core/homeassistant/components/cert_expiry/helper.py

"""Helper functions for the Cert Expiry platform."""
import socket
import ssl

from homeassistant.core import HomeAssistant
from homeassistant.util import dt

from .const import TIMEOUT
from .errors import (
    ConnectionRefused,
    ConnectionTimeout,
    ResolveFailed,
    ValidationFailure,
)


def get_cert(
    host: str,
    port: int,
):
    """Get the certificate for the host and port combination."""
    ctx = ssl.create_default_context()
    address = (host, port)
    with socket.create_connection(address, timeout=TIMEOUT) as sock:
        with ctx.wrap_socket(sock, server_hostname=address[0]) as ssock:
            cert = ssock.getpeercert()
            return cert


async def get_cert_expiry_timestamp(
    hass: HomeAssistant,
    hostname: str,
    port: int,
):
    """Return the certificate's expiration timestamp."""
    try:
        cert = await hass.async_add_executor_job(get_cert, hostname, port)
    except socket.gaierror as err:
        raise ResolveFailed(f"Cannot resolve hostname: {hostname}") from err
    except socket.timeout as err:
        raise ConnectionTimeout(
            f"Connection timeout with server: {hostname}:{port}"
        ) from err
    except ConnectionRefusedError as err:
        raise ConnectionRefused(
            f"Connection refused by server: {hostname}:{port}"
        ) from err
    except ssl.CertificateError as err:
        raise ValidationFailure(err.verify_message) from err
    except ssl.SSLError as err:
        raise ValidationFailure(err.args[0]) from err

    ts_seconds = ssl.cert_time_to_seconds(cert["notAfter"])
    return dt.utc_from_timestamp(ts_seconds)
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`"""Helper functions for the Cert Expiry platform."""`
			`import socket`
			`import ssl`

Add typings to Certificate Expiry integration (#75945) 2022-07-31 11:26:16 +00:00			`from homeassistant.core import HomeAssistant`
Add expiration timestamp to cert_expiry sensors (#36399) * Add expiration timestamp to cert_expiry sensors * Clear timestamp if cert becomes invalid * Use timezone-aware timestamps * Use DataUpdateCoordinator, split timestamp to separate sensor * Use UTC, simpler add/remove handling * Review fixes * Fix incomplete mock that fails in 3.8 * Use static timestamps, improve helper method name 2020-06-18 16:29:46 +00:00			`from homeassistant.util import dt`

Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`from .const import TIMEOUT`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`from .errors import (`
			`ConnectionRefused,`
			`ConnectionTimeout,`
			`ResolveFailed,`
			`ValidationFailure,`
			`)`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00

Add typings to Certificate Expiry integration (#75945) 2022-07-31 11:26:16 +00:00			`def get_cert(`
			`host: str,`
			`port: int,`
			`):`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`"""Get the certificate for the host and port combination."""`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`ctx = ssl.create_default_context()`
			`address = (host, port)`
			`with socket.create_connection(address, timeout=TIMEOUT) as sock:`
			`with ctx.wrap_socket(sock, server_hostname=address[0]) as ssock:`
Lint suppression cleanups (#47248) * Unused pylint suppression cleanups * Remove outdated pylint bug references * Add flake8-noqa config and note to run it every now and then * Add codes to noqa's * Unused noqa cleanups 2021-03-02 08:02:04 +00:00			`cert = ssock.getpeercert()`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`return cert`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00

