From a8a2cbb5f5eb23e999b31bbe6756d9d4c4e55ef3 Mon Sep 17 00:00:00 2001
From: Mischa Salle <msalle@nikhef.nl>
Date: Tue, 17 Jan 2023 15:00:03 +0100
Subject: [PATCH 1/2] Replace make_time fcie to work after 2050

By using ASN1_TIME_diff() instead of manually parsing the data, we make
globus_gsi_cert_utils_make_time() a lot simpler and also work for
ASN1_GENERALIZEDTIME and not just ASN1_UTCTIME (i.e. it can use ASN1_TIME).
ASN1_TIME_diff requires OpenSSL >= 1.0.2.
Also rework globus_gsi_cred_get_lifetime() to just use time(NULL) to get the
current UNIX timestamp which means it no longer needs
globus_gsi_cert_utils_make_time().
This fixes issue #208
---
 .../source/library/globus_gsi_cert_utils.c    | 89 +++----------------
 .../source/library/globus_gsi_cert_utils.h    |  2 +-
 .../source/library/globus_gsi_cred_handle.c   |  9 +-
 3 files changed, 13 insertions(+), 87 deletions(-)

diff --git a/gsi/cert_utils/source/library/globus_gsi_cert_utils.c b/gsi/cert_utils/source/library/globus_gsi_cert_utils.c
index 409a6f3344..a898f54d89 100644
--- a/gsi/cert_utils/source/library/globus_gsi_cert_utils.c
+++ b/gsi/cert_utils/source/library/globus_gsi_cert_utils.c
@@ -171,109 +171,42 @@ globus_l_gsi_cert_utils_deactivate(void)
 #endif
 
 /**
- * @brief Convert ASN1_UTCTIME to time_t
+ * @brief Convert ASN1_TIME to time_t
  * @ingroup globus_gsi_cert_utils
  * @details
- * Convert a ASN1_UTCTIME structure to a time_t
+ * Convert a ASN1_TIME structure to a time_t
  *
  * @param ctm
- *        The ASN1_UTCTIME to convert
+ *        The ASN1_TIME to convert
  * @param newtime
  *        The converted time
  *
  * @return
- *        GLOBUS_SUCCESS or an error captured in a globus_result_t
+ *        GLOBUS_SUCCESS or GLOBUS_FAILURE on error
  */
 globus_result_t
 globus_gsi_cert_utils_make_time(
-    const ASN1_UTCTIME *                ctm,
+    const ASN1_TIME *                   ctm,
     time_t *                            newtime)
 {
-    char *                              str;
-    time_t                              offset;
-    char                                buff1[24];
-    char *                              p;
-    int                                 i;
-    struct tm                           tm;
+    int                                 pday, psec;
     globus_result_t                     result;
     static char *                       _function_name_ =
         "globus_gsi_cert_utils_make_time";
 
     GLOBUS_I_GSI_CERT_UTILS_DEBUG_ENTER;
 
-    p = buff1;
-    i = ctm->length;
-    str = (char *)ctm->data;
-    if ((i < 11) || (i > 17))
-    {
-        *newtime = 0;
-    }
-    memcpy(p,str,10);
-    p += 10;
-    str += 10;
-
-    if ((*str == 'Z') || (*str == '-') || (*str == '+'))
+    if (ASN1_TIME_diff(&pday, &psec, NULL, ctm))
     {
-        *(p++)='0'; *(p++)='0';
+        *newtime = time(NULL)+pday*86400L+psec;
+        result = GLOBUS_SUCCESS;
     }
     else
     {
-        *(p++)= *(str++); *(p++)= *(str++);
-    }
-    *(p++)='Z';
-    *(p++)='\0';
-
-    if (*str == 'Z')
-    {
-        offset=0;
-    }
-    else
-    {
-        if ((*str != '+') && (str[5] != '-'))
-        {
-            *newtime = 0;
-        }
-        offset=((str[1]-'0')*10+(str[2]-'0'))*60;
-        offset+=(str[3]-'0')*10+(str[4]-'0');
-        if (*str == '-')
-        {
-            offset=-offset;
-        }
-    }
-
-    tm.tm_isdst = 0;
-    tm.tm_year = (buff1[0]-'0')*10+(buff1[1]-'0');
-
-    if (tm.tm_year < 70)
-    {
-        tm.tm_year+=100;
+        *newtime = 0;
+        result = GLOBUS_FAILURE;
     }
-        
-    tm.tm_mon   = (buff1[2]-'0')*10+(buff1[3]-'0')-1;
-    tm.tm_mday  = (buff1[4]-'0')*10+(buff1[5]-'0');
-    tm.tm_hour  = (buff1[6]-'0')*10+(buff1[7]-'0');
-    tm.tm_min   = (buff1[8]-'0')*10+(buff1[9]-'0');
-    tm.tm_sec   = (buff1[10]-'0')*10+(buff1[11]-'0');
 
