Mercurial > hg > release > icedtea-web-1.2
changeset 344:9c0e0aec8ac8
Fixed check for a certificate whose start date has not yet been reached.
author | Danesh Dadachanji <ddadacha@redhat.com> |
---|---|
date | Mon, 02 Apr 2012 11:26:17 -0400 |
parents | 9b8837c53c09 |
children | 79b3ded39c1f |
files | ChangeLog netx/net/sourceforge/jnlp/tools/JarSigner.java |
diffstat | 2 files changed, 13 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Mar 14 15:05:54 2012 -0400 +++ b/ChangeLog Mon Apr 02 11:26:17 2012 -0400 @@ -1,3 +1,10 @@ +2012-03-30 Danesh Dadachanji <ddadacha@redhat.com> + + Certificate start dates are not being checked, they are still verified + even if the date has yet not been reached. + * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start + date is in the future, set notYetValidCert to true. + 2012-03-14 Deepak Bhole <dbhole@redhat.com> Omair Majid <omajid@redhat.com>
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Mar 14 15:05:54 2012 -0400 +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Mon Apr 02 11:26:17 2012 -0400 @@ -297,9 +297,15 @@ if (cert instanceof X509Certificate) { checkCertUsage((X509Certificate) cert, null); if (!showcerts) { + long notBefore = ((X509Certificate) cert) + .getNotBefore().getTime(); long notAfter = ((X509Certificate) cert) .getNotAfter().getTime(); + if (now < notBefore) { + notYetValidCert = true; + } + if (notAfter < now) { hasExpiredCert = true; } else if (notAfter < now + SIX_MONTHS) {