x/cloudbase-init
Code Issues Proposed changes

Sets the WinRM self signed start date in the past

Browse Source 
This is needed in case of time sync issues when the certificate is
generated, as PowerShell remoting enforces a valid time validity even
for self signed certicates.

Change-Id: Ice963035e59660f4a6f52402832cd27551261129
Closes-Bug: #1551239
This commit is contained in:
Alessandro Pilotti 2016-02-29 16:03:36 +02:00
parent 7bf618155a
commit 6bbffaf075
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cloudbaseinit/tests/utils/windows/test_x509.py
View File

@ -229,9 +229,11 @@ class CryptoAPICertManagerTests(unittest.TestCase):
six.text_type(self.x509.STORE_NAME_MY)) six.text_type(self.x509.STORE_NAME_MY))
mock_get_cert_thumprint.assert_called_once_with( mock_get_cert_thumprint.assert_called_once_with(
mock_CertCreateSelfSignCertificate()) mock_CertCreateSelfSignCertificate())
mock_add_system_time_interval.assert_called_once_with( mock_add_system_time_interval.assert_has_calls(
mock_SYSTEMTIME.return_value, self.x509.X509_END_DATE_INTERVAL) [mock.call(mock_SYSTEMTIME.return_value,
self.x509.X509_END_DATE_INTERVAL),
mock.call(mock_SYSTEMTIME.return_value,
self.x509.X509_START_DATE_INTERVAL)])
mock_CertCloseStore.assert_called_once_with(store_handle, 0) mock_CertCloseStore.assert_called_once_with(store_handle, 0)
mock_CertFreeCertificateContext.assert_called_once_with( mock_CertFreeCertificateContext.assert_called_once_with(
mock_CertCreateSelfSignCertificate()) mock_CertCreateSelfSignCertificate())

6
cloudbaseinit/utils/windows/x509.py
View File

@ -35,6 +35,7 @@ STORE_NAME_MY = "My"
STORE_NAME_ROOT = "Root" STORE_NAME_ROOT = "Root"
STORE_NAME_TRUSTED_PEOPLE = "TrustedPeople" STORE_NAME_TRUSTED_PEOPLE = "TrustedPeople"
X509_START_DATE_INTERVAL = -24 * 60 * 60 * 10000000
X509_END_DATE_INTERVAL = 10 * 365 * 24 * 60 * 60 * 10000000 X509_END_DATE_INTERVAL = 10 * 365 * 24 * 60 * 60 * 10000000
@ -186,6 +187,11 @@ class CryptoAPICertManager(object):
end_time = self._add_system_time_interval( end_time = self._add_system_time_interval(
start_time, X509_END_DATE_INTERVAL) start_time, X509_END_DATE_INTERVAL)
# Needed in case of time sync issues as PowerShell remoting
# enforces a valid time interval even for self signed certificates
start_time = self._add_system_time_interval(
start_time, X509_START_DATE_INTERVAL)
cert_context_p = cryptoapi.CertCreateSelfSignCertificate( cert_context_p = cryptoapi.CertCreateSelfSignCertificate(
None, ctypes.byref(subject_blob), 0, None, ctypes.byref(subject_blob), 0,
ctypes.byref(key_prov_info), ctypes.byref(key_prov_info),