# HG changeset patch
# User Danesh Dadachanji <ddadacha@redhat.com>
# Date 1333380501 14400
# Node ID 4672053d61e089fb58f585ec3fcd1a4e33811df4
# Parent  d4a6d82ed0aea56ba4120f2a05d94744f5015d3e
Fixed check for a certificate whose start date has not yet been reached.

diff -r d4a6d82ed0ae -r 4672053d61e0 ChangeLog
--- a/ChangeLog	Wed Mar 14 15:05:54 2012 -0400
+++ b/ChangeLog	Mon Apr 02 11:28:21 2012 -0400
@@ -1,3 +1,10 @@
+2012-03-30  Danesh Dadachanji  <ddadacha@redhat.com>
+
+	Certificate start dates are not being checked, they are still verified
+	even if the date has yet not been reached.
+	* netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start
+	date is in the future, set notYetValidCert to true.
+
 2012-03-05  Deepak Bhole <dbhole@redhat.com>
 
 	* configure.ac: Prepare for 1.1.6
diff -r d4a6d82ed0ae -r 4672053d61e0 netx/net/sourceforge/jnlp/tools/JarSigner.java
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java	Wed Mar 14 15:05:54 2012 -0400
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java	Mon Apr 02 11:28:21 2012 -0400
@@ -297,9 +297,15 @@
                             if (cert instanceof X509Certificate) {
                                 checkCertUsage((X509Certificate) cert, null);
                                 if (!showcerts) {
+                                    long notBefore = ((X509Certificate) cert)
+                                                     .getNotBefore().getTime();
                                     long notAfter = ((X509Certificate) cert)
                                                     .getNotAfter().getTime();
 
+                                    if (now < notBefore) {
+                                        notYetValidCert = true;
+                                    }
+
                                     if (notAfter < now) {
                                         hasExpiredCert = true;
                                     } else if (notAfter < now + SIX_MONTHS) {