From 0e9c41a286b49b5ce52abcf0e014668d0167bbae Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Mon, 7 Jul 2014 10:05:37 +0200
Subject: store expiry with cert fingerprints

We used to store the creation date but this way it's easier to query for non expired certs
---
 app/models/client_certificate.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/models/client_certificate.rb')

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index d5bb1e0..6b57985 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -25,7 +25,7 @@ class ClientCertificate
 
     # set expiration
     cert.not_before = last_month
-    cert.not_after = months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+    cert.not_after = expiry
 
     # generate key
     cert.serial_number.number = cert_serial_number
@@ -47,6 +47,10 @@ class ClientCertificate
     OpenSSL::Digest::SHA1.hexdigest(openssl_cert.to_der).scan(/../).join(':')
   end
 
+  def expiry
+    @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+  end
+
   private
 
   def openssl_cert
-- 
cgit v1.2.3


From bdd5060ccc13951524c171e2d3b81eeddec1625d Mon Sep 17 00:00:00 2001
From: Azul <azul@leap.se>
Date: Wed, 9 Jul 2014 22:53:05 +0200
Subject: fix tests and simplify time calculations

---
 app/models/client_certificate.rb | 30 ++++++++++--------------------
 1 file changed, 10 insertions(+), 20 deletions(-)

(limited to 'app/models/client_certificate.rb')

diff --git a/app/models/client_certificate.rb b/app/models/client_certificate.rb
index 6b57985..815801e 100644
--- a/app/models/client_certificate.rb
+++ b/app/models/client_certificate.rb
@@ -48,7 +48,7 @@ class ClientCertificate
   end
 
   def expiry
-    @expiry ||= months_from_yesterday(APP_CONFIG[:client_cert_lifespan])
+    @expiry ||= lifespan.months.from_now.utc.at_midnight
   end
 
   private
@@ -103,28 +103,18 @@ class ClientCertificate
     }
   end
 
-  ##
-  ## TIME HELPERS
-  ##
-  ## note: we use 'yesterday' instead of 'today', because times are in UTC, and some people on the planet
-  ## are behind UTC.
-  ##
-
-  def yesterday
-    t = Time.now - 24*60*60
-    Time.utc t.year, t.month, t.day
-  end
+  #
+  # TIME HELPERS
+  #
+  # We normalize timestamps at utc and midnight
+  # to reduce the fingerprinting possibilities.
+  #
 
   def last_month
-    t = Time.now - 24*60*60*30
-    Time.utc t.year, t.month, t.day
+    1.month.ago.utc.at_midnight
   end
 
-  def months_from_yesterday(num)
-    t = yesterday
-    date = Date.new t.year, t.month, t.day
-    date = date >> num # >> is months in the future operator
-    Time.utc date.year, date.month, date.day
+  def lifespan
+    APP_CONFIG[:client_cert_lifespan]
   end
-
 end
-- 
cgit v1.2.3