From fe6819eb9d7d9f84616daadb5f07072a3dfa02b1 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Jul 01 2015 10:25:52 +0000
Subject: DNSSEC: Store time & date key metadata in UTC.


OpenDNSSEC stores key metadata in local time zone but BIND needs
timestamps in UTC. UTC will be stored in LDAP.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 03dcfbc..4c6649c 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -17,6 +17,7 @@ Purpose of this replacement is to upload keys generated by OpenDNSSEC to LDAP.
 
 from binascii import hexlify
 from datetime import datetime
+import dateutil.tz
 import dns.dnssec
 import fcntl
 import logging
@@ -80,7 +81,12 @@ def datetime2ldap(dt):
     return dt.strftime(ipalib.constants.LDAP_GENERALIZED_TIME_FORMAT)
 
 def sql2datetime(sql_time):
-    return datetime.strptime(sql_time, "%Y-%m-%d %H:%M:%S")
+    """Convert SQL date format from local time zone into UTC."""
+    localtz = dateutil.tz.tzlocal()
+    localtime = datetime.strptime(sql_time, "%Y-%m-%d %H:%M:%S").replace(
+                                  tzinfo=localtz)
+    utctz = dateutil.tz.gettz('UTC')
+    return localtime.astimezone(utctz)
 
 def sql2datetimes(row):
     row2key_map = {'generate': 'idnsSecKeyCreated',