sa: use dummy date instead of zero date (#8481)

jsha · web-flow · commit d0d89a7261cd · 2025-11-18T14:37:22.000-08:00
Fixes #8466
diff --git a/cmd/bad-key-revoker/main_test.go b/cmd/bad-key-revoker/main_test.go
@@ -151,9 +151,9 @@ func insertCert(t *testing.T, dbMap *db.WrappedMap, fc clock.Clock, keyHash []by
 		status,
 		expiredStatus,
 		fc.Now(),
-		time.Time{},
+		time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC),
 		0,
-		time.Time{},
+		time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC),
 	)
 	test.AssertNotError(t, err, "failed to insert test certificateStatus row")
 
diff --git a/cmd/cert-checker/main_test.go b/cmd/cert-checker/main_test.go
@@ -353,6 +353,8 @@ func TestGetAndProcessCerts(t *testing.T) {
 		Subject: pkix.Name{
 			CommonName: "not-blacklisted.com",
 		},
+		NotBefore:             fc.Now(),
+		NotAfter:              fc.Now().Add(999999 * time.Hour),
 		BasicConstraintsValid: true,
 		DNSNames:              []string{"not-blacklisted.com"},
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
diff --git a/sa/model_test.go b/sa/model_test.go
@@ -329,6 +329,7 @@ func insertCertificate(ctx context.Context, dbMap *db.WrappedMap, fc clock.FakeC
 	}
 	cert := &core.Certificate{
 		RegistrationID: regID,
+		Issued:         fc.Now(),
 		Serial:         serialString,
 		Expires:        template.NotAfter,
 		DER:            certDer,
diff --git a/sa/sa.go b/sa/sa.go
@@ -245,14 +245,20 @@ func (ssa *SQLStorageAuthority) AddPrecertificate(ctx context.Context, req *sapb
 			return nil, err
 		}
 
+		// An arbitrary, but valid date for fields revokedDate and lastExpirationNagSent.
+		// These fields in the database are NOT NULL so we can't omit them; and we don't
+		// want to pass `time.Time{}` because that results in inserts of `0000-00-00`, which
+		// is forbidden in strict mode (when NO_ZERO_DATE is on).
+		dummyDate := time.Date(2000, 1, 1, 0, 0, 0, 0, time.UTC)
+
 		status := core.OCSPStatusGood
 		cs := &certificateStatusModel{
 			Serial:                serialHex,
 			Status:                status,
 			OCSPLastUpdated:       ssa.clk.Now(),
-			RevokedDate:           time.Time{},
+			RevokedDate:           dummyDate,
 			RevokedReason:         0,
-			LastExpirationNagSent: time.Time{},
+			LastExpirationNagSent: dummyDate,
 			NotAfter:              parsed.NotAfter,
 			IsExpired:             false,
 			IssuerID:              req.IssuerNameID,

Original file line number	Diff line number	Diff line change
`@@ -329,6 +329,7 @@ func insertCertificate(ctx context.Context, dbMap *db.WrappedMap, fc clock.FakeC`
`329`	`329`	`}`
`330`	`330`	`cert := &core.Certificate{`
`331`	`331`	`RegistrationID: regID,`
	`332`	`+ Issued: fc.Now(),`
`332`	`333`	`Serial: serialString,`
`333`	`334`	`Expires: template.NotAfter,`
`334`	`335`	`DER: certDer,`