From 6bbffaf075ec283b7068242a76b88c296bc1e8e7 Mon Sep 17 00:00:00 2001
From: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
Date: Mon, 29 Feb 2016 16:03:36 +0200
Subject: [PATCH] Sets the WinRM self signed start date in the past

This is needed in case of time sync issues when the certificate is
generated, as PowerShell remoting enforces a valid time validity even
for self signed certicates.

Change-Id: Ice963035e59660f4a6f52402832cd27551261129
Closes-Bug: #1551239
---
 cloudbaseinit/tests/utils/windows/test_x509.py | 8 +++++---
 cloudbaseinit/utils/windows/x509.py            | 6 ++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/cloudbaseinit/tests/utils/windows/test_x509.py b/cloudbaseinit/tests/utils/windows/test_x509.py
index fe759047..32830eb7 100644
--- a/cloudbaseinit/tests/utils/windows/test_x509.py
+++ b/cloudbaseinit/tests/utils/windows/test_x509.py
@@ -229,9 +229,11 @@ class CryptoAPICertManagerTests(unittest.TestCase):
                 six.text_type(self.x509.STORE_NAME_MY))
             mock_get_cert_thumprint.assert_called_once_with(
                 mock_CertCreateSelfSignCertificate())
-            mock_add_system_time_interval.assert_called_once_with(
-                mock_SYSTEMTIME.return_value, self.x509.X509_END_DATE_INTERVAL)
-
+            mock_add_system_time_interval.assert_has_calls(
+                [mock.call(mock_SYSTEMTIME.return_value,
+                           self.x509.X509_END_DATE_INTERVAL),
+                 mock.call(mock_SYSTEMTIME.return_value,
+                           self.x509.X509_START_DATE_INTERVAL)])
             mock_CertCloseStore.assert_called_once_with(store_handle, 0)
             mock_CertFreeCertificateContext.assert_called_once_with(
                 mock_CertCreateSelfSignCertificate())
diff --git a/cloudbaseinit/utils/windows/x509.py b/cloudbaseinit/utils/windows/x509.py
index a23f3eff..202614d0 100644
--- a/cloudbaseinit/utils/windows/x509.py
+++ b/cloudbaseinit/utils/windows/x509.py
@@ -35,6 +35,7 @@ STORE_NAME_MY = "My"
 STORE_NAME_ROOT = "Root"
 STORE_NAME_TRUSTED_PEOPLE = "TrustedPeople"
 
+X509_START_DATE_INTERVAL = -24 * 60 * 60 * 10000000
 X509_END_DATE_INTERVAL = 10 * 365 * 24 * 60 * 60 * 10000000
 
 
@@ -186,6 +187,11 @@ class CryptoAPICertManager(object):
             end_time = self._add_system_time_interval(
                 start_time, X509_END_DATE_INTERVAL)
 
+            # Needed in case of time sync issues as PowerShell remoting
+            # enforces a valid time interval even for self signed certificates
+            start_time = self._add_system_time_interval(
+                start_time, X509_START_DATE_INTERVAL)
+
             cert_context_p = cryptoapi.CertCreateSelfSignCertificate(
                 None, ctypes.byref(subject_blob), 0,
                 ctypes.byref(key_prov_info),