stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
Sean Mullan 2008-11-06 11:58:06 -05:00
commit a0d2321424
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java
View File

@ -151,6 +151,10 @@ class OCSPResponse {
private SingleResponse singleResponse; private SingleResponse singleResponse;
// Maximum clock skew in milliseconds (10 minutes) allowed when checking
// validity of OCSP responses
private static final long MAX_CLOCK_SKEW = 600000;
// an array of all of the CRLReasons (used in SingleResponse) // an array of all of the CRLReasons (used in SingleResponse)
private static CRLReason[] values = CRLReason.values(); private static CRLReason[] values = CRLReason.values();
@ -583,7 +587,9 @@ class OCSPResponse {
} }
} }
Date now = new Date(); long now = System.currentTimeMillis();
Date nowPlusSkew = new Date(now + MAX_CLOCK_SKEW);
Date nowMinusSkew = new Date(now - MAX_CLOCK_SKEW);
if (DEBUG != null) { if (DEBUG != null) {
String until = ""; String until = "";
if (nextUpdate != null) { if (nextUpdate != null) {
@ -593,8 +599,8 @@ class OCSPResponse {
thisUpdate + until); thisUpdate + until);
} }
// Check that the test date is within the validity interval // Check that the test date is within the validity interval
if ((thisUpdate != null && now.before(thisUpdate)) || if ((thisUpdate != null && nowPlusSkew.before(thisUpdate)) ||
(nextUpdate != null && now.after(nextUpdate))) { (nextUpdate != null && nowMinusSkew.after(nextUpdate))) {
if (DEBUG != null) { if (DEBUG != null) {
DEBUG.println("Response is unreliable: its validity " + DEBUG.println("Response is unreliable: its validity " +