Changeset b77524c for core


Ignore:
Timestamp:
Feb 20, 2018 12:27:30 PM (2 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
86b3b13
Parents:
12c7871
Message:

Crypto: Backdate selfsigned cert to allow for clock skew

File:
1 edited

Legend:

Unmodified
Added
Removed
  • core/java/src/net/i2p/crypto/SelfSignedGenerator.java

    r12c7871 rb77524c  
    4545 *  Ref: RFC 2459
    4646 *
    47  *  This is coded to create a cert that matches what comes out of keytool
    48  *  exactly, even if I don't understand all of it.
     47 *  This is coded to create a cert that is similar to what comes out of keytool,
     48 *  even if I don't understand all of it.
    4949 *
    5050 *  @since 0.9.25
     
    353353        if (serial.length > 255)
    354354            throw new IllegalArgumentException();
    355         long now = System.currentTimeMillis();
    356         long then = now + (validDays * 24L * 60 * 60 * 1000);
     355        // backdate to allow for clock skew
     356        long now = System.currentTimeMillis() - (24L * 60 * 60 * 1000);
     357        long then = now + ((validDays + 1) * 24L * 60 * 60 * 1000);
    357358        // used for CRL time and revocation time
    358359        byte[] nowbytes = getDate(now);
     
    444445        rv[0] = 0x30;
    445446        rv[1] = 30;
    446         long now = System.currentTimeMillis();
    447         long then = now + (validDays * 24L * 60 * 60 * 1000);
     447        // backdate to allow for clock skew
     448        long now = System.currentTimeMillis() - (24L * 60 * 60 * 1000);
     449        long then = now + ((validDays + 1) * 24L * 60 * 60 * 1000);
    448450        byte[] nowbytes = getDate(now);
    449451        byte[] thenbytes = getDate(then);
     
    724726    }
    725727
     728    /**
     729     *  Note: For CLI testing, use java -jar i2p.jar su3file keygen pubkey.crt keystore.ks commonName
     730     */
    726731/****
    727732    public static void main(String[] args) {
Note: See TracChangeset for help on using the changeset viewer.