archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8266137: Improve Keystore integrity

Browse source 
Reviewed-by: mschoene, rhalade, weijun
This commit is contained in:
Hai-May Chao 2021-06-08 21:58:23 +00:00 committed by Henry Jen
parent bddcc8ea9d
commit a48251cb4a
2 changed files with 27 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

25
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -1445,8 +1445,7 @@ public final class Main {
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
@ -1558,12 +1557,10 @@ public final class Main {
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = (Date) firstDate.clone();
lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
PrivateKey privateKey =
(PrivateKey)recoverKey(alias, storePass, keyPass).fst;
if (sigAlgName == null) {
@ -3031,8 +3028,7 @@ public final class Main {
// Extend its validity
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
certInfo.set(X509CertInfo.VALIDITY, interval);
@ -4693,6 +4689,21 @@ public final class Main {
return result;
}
private Date getLastDate(Date firstDate, long validity)
throws Exception {
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Calendar c = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
c.setTime(lastDate);
if (c.get(Calendar.YEAR) > 9999) {
throw new Exception("Validity period ends at calendar year " +
c.get(Calendar.YEAR) + " which is greater than 9999");
}
return lastDate;
}
private boolean isTrustedCert(Certificate cert) throws KeyStoreException {
if (caks != null && caks.getCertificateAlias(cert) != null) {
return true;