darlinghq/darling-openjdk
1
0
Fork 0
mirror of https://github.com/darlinghq/darling-openjdk.git synced 2024-11-23 12:29:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01

Browse Source 
Reviewed-by: pkoppula, weijun, coffeys
This commit is contained in:
Ravi Reddy 2020-03-02 22:57:20 -08:00 committed by Ivan Gerasimov
parent f821fb27cb
commit cb5dd3dc1d
4 changed files with 70 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/java.base/share/classes/sun/security/x509/CertificateValidity.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,7 +51,10 @@ public class CertificateValidity implements CertAttrSet<String> {
public static final String NAME = "validity";
public static final String NOT_BEFORE = "notBefore";
public static final String NOT_AFTER = "notAfter";
private static final long YR_2050 = 2524636800000L;
/**
* YR_2050 date and time set to Jan01 00:00 2050 GMT
*/
static final long YR_2050 = 2524608000000L;
// Private data members
private Date notBefore;

5
src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -77,7 +77,6 @@ public class X509CRLEntryImpl extends X509CRLEntry
private X500Principal certIssuer;
private static final boolean isExplicit = false;
private static final long YR_2050 = 2524636800000L;
/**
* Constructs a revoked certificate entry using the given
@ -162,7 +161,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
// sequence { serialNumber, revocationDate, extensions }
serialNumber.encode(tmp);
if (revocationDate.getTime() < YR_2050) {
if (revocationDate.getTime() < CertificateValidity.YR_2050) {
tmp.putUTCTime(revocationDate);
} else {
tmp.putGeneralizedTime(revocationDate);

7
src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -99,7 +99,6 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
private List<X509CRLEntry> revokedList = new LinkedList<>();
private CRLExtensions extensions = null;
private static final boolean isExplicit = true;
private static final long YR_2050 = 2524636800000L;
private boolean readOnly = false;
@ -286,13 +285,13 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
throw new CRLException("Null Issuer DN not allowed in v1 CRL");
issuer.encode(tmp);
if (thisUpdate.getTime() < YR_2050)
if (thisUpdate.getTime() < CertificateValidity.YR_2050)
tmp.putUTCTime(thisUpdate);
else
tmp.putGeneralizedTime(thisUpdate);
if (nextUpdate != null) {
if (nextUpdate.getTime() < YR_2050)
if (nextUpdate.getTime() < CertificateValidity.YR_2050)
tmp.putUTCTime(nextUpdate);
else
tmp.putGeneralizedTime(nextUpdate);

60
test/jdk/sun/security/x509/X509CertImpl/CertificateValidation.java Normal file
View File

@ -0,0 +1,60 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8238452
* @modules java.base/sun.security.x509
* java.base/sun.security.tools.keytool
* @summary This test generates V3 certificate with certain validity period
* and checks whether the validity has expired or not.
*/
import sun.security.tools.keytool.CertAndKeyGen;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X500Name;
public class CertificateValidation {
public static void main(String[] args) throws Exception {
Calendar cal = Calendar.getInstance(TimeZone.getTimeZone("GMT"));
cal.set(2050, 00, 01, 01, 00, 00);
Date lastDate = cal.getTime();
// Seconds till lastDate plus one hour
long validity = (lastDate.getTime() - System.currentTimeMillis())/1000L + 3600;
Date firstDate = new Date(lastDate.getTime() - validity * 1000L);
CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA256withRSA");
ckg.generate(2048);
X509Certificate crt = ckg.getSelfCertificate(
new X500Name("CN=Me"), firstDate, validity);
byte[] encoded = crt.getEncoded();
X509CertImpl certImpl = new X509CertImpl(encoded);
certImpl.checkValidity();
}
}