-    /*
-     * mktime assumes local time, so subtract off
-     * timezone, which is seconds off of GMT. first
-     * we need to initialize it with tzset() however.
-     */
-
-    tzset();
-
-#if defined(HAVE_TIME_T_TIMEZONE)
-    *newtime = (mktime(&tm) + offset*60*60 - timezone);
-#elif defined(HAVE_TIME_T__TIMEZONE)
-    *newtime = (mktime(&tm) + offset*60*60 - _timezone);
-#elif defined(HAVE_TIMEGM)
-    *newtime = (timegm(&tm) + offset*60*60);
-#else
-    *newtime = (mktime(&tm) + offset*60*60);
-#endif
-
-    result = GLOBUS_SUCCESS;
     GLOBUS_I_GSI_CERT_UTILS_DEBUG_EXIT;
 
     return result;
diff --git a/gsi/cert_utils/source/library/globus_gsi_cert_utils.h b/gsi/cert_utils/source/library/globus_gsi_cert_utils.h
index 92fd116fb6..28788c7461 100644
--- a/gsi/cert_utils/source/library/globus_gsi_cert_utils.h
+++ b/gsi/cert_utils/source/library/globus_gsi_cert_utils.h
@@ -130,7 +130,7 @@ globus_module_descriptor_t              globus_i_gsi_cert_utils_module;
 
 globus_result_t
 globus_gsi_cert_utils_make_time(
-    const ASN1_UTCTIME *                ctm,
+    const ASN1_TIME *                   ctm,
     time_t *                            newtime);
 
 globus_result_t
diff --git a/gsi/credential/source/library/globus_gsi_cred_handle.c b/gsi/credential/source/library/globus_gsi_cred_handle.c
index 6e05b94de2..81acd5b436 100644
--- a/gsi/credential/source/library/globus_gsi_cred_handle.c
+++ b/gsi/credential/source/library/globus_gsi_cred_handle.c
@@ -397,8 +397,6 @@ globus_gsi_cred_get_lifetime(
     globus_gsi_cred_handle_t            cred_handle,
     time_t *                            lifetime)
 {
-    time_t                              time_now;
-    ASN1_UTCTIME *                      asn1_time;
     globus_result_t                     result;
 
     GLOBUS_I_GSI_CRED_DEBUG_ENTER;
@@ -413,12 +411,7 @@ globus_gsi_cred_get_lifetime(
         goto error_exit;
     }
 
-    asn1_time = ASN1_UTCTIME_new();
-    X509_gmtime_adj(asn1_time, 0);
-    globus_gsi_cert_utils_make_time(asn1_time, &time_now);
-
-    *lifetime = cred_handle->goodtill - time_now;
-    ASN1_UTCTIME_free(asn1_time);
+    *lifetime = cred_handle->goodtill - time(NULL);
 
     result = GLOBUS_SUCCESS;
 

From 8950ef709a087a9de34eae5dd7433b94db339363 Mon Sep 17 00:00:00 2001
From: Mischa Salle <msalle@nikhef.nl>
Date: Thu, 19 Jan 2023 15:02:34 +0100
Subject: [PATCH 2/2] Bump versions of gsi-cert-utils and gsi-credential

---
 gsi/cert_utils/source/configure.ac                         | 2 +-
 gsi/credential/source/configure.ac                         | 2 +-
 packaging/debian/globus-gsi-cert-utils/debian/changelog.in | 6 ++++++
 packaging/debian/globus-gsi-credential/debian/changelog.in | 6 ++++++
 packaging/fedora/globus-gsi-cert-utils.spec                | 5 ++++-
 packaging/fedora/globus-gsi-credential.spec                | 5 ++++-
 6 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/gsi/cert_utils/source/configure.ac b/gsi/cert_utils/source/configure.ac
index d49eeca31c..9280827ee0 100644
--- a/gsi/cert_utils/source/configure.ac
+++ b/gsi/cert_utils/source/configure.ac
@@ -1,6 +1,6 @@
 AC_PREREQ([2.60])
 
-AC_INIT([globus_gsi_cert_utils], [10.10], [https://github.com/gridcf/gct/issues])
+AC_INIT([globus_gsi_cert_utils], [10.11], [https://github.com/gridcf/gct/issues])
 AC_CONFIG_MACRO_DIR([m4])
 AC_SUBST([MAJOR_VERSION], [${PACKAGE_VERSION%%.*}])
 AC_SUBST([MINOR_VERSION], [${PACKAGE_VERSION##*.}])
diff --git a/gsi/credential/source/configure.ac b/gsi/credential/source/configure.ac
index 7489679d33..788ab633fb 100644
--- a/gsi/credential/source/configure.ac
+++ b/gsi/credential/source/configure.ac
@@ -1,6 +1,6 @@
 AC_PREREQ([2.60])
 
-AC_INIT([globus_gsi_credential],[8.3],[https://github.com/gridcf/gct/issues])
+AC_INIT([globus_gsi_credential],[8.4],[https://github.com/gridcf/gct/issues])
 AC_CONFIG_MACRO_DIR([m4])
 AC_SUBST([MAJOR_VERSION], [${PACKAGE_VERSION%%.*}])
 AC_SUBST([MINOR_VERSION], [${PACKAGE_VERSION##*.}])
diff --git a/packaging/debian/globus-gsi-cert-utils/debian/changelog.in b/packaging/debian/globus-gsi-cert-utils/debian/changelog.in
index 035a532f7e..ed14cdf2ad 100644
--- a/packaging/debian/globus-gsi-cert-utils/debian/changelog.in
+++ b/packaging/debian/globus-gsi-cert-utils/debian/changelog.in
@@ -1,3 +1,9 @@
+globus-gsi-cert-utils (10.11-1+gct.@distro@) @distro@; urgency=medium
+
+  * Fix parsing of ASN1 timestamps
+
+ -- Mischa Sallé <msalle@nikhef.nl>  Thu, 19 Jan 2023 14:58:23 +0100
+
 globus-gsi-cert-utils (10.10-1+gct.@distro@) @distro@; urgency=medium
 
   * Can't use non-existing or non-accessible files as source for random
diff --git a/packaging/debian/globus-gsi-credential/debian/changelog.in b/packaging/debian/globus-gsi-credential/debian/changelog.in
index 30aa052ebf..ab7a7ef956 100644
--- a/packaging/debian/globus-gsi-credential/debian/changelog.in
+++ b/packaging/debian/globus-gsi-credential/debian/changelog.in
@@ -1,3 +1,9 @@
+globus-gsi-credential (8.4-1+gct.@distro@) @distro@; urgency=medium
+
+  * Greatly simplify getting current time
+
+ -- Mischa Sallé <msalle@nikhef.nl>  Thu, 19 Jan 2023 14:55:00 +0100
+
 globus-gsi-credential (8.3-1+gct.@distro@) @distro@; urgency=medium
 
   * Typo fixes
diff --git a/packaging/fedora/globus-gsi-cert-utils.spec b/packaging/fedora/globus-gsi-cert-utils.spec
index 8fac4cb5a6..8fdc573683 100644
--- a/packaging/fedora/globus-gsi-cert-utils.spec
+++ b/packaging/fedora/globus-gsi-cert-utils.spec
@@ -3,7 +3,7 @@
 Name:		globus-gsi-cert-utils
 %global soname 0
 %global _name %(echo %{name} | tr - _)
-Version:	10.10
+Version:	10.11
 Release:	1%{?dist}
 Summary:	Grid Community Toolkit - Globus GSI Cert Utils Library
 
@@ -180,6 +180,9 @@ make %{?_smp_mflags} check VERBOSE=1
 %doc %{_pkgdocdir}/GLOBUS_LICENSE
 
 %changelog
+* Thu Jan 19 2023 Mischa Salle <msalle@nikhef.nl> - 10.11-1
+- Fix parsing of ASN1 timestamps
+
 * Sat May 07 2022 Mattias Ellert <mattias.ellert@physics.uu.se> - 10.10-1
 - Can't use non-existing or non-accessible files as source for random data
 
diff --git a/packaging/fedora/globus-gsi-credential.spec b/packaging/fedora/globus-gsi-credential.spec
index d80cae06a3..05b834553d 100644
--- a/packaging/fedora/globus-gsi-credential.spec
+++ b/packaging/fedora/globus-gsi-credential.spec
@@ -3,7 +3,7 @@
 Name:		globus-gsi-credential
 %global soname 1
 %global _name %(echo %{name} | tr - _)
-Version:	8.3
+Version:	8.4
 Release:	1%{?dist}
 Summary:	Grid Community Toolkit - Globus GSI Credential Library
 
@@ -137,6 +137,9 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.la
 %doc %{_pkgdocdir}/GLOBUS_LICENSE
 
 %changelog
+* Thu Jan 19 2023 Mischa Salle <msalle@nikhef.nl> - 8.4-1
+- Greatly simplify getting current time
+
 * Fri Aug 20 2021 Mattias Ellert <mattias.ellert@physics.uu.se> - 8.3-1
 - Typo fixes