CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before (#2920)
* CertificateBuilder accepts aware datetimes for not_valid_after and not_valid_before
These functions now accept aware datetimes and convert them to UTC
* Added pytz to test requirements
* Correct pep8 error and improve Changelog wording
* Improve tests and clarify changelog message
* Trim Changelog line length
* Allow RevokedCertificateBuilder and CertificateRevocationListBuilder to accept aware datetimes
* Fix accidental changelog entry
diff --git a/tests/test_x509_revokedcertbuilder.py b/tests/test_x509_revokedcertbuilder.py
index bd64b60..e3a0650 100644
--- a/tests/test_x509_revokedcertbuilder.py
+++ b/tests/test_x509_revokedcertbuilder.py
@@ -8,6 +8,8 @@
import pytest
+import pytz
+
from cryptography import x509
from cryptography.hazmat.backends.interfaces import X509Backend
@@ -58,6 +60,22 @@
with pytest.raises(ValueError):
builder.serial_number(4)
+ @pytest.mark.requires_backend_interface(interface=X509Backend)
+ def test_aware_revocation_date(self, backend):
+ time = datetime.datetime(2012, 1, 16, 22, 43)
+ tz = pytz.timezone("US/Pacific")
+ time = tz.localize(time)
+ utc_time = datetime.datetime(2012, 1, 17, 6, 43)
+ serial_number = 333
+ builder = x509.RevokedCertificateBuilder().serial_number(
+ serial_number
+ ).revocation_date(
+ time
+ )
+
+ revoked_certificate = builder.build(backend)
+ assert revoked_certificate.revocation_date == utc_time
+
def test_revocation_date_invalid(self):
with pytest.raises(TypeError):
x509.RevokedCertificateBuilder().revocation_date("notadatetime")