/hg/icedtea-web: Fixed check for a certificate whose start date ...

Mon Apr 2 08:23:52 PDT 2012

changeset eb3a40549623 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=eb3a40549623
author: Danesh Dadachanji <ddadacha at redhat.com>
date: Mon Apr 02 11:23:18 2012 -0400

	Fixed check for a certificate whose start date has not yet been reached.


diffstat:

 ChangeLog                                      |  7 +++++++
 netx/net/sourceforge/jnlp/tools/JarSigner.java |  6 ++++++
 2 files changed, 13 insertions(+), 0 deletions(-)

diffs (33 lines):

diff -r 14284e2041de -r eb3a40549623 ChangeLog

--- a/ChangeLog	Thu Mar 22 13:12:44 2012 -0400
+++ b/ChangeLog	Mon Apr 02 11:23:18 2012 -0400
@@ -1,3 +1,10 @@
+2012-03-30  Danesh Dadachanji  <ddadacha at redhat.com>
+
+	Certificate start dates are not being checked, they are still verified
+	even if the date has yet not been reached.
+	* netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start
+	date is in the future, set notYetValidCert to true.
+
 2012-03-21  Omair Majid  <omajid at redhat.com>
 
 	* tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java
diff -r 14284e2041de -r eb3a40549623 netx/net/sourceforge/jnlp/tools/JarSigner.java
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java	Thu Mar 22 13:12:44 2012 -0400
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java	Mon Apr 02 11:23:18 2012 -0400
@@ -297,9 +297,15 @@
                             if (cert instanceof X509Certificate) {
                                 checkCertUsage((X509Certificate) cert, null);
                                 if (!showcerts) {
+                                    long notBefore = ((X509Certificate) cert)
+                                                     .getNotBefore().getTime();
                                     long notAfter = ((X509Certificate) cert)
                                                     .getNotAfter().getTime();
 
+                                    if (now < notBefore) {
+                                        notYetValidCert = true;
+                                    }
+
                                     if (notAfter < now) {
                                         hasExpiredCert = true;
                                     } else if (notAfter < now + SIX_MONTHS) {

