call utcparse before exiting get_expiration istead of calling it when timestamp is...

[sfa.git] / sfa / trust / credential.py

diff --git a/sfa/trust/credential.py b/sfa/trust/credential.py
index bed0780..e84b8c9 100644 (file)
--- a/sfa/trust/credential.py
+++ b/sfa/trust/credential.py
@@ -31,18 +31,19 @@
 \r
 import os\r
 import datetime\r
+from sfa.util.sfatime import utcparse\r
 from tempfile import mkstemp\r
 from xml.dom.minidom import Document, parseString\r
 from lxml import etree\r
 from dateutil.parser import parse\r
 from StringIO import StringIO\r
-\r
 from sfa.util.faults import *\r
 from sfa.util.sfalogging import logger\r
 from sfa.trust.certificate import Keypair\r
 from sfa.trust.credential_legacy import CredentialLegacy\r
 from sfa.trust.rights import Right, Rights\r
 from sfa.trust.gid import GID\r
+from sfa.util.xrn import urn_to_hrn\r
 \r
 # 2 weeks, in seconds \r
 DEFAULT_CREDENTIAL_LIFETIME = 86400 * 14\r
@@ -361,7 +362,7 @@ class Credential(object):
     def get_expiration(self):\r
         if not self.expiration:\r
             self.decode()\r
-        return self.expiration\r
+        return utcparse(self.expiration)\r
 \r
     ##\r
     # For legacy sake\r
@@ -759,7 +760,7 @@ class Credential(object):
             return True\r
         \r
         # make sure it is not expired\r
-        if self.get_expiration().replace(tzinfo=None) < datetime.datetime.utcnow():\r
+        if self.get_expiration() < datetime.datetime.utcnow():\r
             raise CredentialNotVerifiable("Credential expired at %s" % self.expiration.isoformat())\r
 \r
         # Verify the signatures\r