[tor-commits] [doctor/master] Warn earlier about expiring certificates.
karsten at torproject.org
karsten at torproject.org
Tue Jan 3 14:15:41 UTC 2012
commit 3d48a8dc5b43065f81976fadbfeb0ca566481309
Author: Karsten Loesing <karsten.loesing at gmx.net>
Date: Tue Jan 3 15:11:53 2012 +0100
Warn earlier about expiring certificates.
Now we warn
- just once 3 months before the certificate expires,
- every week 2 months before the certificate expires, and
- every day 2 weeks before the certificate expires.
---
src/org/torproject/doctor/Checker.java | 53 +++++++++++++++++-----
src/org/torproject/doctor/StatusFileReport.java | 12 +++++-
src/org/torproject/doctor/Warning.java | 12 ++++-
3 files changed, 62 insertions(+), 15 deletions(-)
diff --git a/src/org/torproject/doctor/Checker.java b/src/org/torproject/doctor/Checker.java
index ab7e92d..dc1ea46 100644
--- a/src/org/torproject/doctor/Checker.java
+++ b/src/org/torproject/doctor/Checker.java
@@ -294,27 +294,56 @@ public class Checker {
/* Check whether any of the authority keys expire in the next 14
* days. */
private void checkAuthorityKeys() {
- SortedMap<String, String> expiringCertificates =
+ SortedMap<String, String> certificatesExpiringInThreeMonths =
+ new TreeMap<String, String>();
+ SortedMap<String, String> certificatesExpiringInTwoMonths =
+ new TreeMap<String, String>();
+ SortedMap<String, String> certificatesExpiringInTwoWeeks =
new TreeMap<String, String>();
long now = System.currentTimeMillis();
for (RelayNetworkStatusVote vote : this.downloadedVotes) {
long voteDirKeyExpiresMillis = vote.getDirKeyExpiresMillis();
if (voteDirKeyExpiresMillis - 14L * 24L * 60L * 60L * 1000L < now) {
- expiringCertificates.put(vote.getNickname(),
+ certificatesExpiringInTwoWeeks.put(vote.getNickname(),
+ dateTimeFormat.format(voteDirKeyExpiresMillis));
+ } else if (voteDirKeyExpiresMillis - 60L * 24L * 60L * 60L * 1000L <
+ now) {
+ certificatesExpiringInTwoMonths.put(vote.getNickname(),
+ dateTimeFormat.format(voteDirKeyExpiresMillis));
+ } else if (voteDirKeyExpiresMillis - 90L * 24L * 60L * 60L * 1000L <
+ now) {
+ certificatesExpiringInThreeMonths.put(vote.getNickname(),
dateTimeFormat.format(voteDirKeyExpiresMillis));
}
}
- if (!expiringCertificates.isEmpty()) {
- StringBuilder sb = new StringBuilder();
- for (Map.Entry<String, String> e :
- expiringCertificates.entrySet()) {
- String dir = e.getKey();
- String timestamp = e.getValue();
- sb.append(", " + dir + " " + timestamp);
- }
- this.warnings.put(Warning.CertificateExpiresSoon,
- sb.toString().substring(2));
+ if (!certificatesExpiringInThreeMonths.isEmpty()) {
+ this.warnAboutExpiringCertificates(
+ Warning.CertificateExpiresInThreeMonths,
+ certificatesExpiringInThreeMonths);
+ }
+ if (!certificatesExpiringInTwoMonths.isEmpty()) {
+ this.warnAboutExpiringCertificates(
+ Warning.CertificateExpiresInTwoMonths,
+ certificatesExpiringInTwoMonths);
+ }
+ if (!certificatesExpiringInTwoWeeks.isEmpty()) {
+ this.warnAboutExpiringCertificates(
+ Warning.CertificateExpiresInTwoWeeks,
+ certificatesExpiringInTwoWeeks);
+ }
+ }
+
+ private void warnAboutExpiringCertificates(Warning warningType,
+ SortedMap<String, String> expiringCertificates) {
+ StringBuilder sb = new StringBuilder();
+ for (Map.Entry<String, String> e :
+ expiringCertificates.entrySet()) {
+ String dir = e.getKey();
+ String timestamp = e.getValue();
+ sb.append(", " + dir + " " + timestamp);
}
+ String details = sb.toString().substring(2);
+ this.warnings.put(warningType, sb.toString().substring(2));
}
/* Check if any votes are missing. */
diff --git a/src/org/torproject/doctor/StatusFileReport.java b/src/org/torproject/doctor/StatusFileReport.java
index a8838b6..994704a 100644
--- a/src/org/torproject/doctor/StatusFileReport.java
+++ b/src/org/torproject/doctor/StatusFileReport.java
@@ -112,7 +112,17 @@ public class StatusFileReport {
+ "conflicting or invalid consensus parameters: " + details,
150L * 60L * 1000L);
break;
- case CertificateExpiresSoon:
+ case CertificateExpiresInThreeMonths:
+ warningStrings.put("The certificates of the following "
+ + "directory authorities expire within the next three "
+ + "months: " + details, 5L * 7L * 24L * 60L * 60L * 1000L);
+ break;
+ case CertificateExpiresInTwoMonths:
+ warningStrings.put("The certificates of the following "
+ + "directory authorities expire within the next two "
+ + "months: " + details, 7L * 24L * 60L * 60L * 1000L);
+ break;
+ case CertificateExpiresInTwoWeeks:
warningStrings.put("The certificates of the following "
+ "directory authorities expire within the next 14 days: "
+ details, 24L * 60L * 60L * 1000L);
diff --git a/src/org/torproject/doctor/Warning.java b/src/org/torproject/doctor/Warning.java
index 1684f89..eee4342 100644
--- a/src/org/torproject/doctor/Warning.java
+++ b/src/org/torproject/doctor/Warning.java
@@ -33,8 +33,16 @@ public enum Warning {
ConflictingOrInvalidConsensusParams,
/* The certificate(s) of one or more directory authorities expire within
- * the next 14 days. */
- CertificateExpiresSoon,
+ * the next three months, which we warn about just once. */
+ CertificateExpiresInThreeMonths,
+
+ /* The certificate(s) of one or more directory authorities expire within
+ * the next two months, which we warn about once per week. */
+ CertificateExpiresInTwoMonths,
+
+ /* The certificate(s) of one or more directory authorities expire within
+ * the next 14 days, which we warn about once per day. */
+ CertificateExpiresInTwoWeeks,
/* The vote(s) of one or more directory authorities are missing. */
VotesMissing,
More information about the tor-commits
mailing list