From 1b7e09b2f5f7be59877e1e76070eb398dc4fe07d Mon Sep 17 00:00:00 2001 From: Mikael Arguedas Date: Thu, 1 Aug 2019 02:42:25 +0200 Subject: [PATCH] fix certificate start date to work regardless of the timezone Otherwise it fails with 'RTI_Security_CertHelper_verifyCert:X509_verify_cert returned 0 with error 9: certificate is not yet valid' Signed-off-by: Mikael Arguedas --- sros2/sros2/api/__init__.py | 6 +++--- sros2/test/sros2/commands/security/verbs/test_create_key.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sros2/sros2/api/__init__.py b/sros2/sros2/api/__init__.py index fb098c14..20627005 100644 --- a/sros2/sros2/api/__init__.py +++ b/sros2/sros2/api/__init__.py @@ -440,17 +440,17 @@ def _build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''): else: extension = x509.BasicConstraints(ca=False, path_length=None) - now = datetime.datetime.now() + utcnow = datetime.datetime.utcnow() builder = x509.CertificateBuilder( ).issuer_name( issuer_name ).serial_number( x509.random_serial_number() ).not_valid_before( - now + utcnow ).not_valid_after( # TODO: This should not be hard-coded - now + datetime.timedelta(days=3650) + utcnow + datetime.timedelta(days=3650) ).public_key( private_key.public_key() ).subject_name( diff --git a/sros2/test/sros2/commands/security/verbs/test_create_key.py b/sros2/test/sros2/commands/security/verbs/test_create_key.py index d9f2e5c7..148c14dc 100644 --- a/sros2/test/sros2/commands/security/verbs/test_create_key.py +++ b/sros2/test/sros2/commands/security/verbs/test_create_key.py @@ -109,9 +109,9 @@ def test_cert_pem(node_keys_dir): assert isinstance(cert.signature_hash_algorithm, hashes.SHA256) # Verify the cert is valid for the expected timespan - now = datetime.datetime.now() - assert _datetimes_are_close(cert.not_valid_before, now) - assert _datetimes_are_close(cert.not_valid_after, now + datetime.timedelta(days=3650)) + utcnow = datetime.datetime.utcnow() + assert _datetimes_are_close(cert.not_valid_before, utcnow) + assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650)) # Verify that the cert ensures this key cannot be used to sign others as a CA assert len(cert.extensions) == 1