core/homeassistant/components/cert_expiry/helper.py

"""Helper functions for the Cert Expiry platform."""
from datetime import datetime
import socket
import ssl

from .const import TIMEOUT
from .errors import (
    ConnectionRefused,
    ConnectionTimeout,
    ResolveFailed,
    ValidationFailure,
)


def get_cert(host, port):
    """Get the certificate for the host and port combination."""
    ctx = ssl.create_default_context()
    address = (host, port)
    with socket.create_connection(address, timeout=TIMEOUT) as sock:
        with ctx.wrap_socket(sock, server_hostname=address[0]) as ssock:
            # pylint disable: https://github.com/PyCQA/pylint/issues/3166
            cert = ssock.getpeercert()  # pylint: disable=no-member
            return cert


async def get_cert_time_to_expiry(hass, hostname, port):
    """Return the certificate's time to expiry in days."""
    try:
        cert = await hass.async_add_executor_job(get_cert, hostname, port)
    except socket.gaierror:
        raise ResolveFailed(f"Cannot resolve hostname: {hostname}")
    except socket.timeout:
        raise ConnectionTimeout(f"Connection timeout with server: {hostname}:{port}")
    except ConnectionRefusedError:
        raise ConnectionRefused(f"Connection refused by server: {hostname}:{port}")
    except ssl.CertificateError as err:
        raise ValidationFailure(err.verify_message)
    except ssl.SSLError as err:
        raise ValidationFailure(err.args[0])

    ts_seconds = ssl.cert_time_to_seconds(cert["notAfter"])
    timestamp = datetime.fromtimestamp(ts_seconds)
    expiry = timestamp - datetime.today()
    return expiry.days
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`"""Helper functions for the Cert Expiry platform."""`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`from datetime import datetime`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`import socket`
			`import ssl`

			`from .const import TIMEOUT`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`from .errors import (`
			`ConnectionRefused,`
			`ConnectionTimeout,`
			`ResolveFailed,`
			`ValidationFailure,`
			`)`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00

			`def get_cert(host, port):`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00			`"""Get the certificate for the host and port combination."""`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`ctx = ssl.create_default_context()`
			`address = (host, port)`
			`with socket.create_connection(address, timeout=TIMEOUT) as sock:`
			`with ctx.wrap_socket(sock, server_hostname=address[0]) as ssock:`
Upgrade pylint (#27279) * Upgrade pylint to 2.4.2 and astroid to 2.3.1 https://pylint.readthedocs.io/en/latest/whatsnew/2.4.html https://pylint.readthedocs.io/en/latest/whatsnew/changelog.html#what-s-new-in-pylint-2-4-1 https://pylint.readthedocs.io/en/latest/whatsnew/changelog.html#what-s-new-in-pylint-2-4-2 * unnecessary-comprehension fixes * invalid-name fixes * self-assigning-variable fixes * Re-enable not-an-iterable * used-before-assignment fix * invalid-overridden-method fixes * undefined-variable __class__ workarounds https://github.com/PyCQA/pylint/issues/3090 * no-member false positive disabling * Remove some no longer needed disables * using-constant-test fix * Disable import-outside-toplevel for now * Disable some apparent no-value-for-parameter false positives * invalid-overridden-method false positive disables https://github.com/PyCQA/pylint/issues/3150 * Fix unintentional Entity.force_update override in AfterShipSensor 2019-10-07 15:17:39 +00:00			`# pylint disable: https://github.com/PyCQA/pylint/issues/3166`
			`cert = ssock.getpeercert() # pylint: disable=no-member`
Enable cert_expiry config entries (#25624) * Enable cert_expiry config entries * add black * lint fixes * Rerun black * Black on json files is a bad idea * Work on comments * Forgot the lint * More comment work * Correctly set defaults * More comments * Add codeowner * Fix black * More comments implemented * Removed the catch * Add helper.py from cert_expiry to .coveragerc 2019-08-28 17:35:09 +00:00			`return cert`
Refactor Certificate Expiry Sensor (#32066) * Cert Expiry refactor * Unused parameter * Reduce delay * Deprecate 'name' config * Use config entry unique_id * Fix logic bugs found with tests * Rewrite tests to use config flow core interfaces, validate created sensors * Update strings * Minor consistency fix * Review fixes, complete test coverage * Move error handling to helper * Subclass exceptions * Better tests * Use first object reference * Fix docstring 2020-03-02 13:44:24 +00:00

			`async def get_cert_time_to_expiry(hass, hostname, port):`
			`"""Return the certificate's time to expiry in days."""`
			`try:`
			`cert = await hass.async_add_executor_job(get_cert, hostname, port)`
			`except socket.gaierror:`
			`raise ResolveFailed(f"Cannot resolve hostname: {hostname}")`
			`except socket.timeout:`
			`raise ConnectionTimeout(f"Connection timeout with server: {hostname}:{port}")`
			`except ConnectionRefusedError:`
			`raise ConnectionRefused(f"Connection refused by server: {hostname}:{port}")`
			`except ssl.CertificateError as err:`
			`raise ValidationFailure(err.verify_message)`
			`except ssl.SSLError as err:`
			`raise ValidationFailure(err.args[0])`

			`ts_seconds = ssl.cert_time_to_seconds(cert["notAfter"])`
			`timestamp = datetime.fromtimestamp(ts_seconds)`
			`expiry = timestamp - datetime.today()`
			`return expiry.days`