From 736fdd2bac0627c4cbd9980baefaf4e0b54aac65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Sun, 26 Oct 2025 23:11:41 +0100
Subject: [PATCH] paramiko ds

---
 certpusher.py | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/certpusher.py b/certpusher.py
index 1bf41d0..34c5ed9 100644
--- a/certpusher.py
+++ b/certpusher.py
@@ -11,7 +11,7 @@ import sys
 import os
 import ssl
 import socket
-from datetime import datetime
+from datetime import datetime, timezone
 from pathlib import Path
 from typing import Dict, Optional, Tuple
 import paramiko
@@ -45,7 +45,7 @@ class CertificateManager:
                 cert = x509.load_pem_x509_certificate(cert_data, default_backend())
                 logger.debug(f"Loaded certificate from {cert_path}")
                 logger.debug(f"Certificate subject: {cert.subject}")
-                logger.debug(f"Certificate expires: {cert.not_valid_after}")
+                logger.debug(f"Certificate expires: {cert.not_valid_after_utc}")
                 return cert
         except Exception as e:
             logger.error(f"Failed to load certificate from {cert_path}: {e}")
@@ -72,7 +72,7 @@ class CertificateManager:
                     der_cert = ssock.getpeercert(binary_form=True)
                     cert = x509.load_der_x509_certificate(der_cert, default_backend())
                     logger.debug(f"Retrieved certificate from {url}")
-                    logger.debug(f"Certificate expires: {cert.not_valid_after}")
+                    logger.debug(f"Certificate expires: {cert.not_valid_after_utc}")
                     return cert
         except Exception as e:
             logger.warning(f"Failed to retrieve certificate from {url}: {e}")
@@ -102,8 +102,12 @@ class CertificateManager:
         try:
             subject = cert.subject.rfc4514_string()
             issuer = cert.issuer.rfc4514_string()
-            valid_from = cert.not_valid_before
-            valid_to = cert.not_valid_after
+            valid_from = cert.not_valid_before_utc
+            valid_to = cert.not_valid_after_utc
+            
+            # Convert to naive datetime for comparison
+            now = datetime.now(timezone.utc)
+            days_left = (valid_to - now).days
             
             return f"""
 Certificate Info:
@@ -111,7 +115,7 @@ Certificate Info:
   Issuer: {issuer}
   Valid From: {valid_from}
   Valid To: {valid_to}
-  Days Until Expiry: {(valid_to - datetime.now()).days}
+  Days Until Expiry: {days_left}
 """
         except Exception as e:
             return f"Unable to extract certificate info: {e}"
@@ -136,13 +140,12 @@ class SSHManager:
             logger.debug(f"Connecting to {self.username}@{self.hostname}:{self.port}")
             logger.debug(f"Using SSH key: {self.key_path}")
             
-            # Try to load different key types
+            # Try to load different key types (DSS removed in paramiko 3.0+)
             private_key = None
             key_types = [
                 ('RSA', paramiko.RSAKey),
                 ('Ed25519', paramiko.Ed25519Key),
                 ('ECDSA', paramiko.ECDSAKey),
-                ('DSS', paramiko.DSSKey),
             ]
             
             for key_name, key_class in key_types: