Skip to content

Commit

Permalink
explicitly set the time zone to UTC everywhere
Browse files Browse the repository at this point in the history 
Signed-off-by: Mikael Arguedas <[email protected]>
  • Loading branch information
@mikaelarguedas
mikaelarguedas committed May 7, 2020
1 parent 7b498d9 commit 4946465
Show file tree
Hide file tree
Showing 9 changed files with 56 additions and 36 deletions.
16 changes: 14 additions & 2 deletions sros2/sros2/api/_permission.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

import datetime
import os

from lxml import etree
Expand Down Expand Up @@ -63,8 +64,19 @@ def create_permission_file(path, domain_id, policy_element):

cert_path = os.path.join(os.path.dirname(path), 'cert.pem')
cert_content = _utilities.load_cert(cert_path)
kwargs['not_valid_before'] = etree.XSLT.strparam(cert_content.not_valid_before.isoformat())
kwargs['not_valid_after'] = etree.XSLT.strparam(cert_content.not_valid_after.isoformat())

kwargs['not_valid_before'] = etree.XSLT.strparam(
datetime.datetime.combine(
cert_content.not_valid_before.date(),
cert_content.not_valid_before.time(),
datetime.timezone.utc
).isoformat())
kwargs['not_valid_after'] = etree.XSLT.strparam(
datetime.datetime.combine(
cert_content.not_valid_after.date(),
cert_content.not_valid_after.time(),
datetime.timezone.utc
).isoformat())

if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC:
kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1')
Expand Down
2 changes: 1 addition & 1 deletion sros2/sros2/api/_utilities.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ def build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''):
else:
extension = x509.BasicConstraints(ca=False, path_length=None)

utcnow = datetime.datetime.utcnow()
utcnow = datetime.datetime.now(datetime.timezone.utc)
builder = x509.CertificateBuilder(
).issuer_name(
issuer_name
Expand Down
4 changes: 2 additions & 2 deletions sros2/sros2/policy/templates/dds/permissions.xsl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
<xsl:output omit-xml-declaration="yes" indent="yes"/>
<xsl:strip-space elements="*"/>

<xsl:param name="not_valid_before" select="'2020-05-01T00:00:00'"/>
<xsl:param name="not_valid_after" select="'2030-05-01T00:00:00'"/>
<xsl:param name="not_valid_before" select="'2020-05-01T00:00:00+00:00'"/>
<xsl:param name="not_valid_after" select="'2030-05-01T00:00:00+00:00'"/>

<xsl:variable name="template_validity">
<validity>
Expand Down
8 changes: 4 additions & 4 deletions sros2/test/policies/permissions/add_two_ints/permissions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
<grant name="/add_two_ints/add_two_ints_server">
<subject_name>CN=/add_two_ints/add_two_ints_server</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -54,8 +54,8 @@
<grant name="/add_two_ints/add_two_ints_client">
<subject_name>CN=/add_two_ints/add_two_ints_client</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down
8 changes: 4 additions & 4 deletions sros2/test/policies/permissions/minimal_action/permissions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
<grant name="/minimal_action/minimal_action_server">
<subject_name>CN=/minimal_action/minimal_action_server</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -60,8 +60,8 @@
<grant name="/minimal_action/minimal_action_client">
<subject_name>CN=/minimal_action/minimal_action_client</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down
28 changes: 14 additions & 14 deletions sros2/test/policies/permissions/sample/permissions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
<grant name="/talker_listener/talker">
<subject_name>CN=/talker_listener/talker</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -53,8 +53,8 @@
<grant name="/talker_listener/listener">
<subject_name>CN=/talker_listener/listener</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -103,8 +103,8 @@
<grant name="/add_two_ints/add_two_ints_server">
<subject_name>CN=/add_two_ints/add_two_ints_server</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -154,8 +154,8 @@
<grant name="/add_two_ints/add_two_ints_client">
<subject_name>CN=/add_two_ints/add_two_ints_client</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -205,8 +205,8 @@
<grant name="/minimal_action/minimal_action_server">
<subject_name>CN=/minimal_action/minimal_action_server</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -262,8 +262,8 @@
<grant name="/minimal_action/minimal_action_client">
<subject_name>CN=/minimal_action/minimal_action_client</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -319,8 +319,8 @@
<grant name="/sample_policy/admin">
<subject_name>CN=/sample_policy/admin</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down
4 changes: 2 additions & 2 deletions sros2/test/policies/permissions/single_context/permissions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
<grant name="/single_enclave">
<subject_name>CN=/single_enclave</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down
8 changes: 4 additions & 4 deletions sros2/test/policies/permissions/talker_listener/permissions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
<grant name="/talker_listener/talker">
<subject_name>CN=/talker_listener/talker</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down Expand Up @@ -53,8 +53,8 @@
<grant name="/talker_listener/listener">
<subject_name>CN=/talker_listener/listener</subject_name>
<validity>
<not_before>2020-05-01T00:00:00</not_before>
<not_after>2030-05-01T00:00:00</not_after>
<not_before>2020-05-01T00:00:00+00:00</not_before>
<not_after>2030-05-01T00:00:00+00:00</not_after>
</validity>
<allow_rule>
<domains>
Expand Down
14 changes: 11 additions & 3 deletions sros2/test/sros2/commands/security/verbs/test_create_key.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,9 +103,17 @@ def test_cert_pem(enclave_keys_dir):
assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)

# Verify the cert is valid for the expected timespan
utcnow = datetime.datetime.utcnow()
assert _datetimes_are_close(cert.not_valid_before, utcnow)
assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650))
utcnow = datetime.datetime.now(datetime.timezone.utc)
tz_aware_not_valid_before = datetime.datetime.combine(
cert.not_valid_before.date(), cert.not_valid_before.time(),
datetime.timezone.utc
)
tz_aware_not_valid_after = datetime.datetime.combine(
cert.not_valid_after.date(), cert.not_valid_after.time(),
datetime.timezone.utc
)
assert _datetimes_are_close(tz_aware_not_valid_before, utcnow)
assert _datetimes_are_close(tz_aware_not_valid_after, utcnow + datetime.timedelta(days=3650))

# Verify that the cert ensures this key cannot be used to sign others as a CA
assert len(cert.extensions) == 1
Expand Down

0 comments on commit 4946465

Please sign in to comment.