Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for TSA Certificates #680

Merged
merged 2 commits into from
Jul 31, 2020
Merged

add support for TSA Certificates #680

merged 2 commits into from
Jul 31, 2020

Conversation

sclassen
Copy link
Contributor

No description provided.

hendrikebbers
hendrikebbers reviewed Jul 31, 2020
View reviewed changes
core/src/main/java/net/sourceforge/jnlp/tools/JarCertVerifier.java Outdated
int numSignableEntriesInJar = 0;

// Record current time just before checking the jar begins.
final ZonedDateTime now = ZonedDateTime.now();
final ZonedDateTime shortlyAfterNow = now.plus(6, MONTHS);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

6 month are not "shortly after now" ;)

core/src/main/java/net/sourceforge/jnlp/tools/JarCertVerifier.java
final X509Certificate tsaCertificate = (X509Certificate) optionalSignatureTimestamp
.map(Timestamp::getSignerCertPath)
.map(CertPath::getCertificates)
.map(certs -> certs.get(0))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this end in an ArrayOutOfBounds? Maybe a filter before that one makes sense.

core/src/main/java/net/sourceforge/jnlp/tools/JarCertVerifier.java Outdated
if (tsaCertificate != null) {
final ZonedDateTime tsaNotBefore = zonedDateTime(tsaCertificate.getNotBefore());
final ZonedDateTime tsaNotAfter = zonedDateTime(tsaCertificate.getNotAfter());
final ZonedDateTime signedAt = zonedDateTime(optionalSignatureTimestamp.get().getTimestamp());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use orElseThrow instead of get here. I understand that I can not happen now that the val is null but maybe in future based on refactoring. So maybe throw a specific exception + description here.

@sclassen sclassen merged commit 566f372 into master Jul 31, 2020
@sclassen sclassen deleted the tsaCertificateSupport branch July 31, 2020 14:15
@hendrikebbers hendrikebbers added this to the 2.0.0-alpha15 milestone Aug 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hendrikebbers hendrikebbers hendrikebbers left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.0-alpha15
Development

Successfully merging this pull request may close these issues.
2 participants
@sclassen @hendrikebbers