diff options
| author | Artem Nosach (GitHub) <ANosach@luxoft.com> | 2016-07-18 15:44:59 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-07-18 15:44:59 +0300 |
| commit | 7022afea1eb8d146dd3cd40dbd187a011995f37e (patch) | |
| tree | e3d98438cf3cc1f69cd4e6d8635bfea6226cb7e4 | |
| parent | 3dc74d9071cdb44840a74bef8353109623b7923c (diff) | |
| parent | 1dfbc8dfda93c4a414a02cddc729a10a04fe504b (diff) | |
| download | sdl_core-7022afea1eb8d146dd3cd40dbd187a011995f37e.tar.gz | |
Merge pull request #696 from dev-gh/fix/Fixes_check_of_expired_certificate
Fixes check of certificate expiration
| -rw-r--r-- | src/components/include/utils/date_time.h | 1 | ||||
| -rw-r--r-- | src/components/security_manager/src/crypto_manager_impl.cc | 28 |
2 files changed, 22 insertions, 7 deletions
diff --git a/src/components/include/utils/date_time.h b/src/components/include/utils/date_time.h index 158ae8dcdd..f8f8e3d6ce 100644 --- a/src/components/include/utils/date_time.h +++ b/src/components/include/utils/date_time.h @@ -47,6 +47,7 @@ class DateTime { static const int32_t MILLISECONDS_IN_SECOND = 1000; static const int32_t MICROSECONDS_IN_MILLISECOND = 1000; static const int32_t NANOSECONDS_IN_MICROSECOND = 1000; + static const int32_t SECONDS_IN_HOUR = 3600; static const int32_t MICROSECONDS_IN_SECOND = MILLISECONDS_IN_SECOND * MICROSECONDS_IN_MILLISECOND; static const int32_t NANOSECONDS_IN_MILLISECOND = diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index c583798903..f44198953b 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -40,12 +40,14 @@ #include <fstream> #include <iostream> #include <stdio.h> +#include <ctime> #include "security_manager/security_manager.h" #include "utils/logger.h" #include "utils/atomic.h" #include "utils/macro.h" #include "utils/scope_guard.h" +#include "utils/date_time.h" #define TLS1_1_MINIMAL_VERSION 0x1000103fL #define CONST_SSL_METHOD_MINIMAL_VERSION 0x00909000L @@ -264,16 +266,28 @@ std::string CryptoManagerImpl::LastError() const { bool CryptoManagerImpl::IsCertificateUpdateRequired() const { LOG4CXX_AUTO_TRACE(logger_); - const time_t now = time(NULL); const time_t cert_date = mktime(&expiration_time_); + if (cert_date == -1) { + LOG4CXX_WARN(logger_, + "The certifiacte expiration time cannot be represented."); + return false; + } + const time_t now = time(NULL); const double seconds = difftime(cert_date, now); - LOG4CXX_DEBUG( - logger_, - "Certificate time: " << asctime(&expiration_time_) - << ". Host time: " << asctime(localtime(&now)) - << ". Seconds before expiration: " << seconds); - return seconds <= get_settings().update_before_hours(); + + LOG4CXX_DEBUG(logger_, + "Certificate expiration time: " << asctime(&expiration_time_)); + LOG4CXX_DEBUG(logger_, + "Host time: " << asctime(localtime(&now)) + << ". Seconds before expiration: " << seconds); + if (seconds < 0) { + LOG4CXX_WARN(logger_, "Certificate is already expired."); + return true; + } + + return seconds <= (get_settings().update_before_hours() * + date_time::DateTime::SECONDS_IN_HOUR); } const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { |