archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8191358: Restore TSA certificate expiration check

Browse source 
Reviewed-by: coffeys, rhalade
This commit is contained in:
Sean Mullan 2017-12-08 09:37:28 -05:00
parent 232855d24e
commit d32a31283c
1 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/java.base/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java
View file

@ -31,6 +31,7 @@ import java.security.cert.*;
import java.util.*;
import sun.security.provider.certpath.PKIX.ValidatorParams;
import sun.security.validator.Validator;
import sun.security.x509.X509CertImpl;
import sun.security.util.Debug;
@ -189,11 +190,20 @@ public final class PKIXCertPathValidator extends CertPathValidatorSpi {
params.policyQualifiersRejected(),
rootNode);
certPathCheckers.add(pc);
// default value for date is current time
BasicChecker bc;
bc = new BasicChecker(anchor,
(params.timestamp() == null ? params.date() :
params.timestamp().getTimestamp()),
// the time that the certificate validity period should be
// checked against
Date timeToCheck = null;
// use timestamp if checking signed code that is timestamped, otherwise
// use date parameter from PKIXParameters
if ((params.variant() == Validator.VAR_CODE_SIGNING ||
params.variant() == Validator.VAR_PLUGIN_CODE_SIGNING) &&
params.timestamp() != null) {
timeToCheck = params.timestamp().getTimestamp();
} else {
timeToCheck = params.date();
}
BasicChecker bc = new BasicChecker(anchor, timeToCheck,
params.sigProvider(), false);
certPathCheckers.add(bc);