/hg/release/icedtea-web-1.1: Fixed check for a certificate whose...
ddadacha at icedtea.classpath.org
ddadacha at icedtea.classpath.org
Mon Apr 2 08:29:34 PDT 2012
changeset 4672053d61e0 in /hg/release/icedtea-web-1.1
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.1?cmd=changeset;node=4672053d61e0
author: Danesh Dadachanji <ddadacha at redhat.com>
date: Mon Apr 02 11:28:21 2012 -0400
Fixed check for a certificate whose start date has not yet been reached.
diffstat:
ChangeLog | 7 +++++++
netx/net/sourceforge/jnlp/tools/JarSigner.java | 6 ++++++
2 files changed, 13 insertions(+), 0 deletions(-)
diffs (33 lines):
diff -r d4a6d82ed0ae -r 4672053d61e0 ChangeLog
--- a/ChangeLog Wed Mar 14 15:05:54 2012 -0400
+++ b/ChangeLog Mon Apr 02 11:28:21 2012 -0400
@@ -1,3 +1,10 @@
+2012-03-30 Danesh Dadachanji <ddadacha at redhat.com>
+
+ Certificate start dates are not being checked, they are still verified
+ even if the date has yet not been reached.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start
+ date is in the future, set notYetValidCert to true.
+
2012-03-05 Deepak Bhole <dbhole at redhat.com>
* configure.ac: Prepare for 1.1.6
diff -r d4a6d82ed0ae -r 4672053d61e0 netx/net/sourceforge/jnlp/tools/JarSigner.java
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Mar 14 15:05:54 2012 -0400
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Mon Apr 02 11:28:21 2012 -0400
@@ -297,9 +297,15 @@
if (cert instanceof X509Certificate) {
checkCertUsage((X509Certificate) cert, null);
if (!showcerts) {
+ long notBefore = ((X509Certificate) cert)
+ .getNotBefore().getTime();
long notAfter = ((X509Certificate) cert)
.getNotAfter().getTime();
+ if (now < notBefore) {
+ notYetValidCert = true;
+ }
+
if (notAfter < now) {
hasExpiredCert = true;
} else if (notAfter < now + SIX_MONTHS) {
More information about the distro-pkg-dev
mailing list