Mercurial > hg > release > icedtea-web-1.1
changeset 290:4672053d61e0
Fixed check for a certificate whose start date has not yet been reached.
| author | Danesh Dadachanji <ddadacha@redhat.com> |
|---|---|
| date | Mon, 02 Apr 2012 11:28:21 -0400 |
| parents | d4a6d82ed0ae |
| children | 203e1b4e5c23 |
| files | ChangeLog netx/net/sourceforge/jnlp/tools/JarSigner.java |
| diffstat | 2 files changed, 13 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Mar 14 15:05:54 2012 -0400 +++ b/ChangeLog Mon Apr 02 11:28:21 2012 -0400 @@ -1,3 +1,10 @@ +2012-03-30 Danesh Dadachanji <ddadacha@redhat.com> + + Certificate start dates are not being checked, they are still verified + even if the date has yet not been reached. + * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start + date is in the future, set notYetValidCert to true. + 2012-03-05 Deepak Bhole <dbhole@redhat.com> * configure.ac: Prepare for 1.1.6
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Mar 14 15:05:54 2012 -0400 +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Mon Apr 02 11:28:21 2012 -0400 @@ -297,9 +297,15 @@ if (cert instanceof X509Certificate) { checkCertUsage((X509Certificate) cert, null); if (!showcerts) { + long notBefore = ((X509Certificate) cert) + .getNotBefore().getTime(); long notAfter = ((X509Certificate) cert) .getNotAfter().getTime(); + if (now < notBefore) { + notYetValidCert = true; + } + if (notAfter < now) { hasExpiredCert = true; } else if (notAfter < now + SIX_MONTHS) {