Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HSMTests.test_create after 2040-01-04 #173

Closed
bmwiedemann opened this issue Sep 16, 2024 · 4 comments
Closed

HSMTests.test_create after 2040-01-04 #173

bmwiedemann opened this issue Sep 16, 2024 · 4 comments

Comments

@bmwiedemann
Copy link

While working on reproducible builds for openSUSE (sponsored by the NLnet NGI0 fund), I found that
our python-endesive 2.17.2 package fails a test after 2040-01-04.

Background:
As part of my work on reproducible builds for openSUSE, I check that software still gives identical build results in the future.
The usual offset is +16 years, because that is how long I expect some software will be used in some places.
This showed up failing tests in our package build.

   =================================== FAILURES ===================================
    _____________________________ HSMTests.test_create _____________________________
 
    self = <tests.test_hsm.HSMTests testMethod=test_create>
 
        def test_create(self):
            cls = HSM(dllpath)
            cls.create("endesieve", "secret1", "secret2")
            cls.login("endesieve", "secret1")
            try:
    >           cls.main()
    
    tests/test_hsm.py:120:
    _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
    tests/test_hsm.py:50: in main
        self.ca_gen(label, cakeyID, 'hsm CA')
    endesive/hsm.py:298: in ca_gen
        der_bytes = self.certsign(1, pubKey, subject, until, privKey, True)
    endesive/hsm.py:192: in certsign
        "not_after": asn1x509.Time(
    /usr/lib/python3.10/site-packages/asn1crypto/core.py:1165: in __init__
        raise e
    /usr/lib/python3.10/site-packages/asn1crypto/core.py:1157: in __init__
        value = spec(value, **params)
    /usr/lib/python3.10/site-packages/asn1crypto/core.py:1677: in __init__
        raise e
    /usr/lib/python3.10/site-packages/asn1crypto/core.py:1669: in __init__
        self.set(value)
    _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

    self = <[TypeError("object of type 'NoneType' has no len()") raised in repr()] UTCTime object at 0x7f519a4af1c0>
    value = datetime.datetime(2050, 10, 17, 1, 26, 29, 413433, tzinfo=<asn1crypto.util._UtcWithDst object at 0x7f519b8668c0>)

        def set(self, value):
            """
            Sets the value of the object

            :param value:
                A unicode string or a datetime.datetime object

            :raises:
                ValueError - when an invalid value is passed
            """

            if isinstance(value, datetime):
                if not value.tzinfo:
                    raise ValueError('Must be timezone aware')

                # Convert value to UTC.
                value = value.astimezone(utc_with_dst)

                if not 1950 <= value.year <= 2049:
    >               raise ValueError('Year of the UTCTime is not in range [1950, 2049], use GeneralizedTime instead')
    E               ValueError: Year of the UTCTime is not in range [1950, 2049], use GeneralizedTime instead
    E                   while constructing asn1crypto.core.UTCTime
    E                   while constructing asn1crypto.x509.Time

    /usr/lib/python3.10/site-packages/asn1crypto/core.py:5018: ValueError
    =============================== warnings summary ===============================
    tests/test_email.py::EMAILTests::test_email_ssl_encrypt_cms
    tests/test_email.py::EMAILTests::test_email_ssl_encrypt_cms_oaep
      /home/abuild/rpmbuild/BUILD/endesive-2.17.2/endesive/email/decrypt.py:71: CryptographyDeprecationWarning: TripleDES has been moved to cryptography.hazmat.decrepit.ciphers.algorithms.TripleDES and will be removed from this module in 48.0.0.
        algorithms.TripleDES(udata),

    -- Docs: https://docs.pytest.org/en/stable/how-to/capture-warnings.html
    =========================== short test summary info ============================
    FAILED tests/test_hsm.py::HSMTests::test_create - ValueError: Year of the UTC...
    ============ 1 failed, 36 passed, 2 deselected, 2 warnings in 6.73s ============
@m32
Copy link
Owner

m32 commented Sep 16, 2024

I added a fix in hsm.py, please run your test on the current version from git

@bmwiedemann
Copy link
Author

I tested with commit 47f751a and it fixes the tests. That was fast. Thanks a lot.

@bmwiedemann
Copy link
Author

One hint, though: If this was my project, I would want nicer commit messages. E.g. read https://cbea.ms/git-commit/

Especially imagine reading that commit in 10y and wondering "Why?" (was this changed)

@m32
Copy link
Owner

m32 commented Sep 16, 2024

thx

@m32 m32 closed this as completed Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bmwiedemann @m32