Improve cert dates display

2025-01-20 20:31:36 +01:00 · 2025-01-20 20:31:36 +01:00 · d8a63b8ee0
commit d8a63b8ee0
parent 5018f796c0
1 changed files with 76 additions and 28 deletions
--- a/step-ca-inspector.py
+++ b/step-ca-inspector.py
@ -4,10 +4,26 @@ import argparse
 import os
 import sys
 import yaml
+from datetime import datetime, timedelta, timezone
 from tabulate import tabulate
 from models import ssh_cert, x509_cert


+def delta_text(delta):
+    if delta < timedelta(days=-2):
+        return f"in {abs(delta.days)} days"
+    elif delta < timedelta(days=-1):
+        return f"in {abs(delta.days)} day"
+    elif delta < timedelta(days=0):
+        return "in less than a day"
+    elif delta < timedelta(days=1):
+        return "less than a day ago"
+    elif delta < timedelta(days=2):
+        return f"{delta.days} day ago"
+    else:
+        return f"{delta.days} days ago"
+
+
 def list_ssh_certs(sort_key, revoked=False, expired=False):
    cert_list = ssh_cert.list(sort_key=sort_key)
    cert_tbl = []
@ -27,16 +43,16 @@ def list_ssh_certs(sort_key, revoked=False, expired=False):
            principals = principals_list[:2] + [f"+{principals_count - 2} more"]
        cert_row["Principals"] = "\n".join(principals)

-        validity = []
-        validity.append(f"Not before: {cert.not_before}")
-        validity.append(f"Not after:  {cert.not_after}")
-        if cert.revoked_at is not None:
-            validity.append(f"Revoked at: {cert.revoked_at}")
-            validity.append(f"Valid for: {cert.revoked_at - cert.not_before}")
-        else:
-            validity.append(f"Valid for: {cert.not_after - cert.not_before}")
+        now_with_tz = datetime.utcnow().replace(
+            tzinfo=timezone(offset=timedelta()), microsecond=0
+        )

-        cert_row["Validity"] = "\n".join(validity)
+        if cert.revoked_at is not None:
+            delta = now_with_tz - cert.revoked_at
+        else:
+            delta = now_with_tz - cert.not_after
+
+        cert_row["Expires"] = delta_text(delta).capitalize()
        cert_row["Status"] = cert.status

        cert_tbl.append(cert_row)
@ -58,13 +74,28 @@ def get_ssh_cert(serial):
    cert_tbl.append(["Key ID", cert.key_id.decode()])
    principals = [x.decode() for x in cert.principals]
    cert_tbl.append(["Principals", "\n".join(principals)])
-    cert_tbl.append(["Not valid before", cert.not_before])
-    cert_tbl.append(["Not valid after", cert.not_after])
+
+    now_with_tz = datetime.utcnow().replace(
+        tzinfo=timezone(offset=timedelta()), microsecond=0
+    )
+
+    delta_after = now_with_tz - cert.not_after
+    delta_before = now_with_tz - cert.not_before
+
+    cert_tbl.append(
+        ["Not valid before", f"{cert.not_before} ({delta_text(delta_before)})"]
+    )
+    cert_tbl.append(
+        ["Not valid after", f"{cert.not_after} ({delta_text(delta_after)})"]
+    )
    if cert.revoked_at is not None:
-        cert_tbl.append(["Revoked at", cert.revoked_at])
-        cert_tbl.append(["Valid for", cert.revoked_at - cert.not_before])
+        delta_revoked = now_with_tz - cert.revoked_at
+        cert_tbl.append(
+            ["Revoked at", f"{cert.revoked_at} ({delta_text(delta_revoked)})"]
+        )
+        cert_tbl.append(["Valid for", f"{delta_revoked.days} days"])
    else:
-        cert_tbl.append(["Valid for", cert.not_after - cert.not_before])
+        cert_tbl.append(["Valid for", f"{abs(delta_after.days)} days"])
    extensions = [x.decode() for x in cert.extensions]
    cert_tbl.append(["Extensions", "\n".join(extensions)])
    # cert_tbl.append(["Signing key", cert.signing_key.decode()])
@ -99,16 +130,17 @@ def list_x509_certs(sort_key, revoked=False, expired=False):
        cert_row["Provisioner"] = (
            f"{cert.provisioner['name']} ({cert.provisioner['type']})"
        )
-        validity = []
-        validity.append(f"Not before: {cert.not_before}")
-        validity.append(f"Not after:  {cert.not_after}")
-        if cert.revoked_at is not None:
-            validity.append(f"Revoked at: {cert.revoked_at}")
-            validity.append(f"Valid for: {cert.revoked_at - cert.not_before}")
-        else:
-            validity.append(f"Valid for: {cert.not_after - cert.not_before}")

-        cert_row["Validity"] = "\n".join(validity)
+        now_with_tz = datetime.utcnow().replace(
+            tzinfo=timezone(offset=timedelta()), microsecond=0
+        )
+
+        if cert.revoked_at is not None:
+            delta = now_with_tz - cert.revoked_at
+        else:
+            delta = now_with_tz - cert.not_after
+
+        cert_row["Expires"] = delta_text(delta).capitalize()
        cert_row["Status"] = cert.status

        cert_tbl.append(cert_row)
@ -129,13 +161,29 @@ def get_x509_cert(serial, show_cert=False, show_pubkey=False):
        ]
    )
    cert_tbl.append(["Issuer", cert.issuer])
-    cert_tbl.append(["Not valid before", cert.not_before])
-    cert_tbl.append(["Not valid after", cert.not_after])
+
+    now_with_tz = datetime.utcnow().replace(
+        tzinfo=timezone(offset=timedelta()), microsecond=0
+    )
+
+    delta_after = now_with_tz - cert.not_after
+    delta_before = now_with_tz - cert.not_before
+
+    cert_tbl.append(
+        ["Not valid before", f"{cert.not_before} ({delta_text(delta_before)})"]
+    )
+    cert_tbl.append(
+        ["Not valid after", f"{cert.not_after} ({delta_text(delta_after)})"]
+    )
    if cert.revoked_at is not None:
-        cert_tbl.append(["Revoked at", cert.revoked_at])
-        cert_tbl.append(["Valid for", cert.revoked_at - cert.not_before])
+        delta_revoked = now_with_tz - cert.revoked_at
+        cert_tbl.append(
+            ["Revoked at", f"{cert.revoked_at} ({delta_text(delta_revoked)})"]
+        )
+        cert_tbl.append(["Valid for", f"{delta_revoked.days} days"])
    else:
-        cert_tbl.append(["Valid for", cert.not_after - cert.not_before])
+        cert_tbl.append(["Valid for", f"{abs(delta_after.days)} days"])
+
    cert_tbl.append(
        ["Provisioner", f"{cert.provisioner['name']} ({cert.provisioner['type']})"]
    )