Commit a595a758 authored by Tanner Prestegard's avatar Tanner Prestegard

make certificate expiration check private

parent 6d3c4c03
......@@ -270,7 +270,9 @@ class GsiRest(object):
except ValueError:
raise RuntimeError('Error importing certificate')
def check_certificate_expiration(self):
def _check_certificate_expiration(self, reload_buffer=None):
if reload_buffer is None:
reload_buffer = self._reload_buffer
if (self.auth_type != 'x509'):
raise RuntimeError("Can't check certificate expiration for "
"non-X.509 authentication.")
......@@ -282,7 +284,7 @@ class GsiRest(object):
time_to_expire = \
(self.certificate.not_valid_after - datetime.datetime.utcnow())
expired = \
time_to_expire <= datetime.timedelta(seconds=self._reload_buffer)
time_to_expire <= datetime.timedelta(seconds=reload_buffer)
return expired
def set_up_connector(self, host, port, proxy_host, proxy_port):
......@@ -446,7 +448,7 @@ class GsiRest(object):
# certificate (upon expiration), check the certificate to see if it
# has expired
if (self.auth_type == 'x509' and self._reload_certificate):
cert_expired = self.check_certificate_expiration()
cert_expired = self._check_certificate_expiration()
if cert_expired:
self._load_certificate()
self.set_up_connector(
......
......@@ -50,7 +50,7 @@ def test_x509_cert_expiration(reload_buffer, x509_cert):
# Check if certificate is expired (should have 3600 second lifetime)
# compared to reload_buffer
expired = g.check_certificate_expiration()
expired = g._check_certificate_expiration()
if reload_buffer > 3600:
assert expired is True
else:
......@@ -74,7 +74,7 @@ def test_x509_cert_autoload_in_expiration_check():
# Try to check certificate expiration
err_str = "'GraceDb' object has no attribute 'certificate'"
with pytest.raises(AttributeError, match=err_str):
g.check_certificate_expiration()
g._check_certificate_expiration()
# Should have been two attempts to load the certificate:
# one in the constructor and one in the expiration check
......@@ -103,7 +103,7 @@ def test_check_certificate_with_auth_type_not_x509():
err_str = \
"Can't check certificate expiration for non-X.509 authentication."
with pytest.raises(RuntimeError, match=err_str):
g.check_certificate_expiration()
g._check_certificate_expiration()
# All possible combinations of True/False for the three variables
......@@ -121,7 +121,8 @@ def test_reloading_feature(force_noauth, reload_cert, cert_expired):
request_func = 'ligo.gracedb.rest.GraceDb.make_request'
response_func = 'ligo.gracedb.rest.GraceDb.get_response'
load_cert_func = 'ligo.gracedb.rest.GraceDb._load_certificate'
cert_expire_func = 'ligo.gracedb.rest.GraceDb.check_certificate_expiration'
cert_expire_func = \
'ligo.gracedb.rest.GraceDb._check_certificate_expiration'
with mock.patch(get_conn_func), \
mock.patch(request_func), \
mock.patch(adjust_response_func), \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment