From b16b2e6b0985bf4585b8c1ae84f49e8a94689b64 Mon Sep 17 00:00:00 2001
From: Rodolphe Breard <rodolphe@what.tf>
Date: Wed, 11 Mar 2020 15:36:19 +0100
Subject: [PATCH] Remove the explicit dependency on the time crate

---
 acme_common/Cargo.toml                        |  1 -
 acme_common/src/crypto/openssl_certificate.rs |  5 +++--
 acmed/Cargo.toml                              |  1 -
 acmed/src/certificate.rs                      | 12 ++++++------
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/acme_common/Cargo.toml b/acme_common/Cargo.toml
index 2868034..f763abc 100644
--- a/acme_common/Cargo.toml
+++ b/acme_common/Cargo.toml
@@ -22,7 +22,6 @@ log = "0.4"
 openssl = "0.10"
 serde_json = "1.0"
 syslog = "4.0"
-time = "0.1"
 toml = "0.5"
 x509-parser = "0.6"
 
diff --git a/acme_common/src/crypto/openssl_certificate.rs b/acme_common/src/crypto/openssl_certificate.rs
index fe75ee0..3a74164 100644
--- a/acme_common/src/crypto/openssl_certificate.rs
+++ b/acme_common/src/crypto/openssl_certificate.rs
@@ -8,6 +8,7 @@ use openssl::stack::Stack;
 use openssl::x509::extension::{BasicConstraints, SubjectAlternativeName};
 use openssl::x509::{X509Builder, X509Extension, X509NameBuilder, X509Req, X509ReqBuilder, X509};
 use std::collections::HashSet;
+use std::time::Duration;
 use x509_parser::parse_x509_der;
 
 const APP_ORG: &str = "ACMEd";
@@ -65,10 +66,10 @@ impl X509Certificate {
         Ok((key_pair, cert))
     }
 
-    pub fn not_after(&self) -> Result<time::Tm, Error> {
+    pub fn expires_in(&self) -> Result<Duration, Error> {
         let raw_crt = self.inner_cert.to_der()?;
         let (_, crt) = parse_x509_der(&raw_crt).map_err(|_| Error::from("Invalid certificate."))?;
-        Ok(crt.tbs_certificate.validity.not_after)
+        crt.tbs_certificate.validity.time_to_expiration().ok_or(Error::from("Invalid certificate validity."))
     }
 
     pub fn subject_alt_names(&self) -> HashSet<String> {
diff --git a/acmed/Cargo.toml b/acmed/Cargo.toml
index a38e61c..2b5728f 100644
--- a/acmed/Cargo.toml
+++ b/acmed/Cargo.toml
@@ -22,7 +22,6 @@ nom = "5.0"
 openssl-sys = "0.9"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
-time = "0.1"
 toml = "0.5"
 
 [build-dependencies]
diff --git a/acmed/src/certificate.rs b/acmed/src/certificate.rs
index 6a67b13..9e2557f 100644
--- a/acmed/src/certificate.rs
+++ b/acmed/src/certificate.rs
@@ -8,7 +8,7 @@ use log::{debug, info, trace, warn};
 use std::collections::{HashMap, HashSet};
 use std::fmt;
 use std::sync::mpsc::SyncSender;
-use time::Duration;
+use std::time::Duration;
 
 #[derive(Clone, Debug)]
 pub enum Algorithm {
@@ -102,12 +102,12 @@ impl Certificate {
     }
 
     fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> {
-        let not_after = cert.not_after()?;
-        self.debug(&format!("not after: {}", not_after.asctime()));
+        let expires_in = cert.expires_in()?;
+        self.debug(&format!("expires in {}s", expires_in.as_secs()));
         // TODO: allow a custom duration (using time-parse ?)
-        let renewal_time = not_after - Duration::weeks(3);
-        self.debug(&format!("renew on: {}", renewal_time.asctime()));
-        Ok(time::now_utc() > renewal_time)
+        // 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60)
+        let renewal_time = Duration::new(1814400, 0);
+        Ok(expires_in <= renewal_time)
     }
 
     fn has_missing_domains(&self, cert: &X509Certificate) -> bool {