8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01

Reviewed-by: pkoppula, weijun, coffeys
2025-08-27 06:45:07 +02:00 · 2020-02-26 18:06:19 +03:00 · 2020-02-26 18:06:19 +03:00 · 9b12c80e21
commit 9b12c80e21
parent b08595d844
4 changed files with 70 additions and 9 deletions
--- a/src/java.base/share/classes/sun/security/x509/CertificateValidity.java
+++ b/src/java.base/share/classes/sun/security/x509/CertificateValidity.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -51,7 +51,10 @@ public class CertificateValidity implements CertAttrSet<String> {
    public static final String NAME = "validity";
    public static final String NOT_BEFORE = "notBefore";
    public static final String NOT_AFTER = "notAfter";
-    private static final long YR_2050 = 2524636800000L;
+    /**
+     * YR_2050 date and time set to Jan01 00:00 2050 GMT
+     */
+    static final long YR_2050 = 2524608000000L;

    // Private data members
    private Date        notBefore;
--- a/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
+++ b/src/java.base/share/classes/sun/security/x509/X509CRLEntryImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -77,7 +77,6 @@ public class X509CRLEntryImpl extends X509CRLEntry
    private X500Principal certIssuer;

    private static final boolean isExplicit = false;
-    private static final long YR_2050 = 2524636800000L;

    /**
     * Constructs a revoked certificate entry using the given
@ -162,7 +161,7 @@ public class X509CRLEntryImpl extends X509CRLEntry
                // sequence { serialNumber, revocationDate, extensions }
                serialNumber.encode(tmp);

-                if (revocationDate.getTime() < YR_2050) {
+                if (revocationDate.getTime() < CertificateValidity.YR_2050) {
                    tmp.putUTCTime(revocationDate);
                } else {
                    tmp.putGeneralizedTime(revocationDate);
--- a/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
+++ b/src/java.base/share/classes/sun/security/x509/X509CRLImpl.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -99,7 +99,6 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
    private List<X509CRLEntry> revokedList = new LinkedList<>();
    private CRLExtensions    extensions = null;
    private static final boolean isExplicit = true;
-    private static final long YR_2050 = 2524636800000L;

    private boolean readOnly = false;

@ -286,13 +285,13 @@ public class X509CRLImpl extends X509CRL implements DerEncoder {
                throw new CRLException("Null Issuer DN not allowed in v1 CRL");
            issuer.encode(tmp);

-            if (thisUpdate.getTime() < YR_2050)
+            if (thisUpdate.getTime() < CertificateValidity.YR_2050)
                tmp.putUTCTime(thisUpdate);
            else
                tmp.putGeneralizedTime(thisUpdate);

            if (nextUpdate != null) {
-                if (nextUpdate.getTime() < YR_2050)
+                if (nextUpdate.getTime() < CertificateValidity.YR_2050)
                    tmp.putUTCTime(nextUpdate);
                else
                    tmp.putGeneralizedTime(nextUpdate);