From 086638f8d7db24134af3a2a659f668b0ab181870 Mon Sep 17 00:00:00 2001
From: lei zhang <lei.a.zhang@intel.com>
Date: Fri, 2 Dec 2022 16:30:23 +0800
Subject: [PATCH] Code cleanup (#349)

Signed-off-by: LeiZhang <lei.a.zhang@intel.com>
---
 .../certificate_providers/local_certificate/BUILD        | 1 +
 .../local_certificate/local_certificate.cc               | 9 ++++-----
 source/extensions/filters/network/bumping/BUILD          | 4 ++--
 .../transport_sockets/tls/context_config_impl.cc         | 3 ++-
 4 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/source/extensions/certificate_providers/local_certificate/BUILD b/source/extensions/certificate_providers/local_certificate/BUILD
index c5ce458119c4..8b9e474b3e73 100644
--- a/source/extensions/certificate_providers/local_certificate/BUILD
+++ b/source/extensions/certificate_providers/local_certificate/BUILD
@@ -24,6 +24,7 @@ envoy_cc_library(
         "//source/common/common:callback_impl_lib",
         "//source/common/common:logger_lib",
         "//source/common/config:datasource_lib",
+        "//source/common/protobuf",
         "@envoy_api//envoy/extensions/certificate_providers/local_certificate/v3:pkg_cc_proto",
     ],
 )
diff --git a/source/extensions/certificate_providers/local_certificate/local_certificate.cc b/source/extensions/certificate_providers/local_certificate/local_certificate.cc
index 02394fee04d1..6ceee5ae7175 100644
--- a/source/extensions/certificate_providers/local_certificate/local_certificate.cc
+++ b/source/extensions/certificate_providers/local_certificate/local_certificate.cc
@@ -4,6 +4,7 @@
 
 #include "source/common/common/logger.h"
 #include "source/common/config/datasource.h"
+#include "source/common/protobuf/protobuf.h"
 
 namespace Envoy {
 namespace Extensions {
@@ -22,7 +23,7 @@ Provider::Provider(
       cache_size_(PROTOBUF_GET_WRAPPED_OR_DEFAULT(config, cache_size, CacheDefaultSize)) {
   ASSERT(main_thread_dispatcher_.isThreadSafe());
   if (config.has_expiration_time()) {
-    auto seconds = google::protobuf::util::TimeUtil::TimestampToSeconds(config.expiration_time());
+    auto seconds = Envoy::ProtobufUtil::TimeUtil::TimestampToSeconds(config.expiration_time());
     expiration_config_ = std::chrono::system_clock::from_time_t(static_cast<time_t>(seconds));
   }
 
@@ -65,9 +66,7 @@ Envoy::CertificateProvider::OnDemandUpdateHandlePtr Provider::addOnDemandUpdateC
   // if we generate two mimic certs for these SNIs, it can not pass the certs config check
   // since we do not allow duplicated SANs.
   // We need to align this cache_hit with current transport socket behavior
-  bool cache_hit = [&]() {
-    return certificates_.is_in_cache(sni);
-  }();
+  bool cache_hit = [&]() { return certificates_.is_in_cache(sni); }();
 
   if (cache_hit) {
     ENVOY_LOG(debug, "Cache hit for {}", sni);
@@ -276,7 +275,7 @@ void Provider::setExpirationTime(Envoy::CertificateProvider::OnDemandUpdateMetad
   X509_gmtime_adj(X509_get_notBefore(crt), 0);
   // Compare expiration_time config with upstream cert expiration. Use smaller
   // value of those two dates as expiration time of mimic cert.
-  auto now = std::chrono::system_clock::now();
+  auto now = main_thread_dispatcher_.timeSource().systemTime();
   auto cert_expiration = metadata->connectionInfo()->expirationPeerCertificate();
   uint64_t valid_seconds;
   if (expiration_config_) {
diff --git a/source/extensions/filters/network/bumping/BUILD b/source/extensions/filters/network/bumping/BUILD
index e7bcf2340357..2303dd53ec3f 100644
--- a/source/extensions/filters/network/bumping/BUILD
+++ b/source/extensions/filters/network/bumping/BUILD
@@ -23,8 +23,8 @@ envoy_cc_library(
     deps = [
         "//envoy/access_log:access_log_interface",
         "//envoy/buffer:buffer_interface",
-        "//envoy/common:time_interface",
         "//envoy/certificate_provider:certificate_provider_interface",
+        "//envoy/common:time_interface",
         "//envoy/event:dispatcher_interface",
         "//envoy/network:connection_interface",
         "//envoy/network:filter_interface",
@@ -47,8 +47,8 @@ envoy_cc_library(
         "//source/common/http:codec_client_lib",
         "//source/common/network:application_protocol_lib",
         "//source/common/network:cidr_range_lib",
-        "//source/common/network:filter_lib",
         "//source/common/network:connection_impl",
+        "//source/common/network:filter_lib",
         "//source/common/network:proxy_protocol_filter_state_lib",
         "//source/common/network:socket_option_factory_lib",
         "//source/common/network:transport_socket_options_lib",
diff --git a/source/extensions/transport_sockets/tls/context_config_impl.cc b/source/extensions/transport_sockets/tls/context_config_impl.cc
index fe5e176c6efb..7669ce60dcc6 100644
--- a/source/extensions/transport_sockets/tls/context_config_impl.cc
+++ b/source/extensions/transport_sockets/tls/context_config_impl.cc
@@ -445,7 +445,8 @@ ServerContextConfigImpl::ServerContextConfigImpl(
   if (!capabilities().provides_certificates) {
     if ((config.common_tls_context().tls_certificates().size() +
          config.common_tls_context().tls_certificate_sds_secret_configs().size()) +
-         config.common_tls_context().has_tls_certificate_provider_instance() == 0) {
+            config.common_tls_context().has_tls_certificate_provider_instance() ==
+        0) {
       throw EnvoyException("No TLS certificates found for server context");
     } else if (!config.common_tls_context().tls_certificates().empty() &&
                !config.common_tls_context().tls_certificate_sds_secret_configs().empty()) {