RFR: 8279254: PKCS9Attribute SigningTime always encoded in UTFTime
Jamil Nimeh
jnimeh at openjdk.org
Thu Jun 22 19:53:03 UTC 2023
On Thu, 22 Jun 2023 18:45:14 GMT, Ben Perez <duke at openjdk.org> wrote:
> Added single-argument `putTime` method to `DerOutputStream` that selects the correct encoding based on the `Date` value. Similarly, a `getTime` method was added to `DerValue` to automatically call the correct decoding function based on the date type specified by the `tag`. Furthermore, the `encode` method in `PKCS9Attribute` was changed to utilize the new `putTime` method.
src/java.base/share/classes/sun/security/util/DerOutputStream.java line 490:
> 488: public DerOutputStream putTime(Date d) {
> 489: @SuppressWarnings("deprecation")
> 490: Date low = new Date(1950,1,1);
Isn't this form of the `Date` constructor deprecated? Alternately you could convert 1/1/1950 into epoch time as a long and use `new Date(long)` which is not deprecated. Same for line 492.
test/jdk/sun/security/util/DerOutputStream/DerTimeEncoding.java line 40:
> 38: //Check that dates after 2050 use GeneralizedTime
> 39: DerOutputStream out = new DerOutputStream();
> 40: Date generalizedTimeDate = new Date(2055,3,17);
Same comment as above for both this line and line 50.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/14617#discussion_r1238963194
PR Review Comment: https://git.openjdk.org/jdk/pull/14617#discussion_r1238964501
More information about the security-dev
mailing list