diff options
author | elijah <elijah@riseup.net> | 2012-12-15 21:29:50 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2012-12-15 21:29:50 -0800 |
commit | 80cf73c6972b704a3374975195668af2db1ead11 (patch) | |
tree | 2d30ba5af41ca412bf0b91214454c23df01d22c3 /lib/leap_ca | |
parent | c37a35df81b2d6becc09f1820240db24c3ec632c (diff) |
fixed bugs with cert generation: use yesterday instead of today (for people in negative UTC time zones), certs now just use digitalSignature for keyUsage (removed keyAgreement)
Diffstat (limited to 'lib/leap_ca')
-rw-r--r-- | lib/leap_ca/cert.rb | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/lib/leap_ca/cert.rb b/lib/leap_ca/cert.rb index 9e4d8ef..639883f 100644 --- a/lib/leap_ca/cert.rb +++ b/lib/leap_ca/cert.rb @@ -41,9 +41,9 @@ module LeapCA cert.subject.common_name = random_common_name # set expiration - self.valid_until = months_from_today(Config.client_cert_lifespan) - cert.not_before = today - cert.not_after = self.valid_until + self.valid_until = months_from_yesterday(Config.client_cert_lifespan) + cert.not_before = yesterday + cert.not_after = self.valid_until # generate key cert.serial_number.number = cert_serial_number @@ -91,22 +91,12 @@ module LeapCA cert_serial_number.to_s(36) end - def today - t = Time.now - Time.utc t.year, t.month, t.day - end - - def months_from_today(num) - date = Date.today >> num # >> is months in the future operator - Time.utc date.year, date.month, date.day - end - def client_signing_profile { "digest" => Config.client_cert_hash, "extensions" => { "keyUsage" => { - "usage" => ["digitalSignature", "keyAgreement"] + "usage" => ["digitalSignature"] }, "extendedKeyUsage" => { "usage" => ["clientAuth"] @@ -115,5 +105,24 @@ module LeapCA } end + ## + ## TIME HELPERS + ## + ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet + ## are behind UTC. + ## + + def yesterday + t = Time.now - 24*24*60 + Time.utc t.year, t.month, t.day + end + + def months_from_yesterday(num) + t = yesterday + date = Date.new t.year, t.month, t.day + date = date >> num # >> is months in the future operator + Time.utc date.year, date.month, date.day + end + end end |