Merge pull request #1 from philipkershaw/devel

Fixes to not before / not after cert times
philipkershaw · Nov 24, 2015 · e2c2818 · e2c2818
2 parents 10840ad + 6acf790
commit e2c2818
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 16 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+/ContrailCA.egg-info/
diff --git a/.pydevproject b/.pydevproject
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<?eclipse-pydev version="1.0"?>
-
-<pydev_project>
-<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">ca-py2.7</pydev_property>
+<?eclipse-pydev version="1.0"?><pydev_project>
+<pydev_property name="org.python.pydev.PYTHON_PROJECT_INTERPRETER">ndg-oauth-py2.7</pydev_property>
 <pydev_property name="org.python.pydev.PYTHON_PROJECT_VERSION">python 2.7</pydev_property>
 <pydev_pathproperty name="org.python.pydev.PROJECT_SOURCE_PATH">
 <path>/CertificateAuthority</path>

diff --git a/contrail/security/ca/impl.py b/contrail/security/ca/impl.py
@@ -54,7 +54,10 @@ def not_before_time_nsecs(self, value):
         if not isinstance(value, (long, int, basestring)):
             raise TypeError('Expecting int, long or string type for '
                             '"not_before_time_nsecs" got %r type' % type(value))
-        self.__not_before_time_nsecs = long(value)
+
+        # Nb. PyOpenSSL expects integer value for 
+        # OpenSSL.crypto.X509.gmtime_adj_notAfter
+        self.__not_before_time_nsecs = int(value)
 
     @property
     def not_after_time_nsecs(self):
@@ -66,7 +69,8 @@ def not_after_time_nsecs(self, value):
         if not isinstance(value, (long, int, basestring)):
             raise TypeError('Expecting int, long or string type for '
                             '"not_after_time_nsecs" got %r type' % type(value))
-        self.__not_after_time_nsecs = long(value)
+
+        self.__not_after_time_nsecs = int(value)
 
     @property
     def digest(self):

diff --git a/contrail/security/ca/test/ca.cfg b/contrail/security/ca/test/ca.cfg
@@ -10,3 +10,4 @@ cert_filepath = %(here)s/ca_config/myca.crt
 key_filepath = %(here)s/ca_config/myca.key
 key_passwd = ndgtestca
 min_key_nbits = 4096
+not_after_time_nsecs = 86400
diff --git a/contrail/security/ca/test/test_ca_impl.py b/contrail/security/ca/test/test_ca_impl.py
@@ -43,11 +43,12 @@ def test01_issue_fqdn_cert_with_subj_alt_names(self):
 
         not_before_nsecs = 0
         not_after_nsecs =  60*60*24*365*5
+
+        ca.not_before_time_nsecs = not_before_nsecs
+        ca.not_after_time_nsecs = not_after_nsecs 
 
         cert = ca.issue_certificate(
                       cert_req, 
-                      not_before_time_nsecs=not_before_nsecs, 
-                      not_after_time_nsecs=not_after_nsecs, 
                       subject_alt_name='DNS:localhost, DNS:localhost.domain')
 
 
@@ -69,14 +70,14 @@ def test02_check_ext(self):
                 ext_name = ext.get_short_name()
                 if ext_name == 'subjectAltName':
                     ext_dat = ext.get_data()
-                    print ext_dat
+                    print(ext_dat)
                     dec = decode(ext_dat, asn1Spec=GeneralNames())
-                    print dec
-                    print dec[0].prettyPrint()
+                    print(dec)
+                    print(dec[0].prettyPrint())
                     for i in range(len(dec[0])):
                         dns_name = str(
                                 dec[0].getComponentByPosition(i).getComponent())
-                        print dns_name
+                        print(dns_name)
 
     def test03_create_from_keywords(self):
         ca = CertificateAuthority.from_keywords(
@@ -106,17 +107,21 @@ def test05_create_from_config(self):
         self.assertIsInstance(ca.key, crypto.PKey, 
                               'ca.key is not an PKey instance')
 
+        self.assertEqual(ca.not_after_time_nsecs, 86400, 
+                         'Expecting not after time of 86400 seconds')
+
     def test06_issue_cert_with_custom_ext(self):
         key_pair, cert_req, ca = self.__class__._create_ca_and_cert_req()
 
         not_before_nsecs = 0
         not_after_nsecs =  60*60*24*365*5
 
+        ca.not_before_time_nsecs = not_before_nsecs
+        ca.not_after_time_nsecs = not_after_nsecs 
+
         cert = ca.issue_certificate(
-                      cert_req, 
-                      not_before_time_nsecs=not_before_nsecs, 
-                      not_after_time_nsecs=not_after_nsecs, 
-                      extensions=[('nsComment', 'my_cust_val', False)])
+                              cert_req, 
+                              extensions=[('nsComment', 'my_cust_val', False)])
 
         s_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, key_pair)
         open(path.join(THIS_DIR, 'my1.key'), 'w').write(s_key)