From 905ff881d2a649a54bf6f1302f10e42a11809555 Mon Sep 17 00:00:00 2001 From: Andrey Oleynik Date: Thu, 14 Jul 2016 13:07:18 +0300 Subject: Fixes check of certificate expiration PoliciesManager must start a PolicyTable Update sequence IN CASE the current date is "24 hours prior to module's certificate expiration date". Relates-to: APPLINK-25256 --- .../security_manager/src/crypto_manager_impl.cc | 25 ++++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index c583798903..f4551ab974 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -264,16 +264,27 @@ std::string CryptoManagerImpl::LastError() const { bool CryptoManagerImpl::IsCertificateUpdateRequired() const { LOG4CXX_AUTO_TRACE(logger_); - const time_t now = time(NULL); const time_t cert_date = mktime(&expiration_time_); + if (cert_date == -1) { + LOG4CXX_WARN(logger_, + "The certifiacte expiration time cannot be represented."); + return false; + } + const time_t now = time(NULL); const double seconds = difftime(cert_date, now); - LOG4CXX_DEBUG( - logger_, - "Certificate time: " << asctime(&expiration_time_) - << ". Host time: " << asctime(localtime(&now)) - << ". Seconds before expiration: " << seconds); - return seconds <= get_settings().update_before_hours(); + + LOG4CXX_DEBUG(logger_, "Certificate time: " << asctime(&expiration_time_)); + LOG4CXX_DEBUG(logger_, + "Host time: " << asctime(localtime(&now)) + << ". Seconds before expiration: " << seconds); + if (seconds < 0) { + LOG4CXX_DEBUG(logger_, "Certificate is expired already."); + return true; + } + + const uint16_t seconds_in_hour = 3600; + return seconds <= (get_settings().update_before_hours() * seconds_in_hour); } const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { -- cgit v1.2.1 From 1dfbc8dfda93c4a414a02cddc729a10a04fe504b Mon Sep 17 00:00:00 2001 From: Andrey Oleynik Date: Mon, 18 Jul 2016 12:34:32 +0300 Subject: Fixes includes and logs Relates-to: APPLINK-25256 --- src/components/include/utils/date_time.h | 1 + src/components/security_manager/src/crypto_manager_impl.cc | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/components/include/utils/date_time.h b/src/components/include/utils/date_time.h index 158ae8dcdd..f8f8e3d6ce 100644 --- a/src/components/include/utils/date_time.h +++ b/src/components/include/utils/date_time.h @@ -47,6 +47,7 @@ class DateTime { static const int32_t MILLISECONDS_IN_SECOND = 1000; static const int32_t MICROSECONDS_IN_MILLISECOND = 1000; static const int32_t NANOSECONDS_IN_MICROSECOND = 1000; + static const int32_t SECONDS_IN_HOUR = 3600; static const int32_t MICROSECONDS_IN_SECOND = MILLISECONDS_IN_SECOND * MICROSECONDS_IN_MILLISECOND; static const int32_t NANOSECONDS_IN_MILLISECOND = diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index f4551ab974..f44198953b 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -40,12 +40,14 @@ #include #include #include +#include #include "security_manager/security_manager.h" #include "utils/logger.h" #include "utils/atomic.h" #include "utils/macro.h" #include "utils/scope_guard.h" +#include "utils/date_time.h" #define TLS1_1_MINIMAL_VERSION 0x1000103fL #define CONST_SSL_METHOD_MINIMAL_VERSION 0x00909000L @@ -274,17 +276,18 @@ bool CryptoManagerImpl::IsCertificateUpdateRequired() const { const time_t now = time(NULL); const double seconds = difftime(cert_date, now); - LOG4CXX_DEBUG(logger_, "Certificate time: " << asctime(&expiration_time_)); + LOG4CXX_DEBUG(logger_, + "Certificate expiration time: " << asctime(&expiration_time_)); LOG4CXX_DEBUG(logger_, "Host time: " << asctime(localtime(&now)) << ". Seconds before expiration: " << seconds); if (seconds < 0) { - LOG4CXX_DEBUG(logger_, "Certificate is expired already."); + LOG4CXX_WARN(logger_, "Certificate is already expired."); return true; } - const uint16_t seconds_in_hour = 3600; - return seconds <= (get_settings().update_before_hours() * seconds_in_hour); + return seconds <= (get_settings().update_before_hours() * + date_time::DateTime::SECONDS_IN_HOUR); } const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { -- cgit v1.2.1