[Engine-patches] Change in ovirt-engine[master]: pki: use utc dates when communicating with openssl

Thu, 04 Oct 2012 09:43:33 -0700 

Alon Bar-Lev has uploaded a new change for review.

Change subject: pki: use utc dates when communicating with openssl
......................................................................

pki: use utc dates when communicating with openssl

openssl has an issue with complex timezones, so better to feed it with
utc dates.

Change-Id: I446bd9cc712b345bcf267bf6f5cd23dfc9fdea97
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M backend/manager/conf/ca/installCA.sh
M backend/manager/conf/ca/installCA_dev.sh
M 
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
M packaging/fedora/setup/engine-setup.py
4 files changed, 12 insertions(+), 21 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/64/8364/1

diff --git a/backend/manager/conf/ca/installCA.sh 
b/backend/manager/conf/ca/installCA.sh
index 6d9ffbf..ff8dd6e 100755
--- a/backend/manager/conf/ca/installCA.sh
+++ b/backend/manager/conf/ca/installCA.sh
@@ -12,7 +12,7 @@
 }
 
 usage () {
-    DATE=`date --date "now -1 days" +"%y%m%d%H%M%S%z"`
+    DATE=`date --utc --date "now -1 days" +"%y%m%d%H%M%S%z"`
     echo "Usage:"
     echo "  $0 [Subject] [Country] [Organization] [Alias] [Password] [ANSI 
Start Date] [Working Directory] [CA Subject]"
     echo "e.g.:"
diff --git a/backend/manager/conf/ca/installCA_dev.sh 
b/backend/manager/conf/ca/installCA_dev.sh
index 4584c9c..9cbcbde 100755
--- a/backend/manager/conf/ca/installCA_dev.sh
+++ b/backend/manager/conf/ca/installCA_dev.sh
@@ -20,7 +20,7 @@
 # Developer mode
 PASS=NoSoup4U
 ALIAS=engine
-DATE=`date --date "now -1 days" +"%y%m%d%H%M%S%z"`
+DATE=`date --utc --date "now -1 days" +"%y%m%d%H%M%S%z"`
 SUBJECT=`hostname`
 export START_DIR=`pwd`
 COUNTRY=US
diff --git 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
index bf7d88a..edf0b24 100644
--- 
a/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
+++ 
b/backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/OpenSslCAWrapper.java
@@ -5,6 +5,7 @@
 import java.io.InputStreamReader;
 import java.text.SimpleDateFormat;
 import java.util.Calendar;
+import java.util.TimeZone;
 
 import org.ovirt.engine.core.common.config.Config;
 import org.ovirt.engine.core.common.config.ConfigValues;
@@ -132,12 +133,12 @@
         String baseDirectoryPath = Config.resolveCABasePath();
         String keystorePass = Config.<String> 
GetValue(ConfigValues.keystorePass);
         String lockfileName = Config.<String> 
GetValue(ConfigValues.SignLockFile);
-        Calendar today = Calendar.getInstance();
-        today.add(Calendar.DATE, -1);
+        Calendar yesterday = Calendar.getInstance();
+        yesterday.add(Calendar.DATE, -1);
         SimpleDateFormat format = new SimpleDateFormat("yyMMddHHmmssZ");
-        String yesterday = format.format(today.getTime());
+        format.setTimeZone(TimeZone.getTimeZone("UTC"));
         String[] command_array = { signRequestBatch, requestFileName, 
signedCertificateFileName, "" + days,
-                baseDirectoryPath, yesterday, keystorePass, lockfileName, "" + 
(signatureTimeout / 2) };
+                baseDirectoryPath, format.format(yesterday.getTime()), 
keystorePass, lockfileName, "" + (signatureTimeout / 2) };
         log.debug("Finished building command array for Sign Certificate 
request script");
         return command_array;
     }
diff --git a/packaging/fedora/setup/engine-setup.py 
b/packaging/fedora/setup/engine-setup.py
index e11330d..2a8ffd4 100755
--- a/packaging/fedora/setup/engine-setup.py
+++ b/packaging/fedora/setup/engine-setup.py
@@ -747,22 +747,12 @@
         if not os.path.exists(basedefs.FILE_CA_CRT_SRC):
             _updateCaCrtTemplate()
 
-            # time.timezone is in seconds
-            tzOffset = time.timezone / 3600
-            logging.debug("current timezone offset is %i", tzOffset)
-            if abs(tzOffset) > 12:
-                logging.debug("Timezone offset is bigger then 12, resizing to 
12")
-                tzOffset = 12
-
-            # Add "+" infront of the string
-            if tzOffset >= 0:
-                tzOffsetStr = "+%.2i00" % tzOffset
-            else:
-                tzOffsetStr = "%.2i00" % tzOffset
-
             # We create the CA with yesterday's starting date
-            yesterday = datetime.datetime.now() + datetime.timedelta(-1)
-            date = "%s%s" % (yesterday.strftime("%y%m%d%H%M%S"), tzOffsetStr)
+            date = (
+                datetime.datetime.utcnow() + datetime.timedelta(-1)
+            ).strftime(
+                "%y%m%d%H%M%S+0000"
+            )
             logging.debug("Date string is %s", date)
 
             # Add random string to certificate CN field


--
To view, visit http://gerrit.ovirt.org/8364
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I446bd9cc712b345bcf267bf6f5cd23dfc9fdea97
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to