Dates and certificates

Michael StJohns mstjohns at
Tue Apr 10 17:38:31 PDT 2012

I've come to the conclusion I literally do not know what I was talking about.  

This has been on my "figure out what's going on" some day list for a while and it went on because of some issue with respect to the handling of this particular date value that caused a program to blow up.  I now can't find that program.  And I've now been able - successfully - to use this date value.  

If I ever figure out why this was on the list (and confirm it's still an issue) I'll bring it up again.  Consider it closed unless and until and my apologies.

Thanks to Vincent and Xueming for the info on what I was doing wrong with Calendar.  Both hints were needed to resolve the issue. 


At 11:23 AM 4/10/2012, Sean Mullan wrote:
>On 04/09/2012 02:07 PM, Michael StJohns wrote:
>>Hi -
>>I've been trying to figure out which changes would be necessary to
>>support the "inifinite" date used in RFC5280 for certificates that
>>don't expire (e.g. 99991231255959).    (e.g.
>>I first thought this would be as easy as supporting the use of
>>Calendar instead or in addition to Date for the notBefore and
>>notAfter fields.  That would require an API change.
>Can you explain why you think Date would not be sufficient?
>>In the process of testing whether or not Calendar would support this
>>I wrote the following short program:
>>import java.util.Calendar; import java.util.TimeZone; import
>>public class TestDate {
>>public static void main (String[] args) throws Exception {
>>Calendar c = Calendar.getInstance(); // Calendar c = new
>>c.setTimeZone(TimeZone.getTimeZone("GMT-0")); c.set
>>(Calendar.ZONE_OFFSET, 0); c.set (Calendar.YEAR, 9999); c.set
>>(Calendar.MONTH,12); c.set (Calendar.DATE,31); c.set
>>(Calendar.HOUR,23); c.set (Calendar.MINUTE,59); c.set
>>System.out.printf ("%tY%<tm%<td%<tH%<tM%<tS%n",c); //
>>System.out.println (c); } }
>>I expected to get "99991231235959" out.  What I got was
>>"100000201115959".  Or somewhat over 1 month off.
>>I haven't tracked down why this is the case (could be the format
>>process, could be a conversion to Date, could be something else), but
>>I thought I'd pass it along.
>I'm not sure. I've copied Xueming (Sherman) who might know the answer.
>>In any event, could we update the API to support Calendar for
>>certificate related dates?
>>Later, Mike

More information about the security-dev mailing list