bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka
authorDavid Keeler <dkeeler@mozilla.com>
Wed, 15 Jul 2015 16:20:54 -0700
changeset 254564 eb0a49e8322aac5212c01dc0f67dde0b2552be63
parent 254563 deec8eb18346f28dae27e12a0a25c5077791006e
child 254565 4dd38d6866edcce430d4da4a8b0b03a985ecaff8
push id29108
push userryanvm@gmail.com
push dateMon, 27 Jul 2015 14:12:01 +0000
treeherdermozilla-central@27ae736ef960 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersCykesiopka
bugs1179660
milestone42.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1179660 - define 'now' as the first second of the current year for pycert r=Cykesiopka This is to avoid a dependency on the buildid so we don't have to regenerate all of the test certificate with every ./mach build. This can cause problems very near midnight on New Year's Eve. If this happens, kick off a new build and get back to the party.
security/manager/ssl/tests/unit/pycert.py
security/manager/ssl/tests/unit/test_cert_eku/generate.py
security/manager/ssl/tests/unit/test_cert_eku/moz.build
security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
security/manager/ssl/tests/unit/test_cert_trust/moz.build
security/manager/ssl/tests/unit/test_cert_version/moz.build
security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
security/manager/ssl/tests/unit/test_ocsp_url/moz.build
security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
--- a/security/manager/ssl/tests/unit/pycert.py
+++ b/security/manager/ssl/tests/unit/pycert.py
@@ -170,23 +170,25 @@ def datetimeToTime(dt):
     time = rfc2459.Time()
     time.setComponentByName('generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ')))
     return time
 
 class Certificate:
     """Utility class for reading a certificate specification and
     generating a signed x509 certificate"""
 
-    def __init__(self, paramStream, now=datetime.datetime.utcnow()):
+    def __init__(self, paramStream):
         self.versionValue = 2 # a value of 2 is X509v3
         self.signature = 'sha256WithRSAEncryption'
         self.issuer = 'Default Issuer'
-        oneYear = datetime.timedelta(days=365)
-        self.notBefore = now - oneYear
-        self.notAfter = now + oneYear
+        now = datetime.datetime.utcnow()
+        currentYear = datetime.datetime.strptime(str(now.year), '%Y')
+        aYearAndAWhile = datetime.timedelta(days=550)
+        self.notBefore = currentYear - aYearAndAWhile
+        self.notAfter = currentYear + aYearAndAWhile
         self.subject = 'Default Subject'
         self.signatureAlgorithm = 'sha256WithRSAEncryption'
         self.extensions = None
         self.subjectKey = pykey.RSAKey()
         self.issuerKey = pykey.RSAKey()
         self.decodeParams(paramStream)
         self.serialNumber = self.generateSerialNumber()
 
@@ -404,27 +406,29 @@ class Certificate:
         b64 = base64.b64encode(der)
         while b64:
             output += '\n' + b64[:64]
             b64 = b64[64:]
         output += '\n-----END CERTIFICATE-----'
         return output
 
 
-# The build harness will call this function with an output file-like
-# object, a path to a file containing a specification, and the path to
-# the directory containing the buildid file. This will read the
-# specification and output the certificate as PEM. The purpose of the
-# buildid file is to provide a single definition of 'now'. This is
-# particularly important when building on OS X, where we generate
-# everything twice for unified builds. During the unification step, if
-# any pair of input files differ, the build system throws an error.
-def main(output, inputPath, buildIDPath):
-    with open(buildIDPath) as buildidFile:
-        buildid = buildidFile.read().strip()
-    now = datetime.datetime.strptime(buildid, '%Y%m%d%H%M%S')
+# The build harness will call this function with an output
+# file-like object and a path to a file containing a
+# specification. This will read the specification and output
+# the certificate as PEM.
+# This utility tries as hard as possible to ensure that two
+# runs with the same input will have the same output. This is
+# particularly important when building on OS X, where we
+# generate everything twice for unified builds. During the
+# unification step, if any pair of input files differ, the build
+# system throws an error.
+# The one concrete failure mode is if one run happens before
+# midnight on New Year's Eve and the next run happens after
+# midnight.
+def main(output, inputPath):
     with open(inputPath) as configStream:
-        output.write(Certificate(configStream, now=now).toPEM())
+        output.write(Certificate(configStream).toPEM())
 
 # When run as a standalone program, this will read a specification from
 # stdin and output the certificate as PEM to stdout.
 if __name__ == '__main__':
     print Certificate(sys.stdin).toPEM()
--- a/security/manager/ssl/tests/unit/test_cert_eku/generate.py
+++ b/security/manager/ssl/tests/unit/test_cert_eku/generate.py
@@ -222,17 +222,17 @@ test_certificates = (
 
     MOZ_BUILD_FOOTER = """)
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_cert_eku += ['!%s' % test_certificate]
 """
 
     with open("moz.build", "w") as f:
         f.write(MOZ_BUILD_HEADER)
         for cert_filename in sorted(generated_cert_filenames):
             f.write("    '%s',\n" % cert_filename)
         f.write(MOZ_BUILD_FOOTER)
--- a/security/manager/ssl/tests/unit/test_cert_eku/moz.build
+++ b/security/manager/ssl/tests/unit/test_cert_eku/moz.build
@@ -561,10 +561,10 @@ test_certificates = (
     'int-EKU-TS.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_cert_eku += ['!%s' % test_certificate]
--- a/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
@@ -22,10 +22,10 @@ test_certificates = (
     'ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_cert_keyUsage += ['!%s' % test_certificate]
--- a/security/manager/ssl/tests/unit/test_cert_trust/moz.build
+++ b/security/manager/ssl/tests/unit/test_cert_trust/moz.build
@@ -10,10 +10,10 @@ test_certificates = (
     'int.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_cert_trust += ['!%s' % test_certificate]
--- a/security/manager/ssl/tests/unit/test_cert_version/moz.build
+++ b/security/manager/ssl/tests/unit/test_cert_version/moz.build
@@ -56,10 +56,10 @@ test_certificates = (
     'ss-v4-noBC.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_cert_version += ['!%s' % test_certificate]
--- a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
@@ -30,10 +30,10 @@ test_certificates = (
     'int-valid-ku-server-eku.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_intermediate_basic_usage_constraints += ['!%s' % test_certificate]
--- a/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
@@ -21,17 +21,17 @@ test_certificates = (
     'unknown-scheme.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_ocsp_url += ['!%s' % test_certificate]
 
 test_keys = (
     'int.key',
 )
 
 for test_key in test_keys:
     input_file = test_key + '.keyspec'
--- a/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
@@ -19,10 +19,10 @@ test_certificates = (
     'pinningroot.pem',
 )
 
 for test_certificate in test_certificates:
     input_file = test_certificate + '.certspec'
     GENERATED_FILES += [test_certificate]
     props = GENERATED_FILES[test_certificate]
     props.script = '../pycert.py'
-    props.inputs = [input_file, '!/config/buildid']
+    props.inputs = [input_file]
     TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.test_pinning_dynamic += ['!%s' % test_certificate]