yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: obtain cert expiry epoch failed due to formated `generalTime`

This commit is contained in:
JimMoen 2024-07-04 14:30:04 +08:00
parent ac77b8a131
commit 8c6cd69caa
No known key found for this signature in database
3 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/emqx_prometheus/src/emqx_prometheus.app.src
View File

@ -2,7 +2,7 @@
{application, emqx_prometheus, [ {application, emqx_prometheus, [
{description, "Prometheus for EMQX"}, {description, "Prometheus for EMQX"},
% strict semver, bump manually! % strict semver, bump manually!
{vsn, "5.2.2"}, {vsn, "5.2.3"},
{modules, []}, {modules, []},
{registered, [emqx_prometheus_sup]}, {registered, [emqx_prometheus_sup]},
{applications, [kernel, stdlib, prometheus, emqx, emqx_auth, emqx_resource, emqx_management]}, {applications, [kernel, stdlib, prometheus, emqx, emqx_auth, emqx_resource, emqx_management]},

26
apps/emqx_prometheus/src/emqx_prometheus.erl
View File

@ -944,9 +944,7 @@ cert_expiry_at_from_path(Path0) ->
[CertEntry | _] = public_key:pem_decode(PemBin), [CertEntry | _] = public_key:pem_decode(PemBin),
Cert = public_key:pem_entry_decode(CertEntry), Cert = public_key:pem_entry_decode(CertEntry),
%% TODO: Not fully tested for all certs type %% TODO: Not fully tested for all certs type
{'utcTime', NotAfterUtc} = not_after_epoch(Cert);
Cert#'Certificate'.'tbsCertificate'#'TBSCertificate'.validity#'Validity'.'notAfter',
utc_time_to_epoch(NotAfterUtc);
{error, Reason} -> {error, Reason} ->
?SLOG(error, #{ ?SLOG(error, #{
msg => "read_cert_file_failed", msg => "read_cert_file_failed",
@ -969,21 +967,17 @@ cert_expiry_at_from_path(Path0) ->
0 0
end. end.
utc_time_to_epoch(UtcTime) ->
date_to_expiry_epoch(utc_time_to_datetime(UtcTime)).
utc_time_to_datetime(Str) ->
{ok, [Year, Month, Day, Hour, Minute, Second], _} = io_lib:fread(
"~2d~2d~2d~2d~2d~2dZ", Str
),
%% Always Assuming YY is in 2000
{{2000 + Year, Month, Day}, {Hour, Minute, Second}}.
%% 62167219200 =:= calendar:datetime_to_gregorian_seconds({{1970, 1, 1}, {0, 0, 0}}). %% 62167219200 =:= calendar:datetime_to_gregorian_seconds({{1970, 1, 1}, {0, 0, 0}}).
-define(EPOCH_START, 62167219200). -define(EPOCH_START, 62167219200).
-spec date_to_expiry_epoch(calendar:datetime()) -> Seconds :: non_neg_integer(). not_after_epoch(#'Certificate'{
date_to_expiry_epoch(DateTime) -> 'tbsCertificate' = #'TBSCertificate'{
calendar:datetime_to_gregorian_seconds(DateTime) - ?EPOCH_START. validity =
#'Validity'{'notAfter' = NotAfter}
}
}) ->
pubkey_cert:'time_str_2_gregorian_sec'(NotAfter) - ?EPOCH_START;
not_after_epoch(_) ->
0.
%%======================================== %%========================================
%% Mria %% Mria

1
changes/fix-13412.en.md Normal file
View File

@ -0,0 +1 @@
Fixed an issue in the Prometheus API where the certificate expiration time format incorrectly returned `0` due to the use of `generalTime`.