Skip to content

Commit

Permalink
fix: NotAfter is not set when ValidFor is set (#9911)
Browse files Browse the repository at this point in the history
Signed-off-by: yongguangl <[email protected]>
  • Loading branch information
yongguangl authored Jul 11, 2022
1 parent 10324a6 commit 19e9de3
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
2 changes: 2 additions & 0 deletions util/tls/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,8 @@ func generate(opts CertOptions) ([]byte, crypto.PrivateKey, error) {
var validFor time.Duration
if opts.ValidFor == 0 {
validFor = 365 * 24 * time.Hour
} else {
validFor = opts.ValidFor
}
notAfter := notBefore.Add(validFor)

Expand Down
15 changes: 15 additions & 0 deletions util/tls/tls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -252,6 +252,21 @@ func TestGenerate(t *testing.T) {
assert.NotNil(t, cert)
assert.GreaterOrEqual(t, (time.Now().Unix())+int64(1*time.Hour), cert.NotBefore.Unix())
})

for _, year := range []int{1, 2, 3, 10} {
t.Run(fmt.Sprintf("Create certificate with specified ValidFor %d year", year), func(t *testing.T) {
validFrom, validFor := time.Now(), 365*24*time.Hour*time.Duration(year)
opts := CertOptions{Hosts: []string{"localhost"}, Organization: "Acme", ValidFrom: validFrom, ValidFor: validFor}
certBytes, privKey, err := generate(opts)
assert.NoError(t, err)
assert.NotNil(t, privKey)
cert, err := x509.ParseCertificate(certBytes)
assert.NoError(t, err)
assert.NotNil(t, cert)
t.Logf("certificate expiration time %s", cert.NotAfter)
assert.Equal(t, validFrom.Unix()+int64(validFor.Seconds()), cert.NotAfter.Unix())
})
}
}

func TestGeneratePEM(t *testing.T) {
Expand Down

0 comments on commit 19e9de3

Please sign in to comment.