updated test/provider and added configurable life_span to CA.

1 files changed, 15 insertions, 8 deletions

diff --git a/lib/leap_cli/commands/ca.rb b/lib/leap_cli/commands/ca.rb
index ff24058..94a173c 100644
--- a/lib/leap_cli/commands/ca.rb
+++ b/lib/leap_cli/commands/ca.rb
@@ -11,6 +11,7 @@ module LeapCli; module Commands
       assert_files_missing! :ca_cert, :ca_key
       assert_config! 'provider.ca.name'
       assert_config! 'provider.ca.bit_size'
+      assert_config! 'provider.ca.life_span'
 
       provider = manager.provider
       root = CertificateAuthority::Certificate.new
@@ -25,10 +26,8 @@ module LeapCli; module Commands
       end
 
       # set expiration
-      years = 2
-      today = Date.today
-      root.not_before = Time.gm today.year, today.month, today.day
-      root.not_after = root.not_before + years * 60 * 60 * 24 * 365
+      root.not_before = today
+      root.not_after = years_from_today(provider.ca.life_span.to_i)
 
       # generate private key
       root.serial_number.number = 1
@@ -65,10 +64,8 @@ module LeapCli; module Commands
         cert.subject.common_name = node.domain.full
 
         # set expiration
-        years = provider.ca.server_certificates.life_span.to_i
-        today = Date.today
-        cert.not_before = Time.gm today.year, today.month, today.day
-        cert.not_after = cert.not_before + years * 60 * 60 * 24 * 365
+        cert.not_before = today
+        cert.not_after = years_from_today(provider.ca.server_certificates.life_span.to_i)
 
         # generate key
         cert.serial_number.number = cert_serial_number(node.domain.full)
@@ -162,4 +159,14 @@ module LeapCli; module Commands
     Digest::MD5.hexdigest("#{domain_name} -- #{Time.now}").to_i(16)
   end
 
+  def today
+    t = Time.now
+    Time.utc t.year, t.month, t.day
+  end
+
+  def years_from_today(num)
+    t = Time.now
+    Time.utc t.year + num, t.month, t.day
+  end
+
 end; end