aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli/commands/ca.rb23
1 files changed, 15 insertions, 8 deletions
diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index ff24058..94a173c 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -11,6 +11,7 @@ module LeapCli; module Commands
assert_files_missing! :ca_cert, :ca_key
assert_config! 'provider.ca.name'
assert_config! 'provider.ca.bit_size'
+ assert_config! 'provider.ca.life_span'
provider = manager.provider
root = CertificateAuthority::Certificate.new
@@ -25,10 +26,8 @@ module LeapCli; module Commands
end
# set expiration
- years = 2
- today = Date.today
- root.not_before = Time.gm today.year, today.month, today.day
- root.not_after = root.not_before + years * 60 * 60 * 24 * 365
+ root.not_before = today
+ root.not_after = years_from_today(provider.ca.life_span.to_i)
# generate private key
root.serial_number.number = 1
@@ -65,10 +64,8 @@ module LeapCli; module Commands
cert.subject.common_name = node.domain.full
# set expiration
- years = provider.ca.server_certificates.life_span.to_i
- today = Date.today
- cert.not_before = Time.gm today.year, today.month, today.day
- cert.not_after = cert.not_before + years * 60 * 60 * 24 * 365
+ cert.not_before = today
+ cert.not_after = years_from_today(provider.ca.server_certificates.life_span.to_i)
# generate key
cert.serial_number.number = cert_serial_number(node.domain.full)
@@ -162,4 +159,14 @@ module LeapCli; module Commands
Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16)
end
+ def today
+ t = Time.now
+ Time.utc t.year, t.month, t.day
+ end
+
+ def years_from_today(num)
+ t = Time.now
+ Time.utc t.year + num, t.month, t.day
+ end
+
end; end