Start date explicit timezone to UTC for all files

sros2/sros2/api/_permission.py

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+import datetime
 import os
 
 from lxml import etree
@@ -63,8 +64,19 @@ def create_permission_file(path, domain_id, policy_element):
 
     cert_path = os.path.join(os.path.dirname(path), 'cert.pem')
     cert_content = _utilities.load_cert(cert_path)
-    kwargs['not_valid_before'] = etree.XSLT.strparam(cert_content.not_valid_before.isoformat())
-    kwargs['not_valid_after'] = etree.XSLT.strparam(cert_content.not_valid_after.isoformat())
+
+    kwargs['not_valid_before'] = etree.XSLT.strparam(
+        datetime.datetime.combine(
+            cert_content.not_valid_before.date(),
+            cert_content.not_valid_before.time(),
+            datetime.timezone.utc
+        ).isoformat())
+    kwargs['not_valid_after'] = etree.XSLT.strparam(
+        datetime.datetime.combine(
+            cert_content.not_valid_after.date(),
+            cert_content.not_valid_after.time(),
+            datetime.timezone.utc
+        ).isoformat())
 
     if get_rmw_implementation_identifier() in _RMW_WITH_ROS_GRAPH_INFO_TOPIC:
         kwargs['allow_ros_discovery_topic'] = etree.XSLT.strparam('1')

sros2/sros2/api/_utilities.py

@@ -80,7 +80,7 @@ def build_key_and_cert(subject_name, *, ca=False, ca_key=None, issuer_name=''):
     else:
         extension = x509.BasicConstraints(ca=False, path_length=None)
 
-    utcnow = datetime.datetime.utcnow()
+    utcnow = datetime.datetime.now(datetime.timezone.utc)
     builder = x509.CertificateBuilder(
         ).issuer_name(
             issuer_name

sros2/sros2/policy/templates/dds/permissions.xsl

@@ -6,8 +6,8 @@
  <xsl:output omit-xml-declaration="yes" indent="yes"/>
  <xsl:strip-space elements="*"/>
 
-<xsl:param name="not_valid_before" select="'2020-05-01T00:00:00'"/>
-<xsl:param name="not_valid_after" select="'2030-05-01T00:00:00'"/>
+<xsl:param name="not_valid_before" select="'2020-05-01T00:00:00+00:00'"/>
+<xsl:param name="not_valid_after" select="'2030-05-01T00:00:00+00:00'"/>
 
 <xsl:variable name="template_validity">
   <validity>

sros2/test/policies/permissions/add_two_ints/permissions.xml

@@ -3,8 +3,8 @@
     <grant name="/add_two_ints/add_two_ints_server">
       <subject_name>CN=/add_two_ints/add_two_ints_server</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -54,8 +54,8 @@
     <grant name="/add_two_ints/add_two_ints_client">
       <subject_name>CN=/add_two_ints/add_two_ints_client</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>

sros2/test/policies/permissions/minimal_action/permissions.xml

@@ -3,8 +3,8 @@
     <grant name="/minimal_action/minimal_action_server">
       <subject_name>CN=/minimal_action/minimal_action_server</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -60,8 +60,8 @@
     <grant name="/minimal_action/minimal_action_client">
       <subject_name>CN=/minimal_action/minimal_action_client</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>

sros2/test/policies/permissions/sample/permissions.xml

@@ -3,8 +3,8 @@
     <grant name="/talker_listener/talker">
       <subject_name>CN=/talker_listener/talker</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -53,8 +53,8 @@
     <grant name="/talker_listener/listener">
       <subject_name>CN=/talker_listener/listener</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -103,8 +103,8 @@
     <grant name="/add_two_ints/add_two_ints_server">
       <subject_name>CN=/add_two_ints/add_two_ints_server</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -154,8 +154,8 @@
     <grant name="/add_two_ints/add_two_ints_client">
       <subject_name>CN=/add_two_ints/add_two_ints_client</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -205,8 +205,8 @@
     <grant name="/minimal_action/minimal_action_server">
       <subject_name>CN=/minimal_action/minimal_action_server</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -262,8 +262,8 @@
     <grant name="/minimal_action/minimal_action_client">
       <subject_name>CN=/minimal_action/minimal_action_client</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -319,8 +319,8 @@
     <grant name="/sample_policy/admin">
       <subject_name>CN=/sample_policy/admin</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>

sros2/test/policies/permissions/single_context/permissions.xml

@@ -3,8 +3,8 @@
     <grant name="/single_enclave">
       <subject_name>CN=/single_enclave</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>

sros2/test/policies/permissions/talker_listener/permissions.xml

@@ -3,8 +3,8 @@
     <grant name="/talker_listener/talker">
       <subject_name>CN=/talker_listener/talker</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>
@@ -53,8 +53,8 @@
     <grant name="/talker_listener/listener">
       <subject_name>CN=/talker_listener/listener</subject_name>
       <validity>
-        <not_before>2020-05-01T00:00:00</not_before>
-        <not_after>2030-05-01T00:00:00</not_after>
+        <not_before>2020-05-01T00:00:00+00:00</not_before>
+        <not_after>2030-05-01T00:00:00+00:00</not_after>
       </validity>
       <allow_rule>
         <domains>

sros2/test/sros2/commands/security/verbs/test_create_key.py

@@ -103,9 +103,17 @@ def test_cert_pem(enclave_keys_dir):
     assert isinstance(cert.signature_hash_algorithm, hashes.SHA256)
 
     # Verify the cert is valid for the expected timespan
-    utcnow = datetime.datetime.utcnow()
-    assert _datetimes_are_close(cert.not_valid_before, utcnow)
-    assert _datetimes_are_close(cert.not_valid_after, utcnow + datetime.timedelta(days=3650))
+    utcnow = datetime.datetime.now(datetime.timezone.utc)
+    tz_aware_not_valid_before = datetime.datetime.combine(
+        cert.not_valid_before.date(), cert.not_valid_before.time(),
+        datetime.timezone.utc
+    )
+    tz_aware_not_valid_after = datetime.datetime.combine(
+        cert.not_valid_after.date(), cert.not_valid_after.time(),
+        datetime.timezone.utc
+    )
+    assert _datetimes_are_close(tz_aware_not_valid_before, utcnow)
+    assert _datetimes_are_close(tz_aware_not_valid_after, utcnow + datetime.timedelta(days=3650))
 
     # Verify that the cert ensures this key cannot be used to sign others as a CA
     assert len(cert.extensions) == 1