d1b8ac86626bd9df /src/ejabberd_acme.erl
parent: Renew certificate now renews all saved certificates that are close to expire (diff)
1 files changed, 23 insertions, 10 deletions
diff --git a/src/ejabberd_acme.erl b/src/ejabberd_acme.erl
index a66f6eca2..e84493beb 100644
--- a/src/ejabberd_acme.erl
+++ b/src/ejabberd_acme.erl
@@ -311,16 +311,18 @@ renew_certificate(CAUrl, {DomainName, _} = Cert, PrivateKey) ->
 cert_to_expire({DomainName, #data_cert{pem = Pem}}) ->
     Certificate = pem_to_certificate(Pem),
     Validity = get_utc_validity(Certificate),
-    close_to_expire(Validity).
 
--spec close_to_expire(string()) -> boolean().
-close_to_expire(Validity) ->
+    %% 30 days before expiration
+    close_to_expire(Validity, 30).
+
+-spec close_to_expire(string(), integer()) -> boolean().
+close_to_expire(Validity, Days) ->
     {ValidDate, _ValidTime} = utc_string_to_datetime(Validity),
     ValidDays = calendar:date_to_gregorian_days(ValidDate),
 
     {CurrentDate, _CurrentTime} = calendar:universal_time(),
     CurrentDays = calendar:date_to_gregorian_days(CurrentDate),
-    CurrentDays > ValidDays - 30.
+    CurrentDays > ValidDays - Days.
 
 
 
@@ -378,20 +380,26 @@ format_certificate(DataCert, Verbose) ->
 format_certificate_plain(DomainName, NotAfter, Path) ->
     Result = lists:flatten(io_lib:format(
 			     "  Domain: ~s~n" 
-			     "    Valid until: ~s UTC~n" 
+			     "    ~s~n" 
 			     "    Path: ~s", 
-			     [DomainName, NotAfter, Path])),
+			     [DomainName, format_validity(NotAfter), Path])),
     Result.
 
 -spec format_certificate_verbose(bitstring(), string(), bitstring()) -> string().
 format_certificate_verbose(DomainName, NotAfter, PemCert) ->
     Result = lists:flatten(io_lib:format(
 			     "  Domain: ~s~n" 
-			     "    Valid until: ~s UTC~n" 
+			     "    ~s~n" 
 			     "    Certificate In PEM format: ~n~s", 
-			     [DomainName, NotAfter, PemCert])),
+			     [DomainName, format_validity(NotAfter), PemCert])),
     Result.
 
+-spec format_validity({'expired' | 'ok', string()}) -> string().
+format_validity({expired, NotAfter}) ->
+    io_lib:format("Expired at: ~s UTC", [NotAfter]);
+format_validity({ok, NotAfter}) ->
+    io_lib:format("Valid until: ~s UTC", [NotAfter]).
+
 -spec fail_format_certificate(bitstring()) -> string().
 fail_format_certificate(DomainName) ->
     Result = lists:flatten(io_lib:format(
@@ -413,7 +421,7 @@ get_commonName(#'Certificate'{tbsCertificate = TbsCertificate}) ->
     %% TODO: Remove the length-encoding from the commonName before returning it
     CommonName.
 
--spec get_notAfter(#'Certificate'{}) -> string().
+-spec get_notAfter(#'Certificate'{}) -> {expired | ok, string()}.
 get_notAfter(Certificate) ->
     UtcTime = get_utc_validity(Certificate),
     %% TODO: Find a library function to decode utc time
@@ -426,7 +434,12 @@ get_notAfter(Certificate) ->
 					   [YEAR, [MO1,MO2], [D1,D2],
 					    [H1,H2], [MI1,MI2], [S1,S2]])), 
 
-    NotAfter.
+    case close_to_expire(UtcTime, 0) of
+	true ->
+	    {expired, NotAfter};
+	false ->
+	    {ok, NotAfter}
+    end.
 
 -spec get_utc_validity(#'Certificate'{}) -> string().
 get_utc_validity(#'Certificate'{tbsCertificate = TbsCertificate}) ->
author	Konstantinos Kallas <konstantinos.kallas@hotmail.com>	2017-08-11 13:28:17 +0300
committer	Konstantinos Kallas <konstantinos.kallas@hotmail.com>	2017-08-11 13:28:17 +0300
commit	7140c8d844468d2b6c0dbe6ae9cac8c7fa73672e (patch)
tree	4a1910b5ac5464020ee26192d1b8ac86626bd9df /src/ejabberd_acme.erl
parent	Renew certificate now renews all saved certificates that are close to expire (diff)