From 40b2b8a7d58d42d304f6ed235998fd99af9eb3e3 Mon Sep 17 00:00:00 2001 From: Mikael Arguedas Date: Wed, 6 May 2020 22:40:24 +0200 Subject: [PATCH 1/2] start valid date a day before to account for timezone mismatch Signed-off-by: Mikael Arguedas --- sros2/sros2/api/_utilities.py | 2 +- sros2/test/sros2/commands/security/verbs/test_create_key.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sros2/sros2/api/_utilities.py b/sros2/sros2/api/_utilities.py index 287ee1de..4a79da48 100644 --- a/sros2/sros2/api/_utilities.py +++ b/sros2/sros2/api/_utilities.py @@ -87,7 +87,7 @@ def build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''): ).serial_number( x509.random_serial_number() ).not_valid_before( - utcnow + utcnow - datetime.timedelta(days=1) ).not_valid_after( # TODO: This should not be hard-coded utcnow + datetime.timedelta(days=3650) diff --git a/sros2/test/sros2/commands/security/verbs/test_create_key.py b/sros2/test/sros2/commands/security/verbs/test_create_key.py index 7b96794e..8bb30b87 100644 --- a/sros2/test/sros2/commands/security/verbs/test_create_key.py +++ b/sros2/test/sros2/commands/security/verbs/test_create_key.py @@ -104,7 +104,7 @@ def test_cert_pem(enclave_keys_dir): # Verify the cert is valid for the expected timespan utcnow = datetime.datetime.utcnow() - assert _datetimes_are_close(cert.not_valid_before, utcnow) + assert _datetimes_are_close(cert.not_valid_before, utcnow - datetime.timedelta(days=1)) assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650)) # Verify that the cert ensures this key cannot be used to sign others as a CA From 71cac20535fe38cbd723c69d5c2a6dfe505e1245 Mon Sep 17 00:00:00 2001 From: Mikael Arguedas Date: Thu, 7 May 2020 20:08:50 +0200 Subject: [PATCH 2/2] add comment to justify the hack Signed-off-by: Mikael Arguedas --- sros2/sros2/api/_utilities.py | 3 +++ sros2/test/sros2/commands/security/verbs/test_create_key.py | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/sros2/sros2/api/_utilities.py b/sros2/sros2/api/_utilities.py index 4a79da48..0a0a5a82 100644 --- a/sros2/sros2/api/_utilities.py +++ b/sros2/sros2/api/_utilities.py @@ -87,6 +87,9 @@ def build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''): ).serial_number( x509.random_serial_number() ).not_valid_before( + # Using a day earlier here to prevent Connext (5.3.1) from complaining + # when extracting it from the permissions file and thinking it's in the future + # https://github.com/ros2/ci/pull/436#issuecomment-624874296 utcnow - datetime.timedelta(days=1) ).not_valid_after( # TODO: This should not be hard-coded diff --git a/sros2/test/sros2/commands/security/verbs/test_create_key.py b/sros2/test/sros2/commands/security/verbs/test_create_key.py index 8bb30b87..8b8ca506 100644 --- a/sros2/test/sros2/commands/security/verbs/test_create_key.py +++ b/sros2/test/sros2/commands/security/verbs/test_create_key.py @@ -104,6 +104,10 @@ def test_cert_pem(enclave_keys_dir): # Verify the cert is valid for the expected timespan utcnow = datetime.datetime.utcnow() + + # Using a day earlier here to prevent Connext (5.3.1) from complaining + # when extracting it from the permissions file and thinking it's in the future + # https://github.com/ros2/ci/pull/436#issuecomment-624874296 assert _datetimes_are_close(cert.not_valid_before, utcnow - datetime.timedelta(days=1)) assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650))