Dates and certificates

Michael StJohns mstjohns at
Mon Apr 9 11:07:19 PDT 2012

Hi - 

I've been trying to figure out which changes would be necessary to support the "inifinite" date used in RFC5280 for certificates that don't expire (e.g. 99991231255959).    (e.g.

I first thought this would be as easy as supporting the use of Calendar instead or in addition to Date for the notBefore and notAfter fields.  That would require an API change.

In the process of testing whether or not Calendar would support this I wrote the following short program:

import java.util.Calendar;
import java.util.TimeZone;
import java.util.GregorianCalendar;

public class TestDate {

    public static void main (String[] args) 
	throws Exception {

	Calendar c = Calendar.getInstance();
	//	Calendar c = new GregorianCalendar(9999,12,31,23,59,59);
	c.set (Calendar.ZONE_OFFSET, 0);
	c.set (Calendar.YEAR, 9999);
	c.set (Calendar.MONTH,12);
	c.set (Calendar.DATE,31);
	c.set (Calendar.HOUR,23);
	c.set (Calendar.MINUTE,59);
	c.set (Calendar.SECOND,59); 

	System.out.printf ("%tY%<tm%<td%<tH%<tM%<tS%n",c);
	//	System.out.println (c);

I expected to get "99991231235959" out.  What I got was "100000201115959".  Or somewhat over 1 month off.  

I haven't tracked down why this is the case (could be the format process, could be a conversion to Date, could be something else), but I thought I'd pass it along.

In any event, could we update the API to support Calendar for certificate related dates?

Later, Mike

More information about the security-dev mailing list