Sets the WinRM self signed start date in the past
This is needed in case of time sync issues when the certificate is generated, as PowerShell remoting enforces a valid time validity even for self signed certicates. Change-Id: Ice963035e59660f4a6f52402832cd27551261129 Closes-Bug: #1551239
This commit is contained in:
Alessandro Pilotti
parent
7bf618155a
commit
6bbffaf075
|
|
@ -229,9 +229,11 @@ class CryptoAPICertManagerTests(unittest.TestCase):
|
|||
six.text_type(self.x509.STORE_NAME_MY))
|
||||
mock_get_cert_thumprint.assert_called_once_with(
|
||||
mock_CertCreateSelfSignCertificate())
|
||||
mock_add_system_time_interval.assert_called_once_with(
|
||||
mock_SYSTEMTIME.return_value, self.x509.X509_END_DATE_INTERVAL)
|
||||
|
||||
mock_add_system_time_interval.assert_has_calls(
|
||||
[mock.call(mock_SYSTEMTIME.return_value,
|
||||
self.x509.X509_END_DATE_INTERVAL),
|
||||
mock.call(mock_SYSTEMTIME.return_value,
|
||||
self.x509.X509_START_DATE_INTERVAL)])
|
||||
mock_CertCloseStore.assert_called_once_with(store_handle, 0)
|
||||
mock_CertFreeCertificateContext.assert_called_once_with(
|
||||
mock_CertCreateSelfSignCertificate())
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ STORE_NAME_MY = "My"
|
|||
STORE_NAME_ROOT = "Root"
|
||||
STORE_NAME_TRUSTED_PEOPLE = "TrustedPeople"
|
||||
|
||||
X509_START_DATE_INTERVAL = -24 * 60 * 60 * 10000000
|
||||
X509_END_DATE_INTERVAL = 10 * 365 * 24 * 60 * 60 * 10000000
|
||||
|
||||
|
||||
|
|
@ -186,6 +187,11 @@ class CryptoAPICertManager(object):
|
|||
end_time = self._add_system_time_interval(
|
||||
start_time, X509_END_DATE_INTERVAL)
|
||||
|
||||
# Needed in case of time sync issues as PowerShell remoting
|
||||
# enforces a valid time interval even for self signed certificates
|
||||
start_time = self._add_system_time_interval(
|
||||
start_time, X509_START_DATE_INTERVAL)
|
||||
|
||||
cert_context_p = cryptoapi.CertCreateSelfSignCertificate(
|
||||
None, ctypes.byref(subject_blob), 0,
|
||||
ctypes.byref(key_prov_info),
|
||||
|
|
|
|||
Loading…
Reference in New Issue