Inicio Explorar Axuda
Iniciar sesión
kennyh
/
emqx4.3
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

fix: obtain cert expiry epoch failed due to formated `generalTime`

JimMoen hai 1 ano
pai
ac77b8a131
achega
8c6cd69caa
Modificáronse 3 ficheiros con 12 adicións e 17 borrados
Unificar vista Mostrar estatísticas de Diff
  1. 1 1
      apps/emqx_prometheus/src/emqx_prometheus.app.src
  2. 10 16
      apps/emqx_prometheus/src/emqx_prometheus.erl
  3. 1 0
      changes/fix-13412.en.md

+ 1 - 1
apps/emqx_prometheus/src/emqx_prometheus.app.src
Ver ficheiro 

@@ -2,7 +2,7 @@
 
 {application, emqx_prometheus, [
 
 {application, emqx_prometheus, [
 
     {description, "Prometheus for EMQX"},
 
     {description, "Prometheus for EMQX"},
 
     % strict semver, bump manually!
 
     % strict semver, bump manually!
 
-    {vsn, "5.2.2"},
 
+    {vsn, "5.2.3"},
 
     {modules, []},
 
     {modules, []},
 
     {registered, [emqx_prometheus_sup]},
 
     {registered, [emqx_prometheus_sup]},
 
     {applications, [kernel, stdlib, prometheus, emqx, emqx_auth, emqx_resource, emqx_management]},
 
     {applications, [kernel, stdlib, prometheus, emqx, emqx_auth, emqx_resource, emqx_management]},

+ 10 - 16
apps/emqx_prometheus/src/emqx_prometheus.erl
Ver ficheiro 

@@ -944,9 +944,7 @@ cert_expiry_at_from_path(Path0) ->
 
                 [CertEntry | _] = public_key:pem_decode(PemBin),
 
                 [CertEntry | _] = public_key:pem_decode(PemBin),
 
                 Cert = public_key:pem_entry_decode(CertEntry),
 
                 Cert = public_key:pem_entry_decode(CertEntry),
 
                 %% TODO: Not fully tested for all certs type
 
                 %% TODO: Not fully tested for all certs type
 
-                {'utcTime', NotAfterUtc} =
 
-                    Cert#'Certificate'.'tbsCertificate'#'TBSCertificate'.validity#'Validity'.'notAfter',
 
-                utc_time_to_epoch(NotAfterUtc);
 
+                not_after_epoch(Cert);
 
             {error, Reason} ->
 
             {error, Reason} ->
 
                 ?SLOG(error, #{
 
                 ?SLOG(error, #{
 
                     msg => "read_cert_file_failed",
 
                     msg => "read_cert_file_failed",
 
@@ -969,21 +967,17 @@ cert_expiry_at_from_path(Path0) ->
 
             0
 
             0
 
     end.
 
     end.
 
 
 
-utc_time_to_epoch(UtcTime) ->
 
-    date_to_expiry_epoch(utc_time_to_datetime(UtcTime)).
 
-
 
-utc_time_to_datetime(Str) ->
 
-    {ok, [Year, Month, Day, Hour, Minute, Second], _} = io_lib:fread(
 
-        "~2d~2d~2d~2d~2d~2dZ", Str
 
-    ),
 
-    %% Always Assuming YY is in 2000
 
-    {{2000 + Year, Month, Day}, {Hour, Minute, Second}}.
 
-
 
 %% 62167219200 =:= calendar:datetime_to_gregorian_seconds({{1970, 1, 1}, {0, 0, 0}}).
 
 %% 62167219200 =:= calendar:datetime_to_gregorian_seconds({{1970, 1, 1}, {0, 0, 0}}).
 
 -define(EPOCH_START, 62167219200).
 
 -define(EPOCH_START, 62167219200).
 
--spec date_to_expiry_epoch(calendar:datetime()) -> Seconds :: non_neg_integer().
 
-date_to_expiry_epoch(DateTime) ->
 
-    calendar:datetime_to_gregorian_seconds(DateTime) - ?EPOCH_START.
 
+not_after_epoch(#'Certificate'{
 
+    'tbsCertificate' = #'TBSCertificate'{
 
+        validity =
 
+            #'Validity'{'notAfter' = NotAfter}
 
+    }
 
+}) ->
 
+    pubkey_cert:'time_str_2_gregorian_sec'(NotAfter) - ?EPOCH_START;
 
+not_after_epoch(_) ->
 
+    0.
 
 
 
 %%========================================
 
 %%========================================
 
 %% Mria
 
 %% Mria

+ 1 - 0
changes/fix-13412.en.md
Ver ficheiro 

@@ -0,0 +1 @@
 
+Fixed an issue in the Prometheus API where the certificate expiration time format incorrectly returned `0` due to the use of `generalTime`.