3 files changed, 65 insertions, 44 deletions
diff --git a/rpkid/ext/POW.c b/rpkid/ext/POW.c
index eb43388b..d28d7925 100644
--- a/rpkid/ext/POW.c
+++ b/rpkid/ext/POW.c
@@ -82,6 +82,7 @@
 /* $Id: rcynic.c 4613 2012-07-30 23:24:15Z sra $ */
 
 #include <Python.h>
+#include <datetime.h>
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
@@ -699,15 +700,27 @@ ASN1_TIME_to_Python(ASN1_TIME *t)
   return result;
 }
 
-#warning Perhaps Python_to_ASN1_TIME() should take a PyObject* so it can accept DateTime as well as string
-
 static ASN1_TIME *
-Python_to_ASN1_TIME(const char *s, const int object_requires_utctime)
+Python_to_ASN1_TIME(PyObject *arg, const int object_requires_utctime)
 {
+  char buf[sizeof("20010101010101Z") + 1];
   ASN1_TIME *result = NULL;
+  const char *s = NULL;
   int ok;
   
-  if (s == NULL)
+  if (PyDateTime_Check(arg)) {
+    if (snprintf(buf, sizeof(buf), "%4d%02d%02d%02d%02d%02dZ", 
+                 PyDateTime_GET_YEAR(arg),
+                 PyDateTime_GET_MONTH(arg),
+                 PyDateTime_GET_DAY(arg),
+                 PyDateTime_DATE_GET_HOUR(arg),
+                 PyDateTime_DATE_GET_MINUTE(arg),
+                 PyDateTime_DATE_GET_SECOND(arg)) >= sizeof(buf))
+      lose("Internal error -- GeneralizedTime buffer too small");
+    s = buf;
+  }
+
+  if (s == NULL && (s = PyString_AsString(arg)) == NULL)
     goto error;
 
   if (strlen(s) < 10)
@@ -1930,15 +1943,15 @@ static char x509_object_set_not_after__doc__[] =
 static PyObject *
 x509_object_set_not_after (x509_object *self, PyObject *args)
 {
-  char *s = NULL;
+  PyObject *o = NULL;
   ASN1_TIME *t = NULL;
 
   ENTERING(x509_object_set_not_after);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
-  if ((t = Python_to_ASN1_TIME(s, 1)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 1)) == NULL)
     lose("Couldn't convert notAfter string");
 
   if (!X509_set_notAfter(self->x509, t))
@@ -1964,15 +1977,15 @@ static char x509_object_set_not_before__doc__[] =
 static PyObject *
 x509_object_set_not_before (x509_object *self, PyObject *args)
 {
-  char *s = NULL;
+  PyObject *o = NULL;
   ASN1_TIME *t = NULL;
 
   ENTERING(x509_object_set_not_before);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
-  if ((t = Python_to_ASN1_TIME(s, 1)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 1)) == NULL)
     lose("Couldn't convert notBefore string");
 
   if (!X509_set_notBefore(self->x509, t))
@@ -3759,15 +3772,15 @@ static char crl_object_set_this_update__doc__[] =
 static PyObject *
 crl_object_set_this_update (crl_object *self, PyObject *args)
 {
-  char *s = NULL;
+  PyObject *o = NULL;
   ASN1_TIME *t = NULL;
 
   ENTERING(crl_object_set_this_update);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
-  if ((t = Python_to_ASN1_TIME(s, 1)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 1)) == NULL)
     lose("Couldn't convert thisUpdate string");
 
   if (!X509_CRL_set_lastUpdate(self->crl, t)) /* sic */
@@ -3809,15 +3822,15 @@ static char crl_object_set_next_update__doc__[] =
 static PyObject *
 crl_object_set_next_update (crl_object *self, PyObject *args)
 {
-  char *s = NULL;
+  PyObject *o = NULL;
   ASN1_TIME *t = NULL;
 
