fix: obtain cert expiry epoch failed due to formated `generalTime`

2024-07-04 14:30:04 +08:00 · 2024-07-04 14:30:04 +08:00 · 8c6cd69caa
parent ac77b8a131
commit 8c6cd69caa
3 changed files with 12 additions and 17 deletions
--- a/apps/emqx_prometheus/src/emqx_prometheus.app.src
+++ b/apps/emqx_prometheus/src/emqx_prometheus.app.src
@ -2,7 +2,7 @@
 {application, emqx_prometheus, [
    {description, "Prometheus for EMQX"},
    % strict semver, bump manually!
-    {vsn, "5.2.2"},
+    {vsn, "5.2.3"},
    {modules, []},
    {registered, [emqx_prometheus_sup]},
    {applications, [kernel, stdlib, prometheus, emqx, emqx_auth, emqx_resource, emqx_management]},
--- a/apps/emqx_prometheus/src/emqx_prometheus.erl
+++ b/apps/emqx_prometheus/src/emqx_prometheus.erl
@ -944,9 +944,7 @@ cert_expiry_at_from_path(Path0) ->
                [CertEntry | _] = public_key:pem_decode(PemBin),
                Cert = public_key:pem_entry_decode(CertEntry),
                %% TODO: Not fully tested for all certs type
-                {'utcTime', NotAfterUtc} =
-                    Cert#'Certificate'.'tbsCertificate'#'TBSCertificate'.validity#'Validity'.'notAfter',
-                utc_time_to_epoch(NotAfterUtc);
+                not_after_epoch(Cert);
            {error, Reason} ->
                ?SLOG(error, #{
                    msg => "read_cert_file_failed",
@ -969,21 +967,17 @@ cert_expiry_at_from_path(Path0) ->
            0
    end.

-utc_time_to_epoch(UtcTime) ->
-    date_to_expiry_epoch(utc_time_to_datetime(UtcTime)).
-
-utc_time_to_datetime(Str) ->
-    {ok, [Year, Month, Day, Hour, Minute, Second], _} = io_lib:fread(
-        "~2d~2d~2d~2d~2d~2dZ", Str
-    ),
-    %% Always Assuming YY is in 2000
-    {{2000 + Year, Month, Day}, {Hour, Minute, Second}}.
-
 %% 62167219200 =:= calendar:datetime_to_gregorian_seconds({{1970, 1, 1}, {0, 0, 0}}).
 -define(EPOCH_START, 62167219200).
-spec date_to_expiry_epoch(calendar:datetime()) -> Seconds :: non_neg_integer().
-date_to_expiry_epoch(DateTime) ->
-    calendar:datetime_to_gregorian_seconds(DateTime) - ?EPOCH_START.
+not_after_epoch(#'Certificate'{
+    'tbsCertificate' = #'TBSCertificate'{
+        validity =
+            #'Validity'{'notAfter' = NotAfter}
+    }
+}) ->
+    pubkey_cert:'time_str_2_gregorian_sec'(NotAfter) - ?EPOCH_START;
+not_after_epoch(_) ->
+    0.

 %%========================================
 %% Mria
--- a/changes/fix-13412.en.md
+++ b/changes/fix-13412.en.md
@ -0,0 +1 @@
+Fixed an issue in the Prometheus API where the certificate expiration time format incorrectly returned `0` due to the use of `generalTime`.
				`@ -0,0 +1 @@`
				Fixed an issue in the Prometheus API where the certificate expiration time format incorrectly returned `0` due to the use of `generalTime`.