cert/cert.go - Issue 6858090: cert: fix expiry for non-UTC time zones

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: cert/cert.go

Issue 6858090: cert: fix expiry for non-UTC time zones

Patch Set: cert: fix expiry for non-UTC time zones Created 12 years, 4 months ago

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 package cert	1 package cert

2	2

3 import (	3 import (

4 "crypto/rand"	4 "crypto/rand"

5 "crypto/rsa"	5 "crypto/rsa"

6 "crypto/sha1"	6 "crypto/sha1"

7 "crypto/tls"	7 "crypto/tls"

8 "crypto/x509"	8 "crypto/x509"

9 "crypto/x509/pkix"	9 "crypto/x509/pkix"

10 "encoding/pem"	10 "encoding/pem"

(...skipping 73 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
84 now := time.Now()	84 now := time.Now()

85 template := &x509.Certificate{	85 template := &x509.Certificate{

86 SerialNumber: new(big.Int),	86 SerialNumber: new(big.Int),

87 Subject: pkix.Name{	87 Subject: pkix.Name{

88 // TODO quote the environment name when we start using	88 // TODO quote the environment name when we start using

89 // Go version 1.1. See Go issue 3791.	89 // Go version 1.1. See Go issue 3791.

90 CommonName: fmt.Sprintf("juju-generated CA for environ ment %s", envName),	90 CommonName: fmt.Sprintf("juju-generated CA for environ ment %s", envName),

91 Organization: []string{"juju"},	91 Organization: []string{"juju"},

92 },	92 },

93 NotBefore: now.UTC().Add(-5 * time.Minute),	93 NotBefore: now.UTC().Add(-5 * time.Minute),

94 » » NotAfter: expiry,	94 » » NotAfter: expiry.UTC(),

95 SubjectKeyId: bigIntHash(key.N),	95 SubjectKeyId: bigIntHash(key.N),

96 KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUs ageDigitalSignature \| x509.KeyUsageCertSign,	96 KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUs ageDigitalSignature \| x509.KeyUsageCertSign,

97 BasicConstraintsValid: true,	97 BasicConstraintsValid: true,

98 IsCA: true,	98 IsCA: true,

99 MaxPathLen: 0, // Disallow delegation for now.	99 MaxPathLen: 0, // Disallow delegation for now.

100 }	100 }

101 certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)	101 certDER, err := x509.CreateCertificate(rand.Reader, template, template, &key.PublicKey, key)

102 if err != nil {	102 if err != nil {

103 return nil, nil, fmt.Errorf("canot create certificate: %v", err)	103 return nil, nil, fmt.Errorf("canot create certificate: %v", err)

104 }	104 }

(...skipping 36 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
141 now := time.Now()	141 now := time.Now()

142 template := &x509.Certificate{	142 template := &x509.Certificate{

143 SerialNumber: new(big.Int),	143 SerialNumber: new(big.Int),

144 Subject: pkix.Name{	144 Subject: pkix.Name{

145 // This won't match host names with dots. The hostname	145 // This won't match host names with dots. The hostname

146 // is hardcoded when connecting to avoid the issue.	146 // is hardcoded when connecting to avoid the issue.

147 CommonName: "*",	147 CommonName: "*",

148 Organization: []string{"juju"},	148 Organization: []string{"juju"},

149 },	149 },

150 NotBefore: now.UTC().Add(-5 * time.Minute),	150 NotBefore: now.UTC().Add(-5 * time.Minute),

151 » » NotAfter: expiry,	151 » » NotAfter: expiry.UTC(),

152	152

153 SubjectKeyId: bigIntHash(key.N),	153 SubjectKeyId: bigIntHash(key.N),

154 KeyUsage: x509.KeyUsageDataEncipherment,	154 KeyUsage: x509.KeyUsageDataEncipherment,

155 }	155 }

156 certDER, err := x509.CreateCertificate(rand.Reader, template, caCert, &k ey.PublicKey, caKey)	156 certDER, err := x509.CreateCertificate(rand.Reader, template, caCert, &k ey.PublicKey, caKey)

157 if err != nil {	157 if err != nil {

158 return nil, nil, err	158 return nil, nil, err

159 }	159 }

160 certPEM = pem.EncodeToMemory(&pem.Block{	160 certPEM = pem.EncodeToMemory(&pem.Block{

161 Type: "CERTIFICATE",	161 Type: "CERTIFICATE",

162 Bytes: certDER,	162 Bytes: certDER,

163 })	163 })

164 keyPEM = pem.EncodeToMemory(&pem.Block{	164 keyPEM = pem.EncodeToMemory(&pem.Block{

165 Type: "RSA PRIVATE KEY",	165 Type: "RSA PRIVATE KEY",

166 Bytes: x509.MarshalPKCS1PrivateKey(key),	166 Bytes: x509.MarshalPKCS1PrivateKey(key),

167 })	167 })

168 return certPEM, keyPEM, nil	168 return certPEM, keyPEM, nil

169 }	169 }

170	170

171 func bigIntHash(n *big.Int) []byte {	171 func bigIntHash(n *big.Int) []byte {

172 h := sha1.New()	172 h := sha1.New()

173 h.Write(n.Bytes())	173 h.Write(n.Bytes())

174 return h.Sum(nil)	174 return h.Sum(nil)

175 }	175 }

OLD	NEW

« no previous file with comments | « [revision details] ('k') | cert/cert_test.go » ('j') | no next file with comments »