   ENTERING(crl_object_set_next_update);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
-  if ((t = Python_to_ASN1_TIME(s, 1)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 1)) == NULL)
     lose("Couldn't parse nextUpdate string");
 
   if (!X509_CRL_set_nextUpdate(self->crl, t))
@@ -3883,7 +3896,7 @@ crl_object_add_revocations(crl_object *self, PyObject *args)
       lose_type_error("Revocation entry must be two-element sequence");
 
     if ((serial = PyLong_to_ASN1_INTEGER(PySequence_Fast_GET_ITEM(fast, 0))) == NULL ||
-        (date = Python_to_ASN1_TIME(PyString_AsString(PySequence_Fast_GET_ITEM(fast, 1)), 1)) == NULL)
+        (date = Python_to_ASN1_TIME(PySequence_Fast_GET_ITEM(fast, 1), 1)) == NULL)
       goto error;
 
     if ((revoked = X509_REVOKED_new()) == NULL ||
@@ -5960,17 +5973,17 @@ static PyObject *
 manifest_object_set_this_update (manifest_object *self, PyObject *args)
 {
   ASN1_TIME *t = NULL;
-  char *s = NULL;
+  PyObject *o = NULL;
 
   ENTERING(manifest_object_set_this_update);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
   if (self->manifest == NULL)
     lose_not_verified("Can't set thisUpdate value of unverified manifest");
 
-  if ((t = Python_to_ASN1_TIME(s, 0)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 0)) == NULL)
     lose("Couldn't convert thisUpdate string");
 
   ASN1_TIME_free(self->manifest->thisUpdate);
@@ -6012,17 +6025,17 @@ static PyObject *
 manifest_object_set_next_update (manifest_object *self, PyObject *args)
 {
   ASN1_TIME *t = NULL;
-  char *s = NULL;
+  PyObject *o = NULL;
 
   ENTERING(manifest_object_set_next_update);
 
-  if (!PyArg_ParseTuple(args, "s", &s))
+  if (!PyArg_ParseTuple(args, "O", &o))
     goto error;
 
   if (self->manifest == NULL)
     lose_not_verified("Can't set nextUpdate value of unverified manifest"); 
 
-  if ((t = Python_to_ASN1_TIME(s, 0)) == NULL)
+  if ((t = Python_to_ASN1_TIME(o, 0)) == NULL)
     lose("Couldn't parse nextUpdate string");
 
   ASN1_TIME_free(self->manifest->nextUpdate);
@@ -8161,6 +8174,12 @@ init_POW(void)
    */
   CRYPTO_set_mem_functions(PyMem_Malloc, PyMem_Realloc, PyMem_Free);
 
+  /*
+   * Import the DateTime API
+   */
+
+  PyDateTime_IMPORT;
+
 #define Define_Class(__type__)                                          \
   do {                                                                  \
     char *__name__ = strrchr(__type__.tp_name, '.');                    \
diff --git a/rpkid/rpki/x509.py b/rpkid/rpki/x509.py
index a7f04304..adfcceea 100644
--- a/rpkid/rpki/x509.py
+++ b/rpkid/rpki/x509.py
@@ -662,8 +662,8 @@ class X509(DER_object):
     cert.setSerial(serial)
     cert.setIssuer(issuer_name.get_POW())
     cert.setSubject(X501DN.from_cn(cn).get_POW())
-    cert.setNotBefore(now.toGeneralizedTime())
-    cert.setNotAfter(notAfter.toGeneralizedTime())
+    cert.setNotBefore(now)
+    cert.setNotAfter(notAfter)
     cert.setPublicKey(subject_key.get_POW())
     cert.setSKI(ski)
     cert.setAKI(aki)
@@ -775,8 +775,8 @@ class X509(DER_object):
     cert.setSerial(serial)
     cert.setIssuer(issuer_name.get_POW())
     cert.setSubject(subject_name.get_POW())
-    cert.setNotBefore(now.toGeneralizedTime())
-    cert.setNotAfter(notAfter.toGeneralizedTime())
+    cert.setNotBefore(now)
+    cert.setNotAfter(notAfter)
     cert.setPublicKey(subject_key.get_POW())
     cert.setSKI(subject_key.get_POW().calculateSKI())
     if issuer_key != subject_key:
@@ -1475,8 +1475,8 @@ class SignedManifest(DER_CMS_object):
     obj = cls.POW_class()
     obj.setVersion(version)
     obj.setManifestNumber(serial)
-    obj.setThisUpdate(thisUpdate.toGeneralizedTime())
-    obj.setNextUpdate(nextUpdate.toGeneralizedTime())
+    obj.setThisUpdate(thisUpdate)
+    obj.setNextUpdate(nextUpdate)
     obj.setAlgorithm(POWify_OID(rpki.oids.name2oid["id-sha256"]))
     obj.addFiles(filelist)
 
