Remove the explicit dependency on the time crate

5 years ago · b16b2e6b09
4 changed files with 9 additions and 10 deletions
--- a/acme_common/Cargo.toml
+++ b/acme_common/Cargo.toml
@ -22,7 +22,6 @@ log = "0.4"
 openssl = "0.10"
 serde_json = "1.0"
 syslog = "4.0"
-time = "0.1"
 toml = "0.5"
 x509-parser = "0.6"

--- a/acme_common/src/crypto/openssl_certificate.rs
+++ b/acme_common/src/crypto/openssl_certificate.rs
@ -8,6 +8,7 @@ use openssl::stack::Stack;
 use openssl::x509::extension::{BasicConstraints, SubjectAlternativeName};
 use openssl::x509::{X509Builder, X509Extension, X509NameBuilder, X509Req, X509ReqBuilder, X509};
 use std::collections::HashSet;
+use std::time::Duration;
 use x509_parser::parse_x509_der;

 const APP_ORG: &str = "ACMEd";
@ -65,10 +66,10 @@ impl X509Certificate {
        Ok((key_pair, cert))
    }

-    pub fn not_after(&self) -> Result<time::Tm, Error> {
+    pub fn expires_in(&self) -> Result<Duration, Error> {
        let raw_crt = self.inner_cert.to_der()?;
        let (_, crt) = parse_x509_der(&raw_crt).map_err(|_| Error::from("Invalid certificate."))?;
-        Ok(crt.tbs_certificate.validity.not_after)
+        crt.tbs_certificate.validity.time_to_expiration().ok_or(Error::from("Invalid certificate validity."))
    }

    pub fn subject_alt_names(&self) -> HashSet<String> {
--- a/acmed/Cargo.toml
+++ b/acmed/Cargo.toml
@ -22,7 +22,6 @@ nom = "5.0"
 openssl-sys = "0.9"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-time = "0.1"
 toml = "0.5"

 [build-dependencies]
--- a/acmed/src/certificate.rs
+++ b/acmed/src/certificate.rs
@ -8,7 +8,7 @@ use log::{debug, info, trace, warn};
 use std::collections::{HashMap, HashSet};
 use std::fmt;
 use std::sync::mpsc::SyncSender;
-use time::Duration;
+use std::time::Duration;

 #[derive(Clone, Debug)]
 pub enum Algorithm {
@ -102,12 +102,12 @@ impl Certificate {
    }

    fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> {
-        let not_after = cert.not_after()?;
-        self.debug(&format!("not after: {}", not_after.asctime()));
+        let expires_in = cert.expires_in()?;
+        self.debug(&format!("expires in {}s", expires_in.as_secs()));
        // TODO: allow a custom duration (using time-parse ?)
-        let renewal_time = not_after - Duration::weeks(3);
-        self.debug(&format!("renew on: {}", renewal_time.asctime()));
-        Ok(time::now_utc() > renewal_time)
+        // 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60)
+        let renewal_time = Duration::new(1814400, 0);
+        Ok(expires_in <= renewal_time)
    }

    fn has_missing_domains(&self, cert: &X509Certificate) -> bool {