Skip to content

Commit

Permalink
Replace make_time fcie to work after 2050
Browse files Browse the repository at this point in the history
By using ASN1_TIME_diff() instead of manually parsing the data, we make
globus_gsi_cert_utils_make_time() a lot simpler and also work for
ASN1_GENERALIZEDTIME and not just ASN1_UTCTIME (i.e. it can use ASN1_TIME).
ASN1_TIME_diff requires OpenSSL >= 1.0.2.
Also rework globus_gsi_cred_get_lifetime() to just use time(NULL) to get the
current UNIX timestamp which means it no longer needs
globus_gsi_cert_utils_make_time().
This fixes issue gridcf#208
  • Loading branch information
msalle committed Jan 17, 2023
1 parent 50fc40b commit a8a2cbb
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 87 deletions.
89 changes: 11 additions & 78 deletions gsi/cert_utils/source/library/globus_gsi_cert_utils.c
Original file line number Diff line number Diff line change
Expand Up @@ -171,109 +171,42 @@ globus_l_gsi_cert_utils_deactivate(void)
#endif

/**
* @brief Convert ASN1_UTCTIME to time_t
* @brief Convert ASN1_TIME to time_t
* @ingroup globus_gsi_cert_utils
* @details
* Convert a ASN1_UTCTIME structure to a time_t
* Convert a ASN1_TIME structure to a time_t
*
* @param ctm
* The ASN1_UTCTIME to convert
* The ASN1_TIME to convert
* @param newtime
* The converted time
*
* @return
* GLOBUS_SUCCESS or an error captured in a globus_result_t
* GLOBUS_SUCCESS or GLOBUS_FAILURE on error
*/
globus_result_t
globus_gsi_cert_utils_make_time(
const ASN1_UTCTIME * ctm,
const ASN1_TIME * ctm,
time_t * newtime)
{
char * str;
time_t offset;
char buff1[24];
char * p;
int i;
struct tm tm;
int pday, psec;
globus_result_t result;
static char * _function_name_ =
"globus_gsi_cert_utils_make_time";

GLOBUS_I_GSI_CERT_UTILS_DEBUG_ENTER;

p = buff1;
i = ctm->length;
str = (char *)ctm->data;
if ((i < 11) || (i > 17))
{
*newtime = 0;
}
memcpy(p,str,10);
p += 10;
str += 10;

if ((*str == 'Z') || (*str == '-') || (*str == '+'))
if (ASN1_TIME_diff(&pday, &psec, NULL, ctm))
{
*(p++)='0'; *(p++)='0';
*newtime = time(NULL)+pday*86400L+psec;
result = GLOBUS_SUCCESS;
}
else
{
*(p++)= *(str++); *(p++)= *(str++);
}
*(p++)='Z';
*(p++)='\0';

if (*str == 'Z')
{
offset=0;
}
else
{
if ((*str != '+') && (str[5] != '-'))
{
*newtime = 0;
}
offset=((str[1]-'0')*10+(str[2]-'0'))*60;
offset+=(str[3]-'0')*10+(str[4]-'0');
if (*str == '-')
{
offset=-offset;
}
}

tm.tm_isdst = 0;
tm.tm_year = (buff1[0]-'0')*10+(buff1[1]-'0');

if (tm.tm_year < 70)
{
tm.tm_year+=100;
*newtime = 0;
result = GLOBUS_FAILURE;
}

tm.tm_mon = (buff1[2]-'0')*10+(buff1[3]-'0')-1;
tm.tm_mday = (buff1[4]-'0')*10+(buff1[5]-'0');
tm.tm_hour = (buff1[6]-'0')*10+(buff1[7]-'0');
tm.tm_min = (buff1[8]-'0')*10+(buff1[9]-'0');
tm.tm_sec = (buff1[10]-'0')*10+(buff1[11]-'0');

/*
* mktime assumes local time, so subtract off
* timezone, which is seconds off of GMT. first
* we need to initialize it with tzset() however.
*/

tzset();

#if defined(HAVE_TIME_T_TIMEZONE)
*newtime = (mktime(&tm) + offset*60*60 - timezone);
#elif defined(HAVE_TIME_T__TIMEZONE)
*newtime = (mktime(&tm) + offset*60*60 - _timezone);
#elif defined(HAVE_TIMEGM)
*newtime = (timegm(&tm) + offset*60*60);
#else
*newtime = (mktime(&tm) + offset*60*60);
#endif

result = GLOBUS_SUCCESS;
GLOBUS_I_GSI_CERT_UTILS_DEBUG_EXIT;

return result;
Expand Down
2 changes: 1 addition & 1 deletion gsi/cert_utils/source/library/globus_gsi_cert_utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ globus_module_descriptor_t globus_i_gsi_cert_utils_module;

globus_result_t
globus_gsi_cert_utils_make_time(
const ASN1_UTCTIME * ctm,
const ASN1_TIME * ctm,
time_t * newtime);

globus_result_t
Expand Down
9 changes: 1 addition & 8 deletions gsi/credential/source/library/globus_gsi_cred_handle.c
Original file line number Diff line number Diff line change
Expand Up @@ -397,8 +397,6 @@ globus_gsi_cred_get_lifetime(
globus_gsi_cred_handle_t cred_handle,
time_t * lifetime)
{
time_t time_now;
ASN1_UTCTIME * asn1_time;
globus_result_t result;

GLOBUS_I_GSI_CRED_DEBUG_ENTER;
Expand All @@ -413,12 +411,7 @@ globus_gsi_cred_get_lifetime(
goto error_exit;
}

asn1_time = ASN1_UTCTIME_new();
X509_gmtime_adj(asn1_time, 0);
globus_gsi_cert_utils_make_time(asn1_time, &time_now);

*lifetime = cred_handle->goodtill - time_now;
ASN1_UTCTIME_free(asn1_time);
*lifetime = cred_handle->goodtill - time(NULL);

result = GLOBUS_SUCCESS;

Expand Down

0 comments on commit a8a2cbb

Please sign in to comment.