stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8266137: Improve Keystore integrity

Browse Source 
Reviewed-by: mschoene, rhalade, weijun
This commit is contained in:
Hai-May Chao 2021-06-08 21:58:23 +00:00 committed by Henry Jen
parent bddcc8ea9d
commit a48251cb4a
2 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/java.base/share/classes/sun/security/tools/keytool/CertAndKeyGen.java
View File

@ -32,7 +32,10 @@ import java.security.cert.CertificateEncodingException;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.NamedParameterSpec;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.TimeZone;
import sun.security.pkcs10.PKCS10;
import sun.security.util.SignatureUtil;
@ -304,6 +307,12 @@ public final class CertAndKeyGen {
try {
lastDate = new Date ();
lastDate.setTime (firstDate.getTime () + validity * 1000);
Calendar c = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
c.setTime(lastDate);
if (c.get(Calendar.YEAR) > 9999) {
throw new CertificateException("Validity period ends at calendar year " +
c.get(Calendar.YEAR) + " which is greater than 9999");
}
CertificateValidity interval =
new CertificateValidity(firstDate,lastDate);

25
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View File

@ -1445,8 +1445,7 @@ public final class Main {
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
@ -1558,12 +1557,10 @@ public final class Main {
X509CertInfo.DN_NAME);
Date firstDate = getStartDate(startDate);
Date lastDate = (Date) firstDate.clone();
lastDate.setTime(lastDate.getTime() + validity*1000*24*60*60);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
PrivateKey privateKey =
(PrivateKey)recoverKey(alias, storePass, keyPass).fst;
if (sigAlgName == null) {
@ -3031,8 +3028,7 @@ public final class Main {
// Extend its validity
Date firstDate = getStartDate(startDate);
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Date lastDate = getLastDate(firstDate, validity);
CertificateValidity interval = new CertificateValidity(firstDate,
lastDate);
certInfo.set(X509CertInfo.VALIDITY, interval);
@ -4693,6 +4689,21 @@ public final class Main {
return result;
}
private Date getLastDate(Date firstDate, long validity)
throws Exception {
Date lastDate = new Date();
lastDate.setTime(firstDate.getTime() + validity*1000L*24L*60L*60L);
Calendar c = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
c.setTime(lastDate);
if (c.get(Calendar.YEAR) > 9999) {
throw new Exception("Validity period ends at calendar year " +
c.get(Calendar.YEAR) + " which is greater than 9999");
}
return lastDate;
}
private boolean isTrustedCert(Certificate cert) throws KeyStoreException {
if (caks != null && caks.getCertificateAlias(cert) != null) {
return true;