diff --git a/sros2/sros2/api/__init__.py b/sros2/sros2/api/__init__.py index fb098c14..20627005 100644 --- a/sros2/sros2/api/__init__.py +++ b/sros2/sros2/api/__init__.py @@ -440,17 +440,17 @@ def _build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''): else: extension = x509.BasicConstraints(ca=False, path_length=None) - now = datetime.datetime.now() + utcnow = datetime.datetime.utcnow() builder = x509.CertificateBuilder( ).issuer_name( issuer_name ).serial_number( x509.random_serial_number() ).not_valid_before( - now + utcnow ).not_valid_after( # TODO: This should not be hard-coded - now + datetime.timedelta(days=3650) + utcnow + datetime.timedelta(days=3650) ).public_key( private_key.public_key() ).subject_name( diff --git a/sros2/test/sros2/commands/security/verbs/test_create_key.py b/sros2/test/sros2/commands/security/verbs/test_create_key.py index d9f2e5c7..148c14dc 100644 --- a/sros2/test/sros2/commands/security/verbs/test_create_key.py +++ b/sros2/test/sros2/commands/security/verbs/test_create_key.py @@ -109,9 +109,9 @@ def test_cert_pem(node_keys_dir): assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) # Verify the cert is valid for the expected timespan - now = datetime.datetime.now() - assert _datetimes_are_close(cert.not_valid_before, now) - assert _datetimes_are_close(cert.not_valid_after, now + datetime.timedelta(days=3650)) + utcnow = datetime.datetime.utcnow() + assert _datetimes_are_close(cert.not_valid_before, utcnow) + assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650)) # Verify that the cert ensures this key cannot be used to sign others as a CA assert len(cert.extensions) == 1