CA certificate profiles: the startTime parameter is not working as expected.

[pki-bot]

This issue was migrated from Pagure Issue #2520. Originally filed by ddas@redhat.com on 2016-10-17 18:07:37:

• Closed at 2017-04-28 17:38:25 as fixed
• Assigned to jmagne (@jmagne)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1385208

---

In the CA certificate profiles the startTime parameter is not
working as expected. When editing the line
"policyset.GenericCertificateSet.ValidityPeriod.default.params.startTime=0" and
changing the value from 0 to something large such as 2592000 the results are
not as expected. This should cause a certificate to be issued with the
notBefore date being 30 days in the future but what actually happens is the
notBefore date is in the past. If the value for startTime is less than 2147483
then it seems to work as expected but any larger value does not work as
expected.

Actual results:

notBefore date is set in the past

Expected results:

The certificate should be issued with the notBefore date being 30 days in the
future

Additional info:

May be found in associated Bugzilla Bug.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-11-21 23:35:54

On 11/21/2016, dsirrine wrote:
This is not a priority and can be targeted for RHEL 7.4 and CS 9.2... I will update if there are any changes.

NOTE: Marking as 'critical' as it is from a customer request.

[pki-bot]

Comment from ddas@redhat.com at 2017-02-27 13:58:49

Metadata Update from @ddas@redhat.com:

• Issue assigned to jmagne
• Issue set to the milestone: 10.4

[pki-bot]

Comment from jmagne (@jmagne) at 2017-04-28 17:27:29

Checkin:

commit d98f20d
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Wed Apr 26 15:21:39 2017 -0700

CA in the certificate profiles the startTime parameter is not working as expected.

This simple fix addresses an overflow in the "startTime" paramenter in 4 places in the code. I felt that honing in only on the startTime value was the best way to go. In some of the files other than ValidityDefault.java, there were possibly some values that could be changed from int to long. Due to the complexity of some of the calculations involved in some of those cases, it is best to fix the exact issue at hand instead of introducing some other possible side effects.

[pki-bot]

Comment from jmagne (@jmagne) at 2017-04-28 17:27:31

Metadata Update from @jmagne:

• Custom field component adjusted to General (was: Profiles)
• Custom field feature adjusted to ''
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field version adjusted to ''
• Issue close_status updated to: None

[pki-bot]

Comment from jmagne (@jmagne) at 2017-04-28 17:38:28

Metadata Update from @jmagne:

• Issue close_status updated to: fixed
• Issue status updated to: Closed (was: Open)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-04-29 17:58:34

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.3 (was: 10.4)