remove year 2038 check
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/49188 resolves
the year 2038 problem in BMCWeb. There's no need to check it in
cert-manager anymore. However, the current Cert interface can't take
certificate whose NotBefore is before the Unix Epoch given the
timestamp is uint64_t. So this change adds the check to return
errors in this case.
This change also fixed the existing issue of setting unix epoch.
TESTED: unit tests + QEMU
1. added a cert that's valid from 1970/01/01 to 9999/12/31 into
unit tests
2. tested the dbus properties in QEMU after installing the above
cert;
```
.ValidNotAfter property t 253402300799 emits-change writable
.ValidNotBefore property t 0 emits-change writable
```
This is expected.
Signed-off-by: Nan Zhou <nanzhoumails@gmail.com>
Change-Id: Idc6b7721fc84b6b9022467e6b0c9e1984f682912
diff --git a/certificate.hpp b/certificate.hpp
index 2a09e69..27ac488 100644
--- a/certificate.hpp
+++ b/certificate.hpp
@@ -120,16 +120,16 @@
private:
/**
- * @brief Return error if ceritificate expiry date is gt 2038
+ * @brief Return error if ceritificate NotBefore date is lt 1970
*
- * Parse the certificate and return error if certificate expiry date
- * is gt 2038.
+ * Parse the certificate and return error if certificate NotBefore date
+ * is lt 1970.
*
* @param[in] cert Reference to certificate object uploaded
*
* @return void
*/
- void validateCertificateExpiryDate(const X509_Ptr& cert);
+ void validateCertificateStartDate(const X509_Ptr& cert);
/**
* @brief Populate certificate properties by parsing given certificate file