@@ -1797,12 +1797,11 @@ class CRL(DER_object):
     crl = rpki.POW.CRL()
     crl.setVersion(version)
     crl.setIssuer(issuer.getSubject().get_POW())
-    crl.setThisUpdate(thisUpdate.toGeneralizedTime())
-    crl.setNextUpdate(nextUpdate.toGeneralizedTime())
+    crl.setThisUpdate(thisUpdate)
+    crl.setNextUpdate(nextUpdate)
     crl.setAKI(issuer.get_SKI())
     crl.setCRLNumber(serial)
-    crl.addRevocations((r[0], r[1].toGeneralizedTime())
-                       for r in revokedCertificates)
+    crl.addRevocations(revokedCertificates)
     crl.sign(keypair.get_POW())
     return cls(POW = crl)
 
diff --git a/rpkid/tests/smoketest.py b/rpkid/tests/smoketest.py
index 07ad4d0e..4bc6e715 100644
--- a/rpkid/tests/smoketest.py
+++ b/rpkid/tests/smoketest.py
@@ -340,13 +340,14 @@ def main():
                        (pubd_process,   "pubd"),
                        (rsyncd_process, "rsyncd")):
       # pylint: disable=E1103
-      if proc is not None:
+      if proc is not None and proc.poll() is None:
         rpki.log.info("Killing %s, pid %s" % (name, proc.pid))
         try:
-          os.kill(proc.pid, signal.SIGTERM)
+          proc.terminate()
         except OSError:
           pass
-        proc.wait()
+      if proc is not None:
+        rpki.log.info("Daemon %s, pid %s exited with code %s" % (name, proc.pid, proc.wait()))
 
 def cmd_sleep(cb, interval):
   """
@@ -486,6 +487,8 @@ class allocation(object):
   crl_interval = None
   regen_margin = None
   last_cms_time = None
+  rpkid_process = None
+  irdbd_process = None
 
   def __init__(self, yaml, db, parent = None):
     """
@@ -798,17 +801,17 @@ class allocation(object):
     Kill daemons for this entity.
     """
     # pylint: disable=E1103
-    rpki.log.info("Killing daemons for %s" % self.name)
-    try:
-      for proc in (self.rpkid_process, self.irdbd_process):
+    for proc, name in ((self.rpkid_process, "rpkid"),
+                       (self.irdbd_process, "irdbd")):
+      if proc is not None and proc.poll() is None:
+        rpki.log.info("Killing daemon %s pid %s for %s" % (name, proc.pid, self.name))
         try:
-          rpki.log.info("Killing pid %d" % proc.pid)
-          os.kill(proc.pid, signal.SIGTERM)
+          proc.terminate()
         except OSError:
           pass
-        proc.wait()
-    except AttributeError:
-      pass
+      if proc is not None:
+        rpki.log.info("Daemon %s pid %s for %s exited with code %s" % (
+          name, proc.pid, self.name, proc.wait()))
 
   def call_rpkid(self, pdus, cb):
     """