[doctor/master] Warn earlier about expiring certificates. - tor-commits

3 Jan 2012

commit 3d48a8dc5b43065f81976fadbfeb0ca566481309
Author: Karsten Loesing karsten.loesing@gmx.net
Date:   Tue Jan 3 15:11:53 2012 +0100
Warn earlier about expiring certificates.
Now we warn
    - just once 3 months before the certificate expires,
    - every week 2 months before the certificate expires, and
    - every day 2 weeks before the certificate expires.
---
 src/org/torproject/doctor/Checker.java          |   53 +++++++++++++++++-----
 src/org/torproject/doctor/StatusFileReport.java |   12 +++++-
 src/org/torproject/doctor/Warning.java          |   12 ++++-
 3 files changed, 62 insertions(+), 15 deletions(-)

diff --git a/src/org/torproject/doctor/Checker.java b/src/org/torproject/doctor/Checker.java
index ab7e92d..dc1ea46 100644
--- a/src/org/torproject/doctor/Checker.java
+++ b/src/org/torproject/doctor/Checker.java
@@ -294,27 +294,56 @@ public class Checker {
   /* Check whether any of the authority keys expire in the next 14
    * days. */
   private void checkAuthorityKeys() {
-    SortedMap<String, String> expiringCertificates =
+    SortedMap<String, String> certificatesExpiringInThreeMonths =
+        new TreeMap<String, String>();
+    SortedMap<String, String> certificatesExpiringInTwoMonths =
+        new TreeMap<String, String>();
+    SortedMap<String, String> certificatesExpiringInTwoWeeks =
         new TreeMap<String, String>();
     long now = System.currentTimeMillis();
     for (RelayNetworkStatusVote vote : this.downloadedVotes) {
       long voteDirKeyExpiresMillis = vote.getDirKeyExpiresMillis();
       if (voteDirKeyExpiresMillis - 14L * 24L * 60L * 60L * 1000L < now) {
-        expiringCertificates.put(vote.getNickname(),
+        certificatesExpiringInTwoWeeks.put(vote.getNickname(),
+            dateTimeFormat.format(voteDirKeyExpiresMillis));
+      } else if (voteDirKeyExpiresMillis - 60L * 24L * 60L * 60L * 1000L <
+          now) {
+        certificatesExpiringInTwoMonths.put(vote.getNickname(),
+            dateTimeFormat.format(voteDirKeyExpiresMillis));
+      } else if (voteDirKeyExpiresMillis - 90L * 24L * 60L * 60L * 1000L <
+          now) {
+        certificatesExpiringInThreeMonths.put(vote.getNickname(),
             dateTimeFormat.format(voteDirKeyExpiresMillis));
       }
     }
-    if (!expiringCertificates.isEmpty()) {
-      StringBuilder sb = new StringBuilder();
-      for (Map.Entry<String, String> e :
-          expiringCertificates.entrySet()) {
-        String dir = e.getKey();
-        String timestamp = e.getValue();
-        sb.append(", " + dir + " " + timestamp);
-      }
-      this.warnings.put(Warning.CertificateExpiresSoon,
-          sb.toString().substring(2));
+    if (!certificatesExpiringInThreeMonths.isEmpty()) {
+      this.warnAboutExpiringCertificates(
+          Warning.CertificateExpiresInThreeMonths,
+          certificatesExpiringInThreeMonths);
+    }
+    if (!certificatesExpiringInTwoMonths.isEmpty()) {
+      this.warnAboutExpiringCertificates(
+          Warning.CertificateExpiresInTwoMonths,
+          certificatesExpiringInTwoMonths);
+    }
+    if (!certificatesExpiringInTwoWeeks.isEmpty()) {
+      this.warnAboutExpiringCertificates(
+          Warning.CertificateExpiresInTwoWeeks,
+          certificatesExpiringInTwoWeeks);
+    }
+  }
+
+  private void warnAboutExpiringCertificates(Warning warningType,
+      SortedMap<String, String> expiringCertificates) {
+    StringBuilder sb = new StringBuilder();
+    for (Map.Entry<String, String> e :
+        expiringCertificates.entrySet()) {
+      String dir = e.getKey();
+      String timestamp = e.getValue();
+      sb.append(", " + dir + " " + timestamp);
     }
+    String details = sb.toString().substring(2);
+    this.warnings.put(warningType, sb.toString().substring(2));
   }
/* Check if any votes are missing. */
diff --git a/src/org/torproject/doctor/StatusFileReport.java b/src/org/torproject/doctor/StatusFileReport.java
index a8838b6..994704a 100644
--- a/src/org/torproject/doctor/StatusFileReport.java
+++ b/src/org/torproject/doctor/StatusFileReport.java
@@ -112,7 +112,17 @@ public class StatusFileReport {
               + "conflicting or invalid consensus parameters: " + details,
               150L * 60L * 1000L);
           break;
-        case CertificateExpiresSoon:
+        case CertificateExpiresInThreeMonths:
+          warningStrings.put("The certificates of the following "
+              + "directory authorities expire within the next three "
+              + "months: " + details, 5L * 7L * 24L * 60L * 60L * 1000L);
+          break;
+        case CertificateExpiresInTwoMonths:
+          warningStrings.put("The certificates of the following "
+              + "directory authorities expire within the next two "
+              + "months: " + details, 7L * 24L * 60L * 60L * 1000L);
+          break;
+        case CertificateExpiresInTwoWeeks:
           warningStrings.put("The certificates of the following "
               + "directory authorities expire within the next 14 days: "
               + details, 24L * 60L * 60L * 1000L);
diff --git a/src/org/torproject/doctor/Warning.java b/src/org/torproject/doctor/Warning.java
index 1684f89..eee4342 100644
--- a/src/org/torproject/doctor/Warning.java
+++ b/src/org/torproject/doctor/Warning.java
@@ -33,8 +33,16 @@ public enum Warning {
   ConflictingOrInvalidConsensusParams,
/* The certificate(s) of one or more directory authorities expire within
-   * the next 14 days. */
-  CertificateExpiresSoon,
+   * the next three months, which we warn about just once. */
+  CertificateExpiresInThreeMonths,
+
+  /* The certificate(s) of one or more directory authorities expire within
+   * the next two months, which we warn about once per week. */
+  CertificateExpiresInTwoMonths,
+
+  /* The certificate(s) of one or more directory authorities expire within
+   * the next 14 days, which we warn about once per day. */
+  CertificateExpiresInTwoWeeks,
/* The vote(s) of one or more directory authorities are missing. */
   VotesMissing,

    