Add typings to Certificate Expiry integration (#75945) 2022-07-31 11:26:16 +00:00			`async def get_cert_expiry_timestamp(`
			`hass: HomeAssistant,`
			`hostname: str,`
			`port: int,`
			`):`
Add expiration timestamp to cert_expiry sensors (#36399) * Add expiration timestamp to cert_expiry sensors * Clear timestamp if cert becomes invalid * Use timezone-aware timestamps * Use DataUpdateCoordinator, split timestamp to separate sensor * Use UTC, simpler add/remove handling * Review fixes * Fix incomplete mock that fails in 3.8 * Use static timestamps, improve helper method name 2020-06-18 16:29:46 +00:00			`"""Return the certificate's expiration timestamp."""`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`try:`
			`cert = await hass.async_add_executor_job(get_cert, hostname, port)`
Exception chaining and wrapping improvements (#39320) * Remove unnecessary exception re-wraps * Preserve exception chains on re-raise We slap "from cause" to almost all possible cases here. In some cases it could conceivably be better to do "from None" if we really want to hide the cause. However those should be in the minority, and "from cause" should be an improvement over the corresponding raise without a "from" in all cases anyway. The only case where we raise from None here is in plex, where the exception for an original invalid SSL cert is not the root cause for failure to validate a newly fetched one. Follow local convention on exception variable names if there is a consistent one, otherwise `err` to match with majority of codebase. * Fix mistaken re-wrap in homematicip_cloud/hap.py Missed the difference between HmipConnectionError and HmipcConnectionError. * Do not hide original error on plex new cert validation error Original is not the cause for the new one, but showing old in the traceback is useful nevertheless. 2020-08-28 11:50:32 +00:00			`except socket.gaierror as err:`
			`raise ResolveFailed(f"Cannot resolve hostname: {hostname}") from err`
			`except socket.timeout as err:`
			`raise ConnectionTimeout(`
			`f"Connection timeout with server: {hostname}:{port}"`
			`) from err`
			`except ConnectionRefusedError as err:`
			`raise ConnectionRefused(`
			`f"Connection refused by server: {hostname}:{port}"`
			`) from err`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`except ssl.CertificateError as err:`
Exception chaining and wrapping improvements (#39320) * Remove unnecessary exception re-wraps * Preserve exception chains on re-raise We slap "from cause" to almost all possible cases here. In some cases it could conceivably be better to do "from None" if we really want to hide the cause. However those should be in the minority, and "from cause" should be an improvement over the corresponding raise without a "from" in all cases anyway. The only case where we raise from None here is in plex, where the exception for an original invalid SSL cert is not the root cause for failure to validate a newly fetched one. Follow local convention on exception variable names if there is a consistent one, otherwise `err` to match with majority of codebase. * Fix mistaken re-wrap in homematicip_cloud/hap.py Missed the difference between HmipConnectionError and HmipcConnectionError. * Do not hide original error on plex new cert validation error Original is not the cause for the new one, but showing old in the traceback is useful nevertheless. 2020-08-28 11:50:32 +00:00			`raise ValidationFailure(err.verify_message) from err`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`except ssl.SSLError as err:`
Exception chaining and wrapping improvements (#39320) * Remove unnecessary exception re-wraps * Preserve exception chains on re-raise We slap "from cause" to almost all possible cases here. In some cases it could conceivably be better to do "from None" if we really want to hide the cause. However those should be in the minority, and "from cause" should be an improvement over the corresponding raise without a "from" in all cases anyway. The only case where we raise from None here is in plex, where the exception for an original invalid SSL cert is not the root cause for failure to validate a newly fetched one. Follow local convention on exception variable names if there is a consistent one, otherwise `err` to match with majority of codebase. * Fix mistaken re-wrap in homematicip_cloud/hap.py Missed the difference between HmipConnectionError and HmipcConnectionError. * Do not hide original error on plex new cert validation error Original is not the cause for the new one, but showing old in the traceback is useful nevertheless. 2020-08-28 11:50:32 +00:00			`raise ValidationFailure(err.args[0]) from err`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00
			`ts_seconds = ssl.cert_time_to_seconds(cert["notAfter"])`
Add expiration timestamp to cert_expiry sensors (#36399) * Add expiration timestamp to cert_expiry sensors * Clear timestamp if cert becomes invalid * Use timezone-aware timestamps * Use DataUpdateCoordinator, split timestamp to separate sensor * Use UTC, simpler add/remove handling * Review fixes * Fix incomplete mock that fails in 3.8 * Use static timestamps, improve helper method name 2020-06-18 16:29:46 +00:00			`return dt.utc_from_timestamp(ts_seconds)`