aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--netx/net/sourceforge/jnlp/tools/JarSigner.java6
2 files changed, 13 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 6bc9f11..e3e2d72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-03-30 Danesh Dadachanji <[email protected]>
+
+ Certificate start dates are not being checked, they are still verified
+ even if the date has yet not been reached.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): If the start
+ date is in the future, set notYetValidCert to true.
+
2012-03-21 Omair Majid <[email protected]>
* tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java
diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java
index 9ddbf6b..fbae6e2 100644
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java
@@ -297,9 +297,15 @@ public class JarSigner implements CertVerifier {
if (cert instanceof X509Certificate) {
checkCertUsage((X509Certificate) cert, null);
if (!showcerts) {
+ long notBefore = ((X509Certificate) cert)
+ .getNotBefore().getTime();
long notAfter = ((X509Certificate) cert)
.getNotAfter().getTime();
+ if (now < notBefore) {
+ notYetValidCert = true;
+ }
+
if (notAfter < now) {
hasExpiredCert = true;
} else if (notAfter < now + SIX_MONTHS) {
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-28 19:41:04 +0000