Mirror
/
acmed
mirror of https://github.com/breard-r/acmed.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove the explicit dependency on the time crate

pull/19/head
Rodolphe Breard 5 years ago
parent
a8cde157b6
commit
b16b2e6b09
4 changed files with 9 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      acme_common/Cargo.toml
  2. 5
      acme_common/src/crypto/openssl_certificate.rs
  3. 1
      acmed/Cargo.toml
  4. 12
      acmed/src/certificate.rs

1
acme_common/Cargo.toml
View File

@ -22,7 +22,6 @@ log = "0.4"
openssl = "0.10" openssl = "0.10"
serde_json = "1.0" serde_json = "1.0"
syslog = "4.0" syslog = "4.0"
time = "0.1"
toml = "0.5" toml = "0.5"
x509-parser = "0.6" x509-parser = "0.6"

5
acme_common/src/crypto/openssl_certificate.rs
View File

@ -8,6 +8,7 @@ use openssl::stack::Stack;
use openssl::x509::extension::{BasicConstraints, SubjectAlternativeName}; use openssl::x509::extension::{BasicConstraints, SubjectAlternativeName};
use openssl::x509::{X509Builder, X509Extension, X509NameBuilder, X509Req, X509ReqBuilder, X509}; use openssl::x509::{X509Builder, X509Extension, X509NameBuilder, X509Req, X509ReqBuilder, X509};
use std::collections::HashSet; use std::collections::HashSet;
use std::time::Duration;
use x509_parser::parse_x509_der; use x509_parser::parse_x509_der;
const APP_ORG: &str = "ACMEd"; const APP_ORG: &str = "ACMEd";
@ -65,10 +66,10 @@ impl X509Certificate {
Ok((key_pair, cert)) Ok((key_pair, cert))
} }
pub fn not_after(&self) -> Result<time::Tm, Error> {
pub fn expires_in(&self) -> Result<Duration, Error> {
let raw_crt = self.inner_cert.to_der()?; let raw_crt = self.inner_cert.to_der()?;
let (_, crt) = parse_x509_der(&raw_crt).map_err(|_| Error::from("Invalid certificate."))?; let (_, crt) = parse_x509_der(&raw_crt).map_err(|_| Error::from("Invalid certificate."))?;
Ok(crt.tbs_certificate.validity.not_after)
crt.tbs_certificate.validity.time_to_expiration().ok_or(Error::from("Invalid certificate validity."))
} }
pub fn subject_alt_names(&self) -> HashSet<String> { pub fn subject_alt_names(&self) -> HashSet<String> {

1
acmed/Cargo.toml
View File

@ -22,7 +22,6 @@ nom = "5.0"
openssl-sys = "0.9" openssl-sys = "0.9"
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0" serde_json = "1.0"
time = "0.1"
toml = "0.5" toml = "0.5"
[build-dependencies] [build-dependencies]

12
acmed/src/certificate.rs
View File

@ -8,7 +8,7 @@ use log::{debug, info, trace, warn};
use std::collections::{HashMap, HashSet}; use std::collections::{HashMap, HashSet};
use std::fmt; use std::fmt;
use std::sync::mpsc::SyncSender; use std::sync::mpsc::SyncSender;
use time::Duration;
use std::time::Duration;
#[derive(Clone, Debug)] #[derive(Clone, Debug)]
pub enum Algorithm { pub enum Algorithm {
@ -102,12 +102,12 @@ impl Certificate {
} }
fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> { fn is_expiring(&self, cert: &X509Certificate) -> Result<bool, Error> {
let not_after = cert.not_after()?;
self.debug(&format!("not after: {}", not_after.asctime()));
let expires_in = cert.expires_in()?;
self.debug(&format!("expires in {}s", expires_in.as_secs()));
// TODO: allow a custom duration (using time-parse ?) // TODO: allow a custom duration (using time-parse ?)
let renewal_time = not_after - Duration::weeks(3);
self.debug(&format!("renew on: {}", renewal_time.asctime()));
Ok(time::now_utc() > renewal_time)
// 1814400 is 3 weeks (3 * 7 * 24 * 60 * 60)
let renewal_time = Duration::new(1814400, 0);
Ok(expires_in <= renewal_time)
} }
fn has_missing_domains(&self, cert: &X509Certificate) -> bool { fn has_missing_domains(&self, cert: &X509Certificate) -> bool {

Write Preview
Loading…
Cancel
Save