diff options
| author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-04-26 15:21:39 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-04-28 14:26:46 -0700 |
| commit | d98f20d33378a37898d4d6ffec80b09261504823 (patch) | |
| tree | 0f2055f3eb0808417b969771b8f9e3dbf5430e18 /base/server/cms/src/com | |
| parent | 853220445eb0ce54b6ce241547891605329b7e3e (diff) | |
CA in the certificate profiles the startTime parameter is not working as expected.
This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects.
Diffstat (limited to 'base/server/cms/src/com')
4 files changed, 14 insertions, 14 deletions
diff --git a/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java index 2df256eb1..2ecd4843d 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/CAValidityDefault.java @@ -24,6 +24,11 @@ import java.util.Calendar; import java.util.Date; import java.util.Locale; +import netscape.security.x509.BasicConstraintsExtension; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.X509CertInfo; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.ICertificateAuthority; @@ -34,11 +39,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; -import netscape.security.x509.BasicConstraintsExtension; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.PKIXExtensions; -import netscape.security.x509.X509CertInfo; - /** * This class implements a CA signing cert enrollment default policy * that populates a server-side configurable validity @@ -348,7 +348,7 @@ public class CAValidityDefault extends EnrollDefault { if (startTimeStr == null || startTimeStr.equals("")) { startTimeStr = "60"; } - int startTime = Integer.parseInt(startTimeStr); + long startTime = Long.parseLong(startTimeStr); Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); CMS.debug("CAValidityDefault: not before: " + notBefore); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java index 6532a13f0..2f05f32c6 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java @@ -296,13 +296,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault { if (startTimeStr == null || startTimeStr.equals("")) { startTimeStr = "60"; } - int startTime = Integer.parseInt(startTimeStr); + long startTime = Long.parseLong(startTimeStr); Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); long notAfterVal = 0; notAfterVal = notBefore.getTime() + - (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION))); + (mDefault * Long.parseLong(getConfig(CONFIG_DURATION))); Date notAfter = new Date(notAfterVal); ext = new PrivateKeyUsageExtension(notBefore, notAfter); diff --git a/base/server/cms/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java index 6308715b0..ce69c1529 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/RandomizedValidityDefault.java @@ -290,7 +290,7 @@ public class RandomizedValidityDefault extends EnrollDefault { if (startTimeStr == null || startTimeStr.equals("")) { startTimeStr = "60"; } - int startTime = Integer.parseInt(startTimeStr); + long startTime = Long.parseLong(startTimeStr); String notBeforeRandomBitsStr = getConfig(CONFIG_NOT_BEFORE_RANDOM_BITS); if (notBeforeRandomBitsStr == null || notBeforeRandomBitsStr.length() == 0) { diff --git a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java index 21ec8ea73..a74ccdf32 100644 --- a/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java +++ b/base/server/cms/src/com/netscape/cms/profile/def/ValidityDefault.java @@ -24,6 +24,10 @@ import java.util.Calendar; import java.util.Date; import java.util.Locale; +import netscape.security.x509.CertificateValidity; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.ca.ICertificateAuthority; @@ -34,10 +38,6 @@ import com.netscape.certsrv.property.EPropertyException; import com.netscape.certsrv.property.IDescriptor; import com.netscape.certsrv.request.IRequest; -import netscape.security.x509.CertificateValidity; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - /** * This class implements an enrollment default policy * that populates a server-side configurable validity @@ -265,7 +265,7 @@ public class ValidityDefault extends EnrollDefault { if (startTimeStr == null || startTimeStr.equals("")) { startTimeStr = "60"; } - int startTime = Integer.parseInt(startTimeStr); + long startTime = Long.parseLong(startTimeStr); Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime)); CMS.debug("ValidityDefault: not before: " + notBefore); |