From 80cf73c6972b704a3374975195668af2db1ead11 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 15 Dec 2012 21:29:50 -0800 Subject: fixed bugs with cert generation: use yesterday instead of today (for people in negative UTC time zones), certs now just use digitalSignature for keyUsage (removed keyAgreement) --- lib/leap_ca/cert.rb | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'lib/leap_ca') diff --git a/lib/leap_ca/cert.rb b/lib/leap_ca/cert.rb index 9e4d8ef..639883f 100644 --- a/lib/leap_ca/cert.rb +++ b/lib/leap_ca/cert.rb @@ -41,9 +41,9 @@ module LeapCA cert.subject.common_name = random_common_name # set expiration - self.valid_until = months_from_today(Config.client_cert_lifespan) - cert.not_before = today - cert.not_after = self.valid_until + self.valid_until = months_from_yesterday(Config.client_cert_lifespan) + cert.not_before = yesterday + cert.not_after = self.valid_until # generate key cert.serial_number.number = cert_serial_number @@ -91,22 +91,12 @@ module LeapCA cert_serial_number.to_s(36) end - def today - t = Time.now - Time.utc t.year, t.month, t.day - end - - def months_from_today(num) - date = Date.today >> num # >> is months in the future operator - Time.utc date.year, date.month, date.day - end - def client_signing_profile { "digest" => Config.client_cert_hash, "extensions" => { "keyUsage" => { - "usage" => ["digitalSignature", "keyAgreement"] + "usage" => ["digitalSignature"] }, "extendedKeyUsage" => { "usage" => ["clientAuth"] @@ -115,5 +105,24 @@ module LeapCA } end + ## + ## TIME HELPERS + ## + ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet + ## are behind UTC. + ## + + def yesterday + t = Time.now - 24*24*60 + Time.utc t.year, t.month, t.day + end + + def months_from_yesterday(num) + t = yesterday + date = Date.new t.year, t.month, t.day + date = date >> num # >> is months in the future operator + Time.utc date.year, date.month, date.day + end + end end -- cgit v1.2.3