Dates and certificates

Vincent Ryan vincent.x.ryan at oracle.com
Tue Apr 10 15:23:44 UTC 2012


Hello Michael,

Are you referring to the getNotAfter() and getNotBefore() methods of 
X509Certificate?

The Date class that those methods return already supports dates well
past the year 9999.

Are you seeking to add support for Calendar for ease-of-use reasons?


BTW an early call to c.clear() in the program below prevents any
unintended interference from default values. And (bizarrely)
Calendar.MONTH is 0-based.



On 04/ 9/12 07:07 PM, Michael StJohns wrote:
> Hi -
>
> I've been trying to figure out which changes would be necessary to support the "inifinite" date used in RFC5280 for certificates that don't expire (e.g. 99991231255959).    (e.g. java.security.cert.X509Certificate)
>
> I first thought this would be as easy as supporting the use of Calendar instead or in addition to Date for the notBefore and notAfter fields.  That would require an API change.
>
> In the process of testing whether or not Calendar would support this I wrote the following short program:
>
>
> import java.util.Calendar;
> import java.util.TimeZone;
> import java.util.GregorianCalendar;
>
> public class TestDate {
>
>      public static void main (String[] args)
> 	throws Exception {
>
> 	Calendar c = Calendar.getInstance();
> 	//	Calendar c = new GregorianCalendar(9999,12,31,23,59,59);
> 	c.setTimeZone(TimeZone.getTimeZone("GMT-0"));
> 	c.set (Calendar.ZONE_OFFSET, 0);
> 	c.set (Calendar.YEAR, 9999);
> 	c.set (Calendar.MONTH,12);
> 	c.set (Calendar.DATE,31);
> 	c.set (Calendar.HOUR,23);
> 	c.set (Calendar.MINUTE,59);
> 	c.set (Calendar.SECOND,59);
>
> 	System.out.printf ("%tY%<tm%<td%<tH%<tM%<tS%n",c);
> 	//	System.out.println (c);
>      }
> }
>
> I expected to get "99991231235959" out.  What I got was "100000201115959".  Or somewhat over 1 month off.
>
> I haven't tracked down why this is the case (could be the format process, could be a conversion to Date, could be something else), but I thought I'd pass it along.
>
> In any event, could we update the API to support Calendar for certificate related dates?
>
> Later, Mike
>




More information about the security-dev mailing list