Dates and certificates

Sean Mullan sean.mullan at oracle.com
Tue Apr 10 08:23:39 PDT 2012


On 04/09/2012 02:07 PM, Michael StJohns wrote:
> Hi -
>
> I've been trying to figure out which changes would be necessary to
> support the "inifinite" date used in RFC5280 for certificates that
> don't expire (e.g. 99991231255959).    (e.g.
> java.security.cert.X509Certificate)
>
> I first thought this would be as easy as supporting the use of
> Calendar instead or in addition to Date for the notBefore and
> notAfter fields.  That would require an API change.

Can you explain why you think Date would not be sufficient?

> In the process of testing whether or not Calendar would support this
> I wrote the following short program:
>
>
> import java.util.Calendar; import java.util.TimeZone; import
> java.util.GregorianCalendar;
>
> public class TestDate {
>
> public static void main (String[] args) throws Exception {
>
> Calendar c = Calendar.getInstance(); //	Calendar c = new
> GregorianCalendar(9999,12,31,23,59,59);
> c.setTimeZone(TimeZone.getTimeZone("GMT-0")); c.set
> (Calendar.ZONE_OFFSET, 0); c.set (Calendar.YEAR, 9999); c.set
> (Calendar.MONTH,12); c.set (Calendar.DATE,31); c.set
> (Calendar.HOUR,23); c.set (Calendar.MINUTE,59); c.set
> (Calendar.SECOND,59);
>
> System.out.printf ("%tY%<tm%<td%<tH%<tM%<tS%n",c); //
> System.out.println (c); } }
>
> I expected to get "99991231235959" out.  What I got was
> "100000201115959".  Or somewhat over 1 month off.
>
> I haven't tracked down why this is the case (could be the format
> process, could be a conversion to Date, could be something else), but
> I thought I'd pass it along.

I'm not sure. I've copied Xueming (Sherman) who might know the answer.

--Sean

>
> In any event, could we update the API to support Calendar for
> certificate related dates?
>
> Later, Mike
>




More information about the security-dev mailing list