From 905ff881d2a649a54bf6f1302f10e42a11809555 Mon Sep 17 00:00:00 2001 From: Andrey Oleynik Date: Thu, 14 Jul 2016 13:07:18 +0300 Subject: Fixes check of certificate expiration PoliciesManager must start a PolicyTable Update sequence IN CASE the current date is "24 hours prior to module's certificate expiration date". Relates-to: APPLINK-25256 --- .../security_manager/src/crypto_manager_impl.cc | 25 ++++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/src/components/security_manager/src/crypto_manager_impl.cc b/src/components/security_manager/src/crypto_manager_impl.cc index c583798903..f4551ab974 100644 --- a/src/components/security_manager/src/crypto_manager_impl.cc +++ b/src/components/security_manager/src/crypto_manager_impl.cc @@ -264,16 +264,27 @@ std::string CryptoManagerImpl::LastError() const { bool CryptoManagerImpl::IsCertificateUpdateRequired() const { LOG4CXX_AUTO_TRACE(logger_); - const time_t now = time(NULL); const time_t cert_date = mktime(&expiration_time_); + if (cert_date == -1) { + LOG4CXX_WARN(logger_, + "The certifiacte expiration time cannot be represented."); + return false; + } + const time_t now = time(NULL); const double seconds = difftime(cert_date, now); - LOG4CXX_DEBUG( - logger_, - "Certificate time: " << asctime(&expiration_time_) - << ". Host time: " << asctime(localtime(&now)) - << ". Seconds before expiration: " << seconds); - return seconds <= get_settings().update_before_hours(); + + LOG4CXX_DEBUG(logger_, "Certificate time: " << asctime(&expiration_time_)); + LOG4CXX_DEBUG(logger_, + "Host time: " << asctime(localtime(&now)) + << ". Seconds before expiration: " << seconds); + if (seconds < 0) { + LOG4CXX_DEBUG(logger_, "Certificate is expired already."); + return true; + } + + const uint16_t seconds_in_hour = 3600; + return seconds <= (get_settings().update_before_hours() * seconds_in_hour); } const CryptoManagerSettings& CryptoManagerImpl::get_settings() const { -- cgit v1.2.1