Skip to content
Snippets Groups Projects
Commit 1e20c7c4 authored by Goetz Lindenmaier's avatar Goetz Lindenmaier
Browse files

8341059: Change Entrust TLS distrust date to November 12, 2024

Backport-of: eced83e13090748218ab3dac78f6ff1bddf2b158
parent 963123ad
No related branches found
No related tags found
No related merge requests found
...@@ -57,7 +57,7 @@ enum CADistrustPolicy { ...@@ -57,7 +57,7 @@ enum CADistrustPolicy {
/** /**
* Distrust TLS Server certificates anchored by an Entrust root CA and * Distrust TLS Server certificates anchored by an Entrust root CA and
* issued after October 31, 2024. If enabled, this policy is currently * issued after November 11, 2024. If enabled, this policy is currently
* enforced by the PKIX and SunX509 TrustManager implementations * enforced by the PKIX and SunX509 TrustManager implementations
* of the SunJSSE provider implementation. * of the SunJSSE provider implementation.
*/ */
......
...@@ -88,8 +88,8 @@ final class EntrustTLSPolicy { ...@@ -88,8 +88,8 @@ final class EntrustTLSPolicy {
// Any TLS Server certificate that is anchored by one of the Entrust // Any TLS Server certificate that is anchored by one of the Entrust
// roots above and is issued after this date will be distrusted. // roots above and is issued after this date will be distrusted.
private static final LocalDate OCTOBER_31_2024 = private static final LocalDate NOVEMBER_11_2024 =
LocalDate.of(2024, Month.OCTOBER, 31); LocalDate.of(2024, Month.NOVEMBER, 11);
/** /**
* This method assumes the eeCert is a TLS Server Cert and chains back to * This method assumes the eeCert is a TLS Server Cert and chains back to
...@@ -111,8 +111,8 @@ final class EntrustTLSPolicy { ...@@ -111,8 +111,8 @@ final class EntrustTLSPolicy {
Date notBefore = chain[0].getNotBefore(); Date notBefore = chain[0].getNotBefore();
LocalDate ldNotBefore = LocalDate.ofInstant(notBefore.toInstant(), LocalDate ldNotBefore = LocalDate.ofInstant(notBefore.toInstant(),
ZoneOffset.UTC); ZoneOffset.UTC);
// reject if certificate is issued after October 31, 2024 // reject if certificate is issued after November 11, 2024
checkNotBefore(ldNotBefore, OCTOBER_31_2024, anchor); checkNotBefore(ldNotBefore, NOVEMBER_11_2024, anchor);
} }
} }
......
...@@ -1282,7 +1282,7 @@ jdk.sasl.disabledMechanisms= ...@@ -1282,7 +1282,7 @@ jdk.sasl.disabledMechanisms=
# Distrust after December 31, 2019. # Distrust after December 31, 2019.
# #
# ENTRUST_TLS : Distrust TLS Server certificates anchored by # ENTRUST_TLS : Distrust TLS Server certificates anchored by
# an Entrust root CA and issued after October 31, 2024. # an Entrust root CA and issued after November 11, 2024.
# #
# Leading and trailing whitespace surrounding each value are ignored. # Leading and trailing whitespace surrounding each value are ignored.
# Unknown values are ignored. If the property is commented out or set to the # Unknown values are ignored. If the property is commented out or set to the
......
...@@ -35,7 +35,7 @@ import jdk.test.lib.security.SecurityUtils; ...@@ -35,7 +35,7 @@ import jdk.test.lib.security.SecurityUtils;
/** /**
* @test * @test
* @bug 8337664 * @bug 8337664 8341059
* @summary Check that TLS Server certificates chaining back to distrusted * @summary Check that TLS Server certificates chaining back to distrusted
* Entrust roots are invalid * Entrust roots are invalid
* @library /test/lib * @library /test/lib
...@@ -59,14 +59,14 @@ public class Distrust { ...@@ -59,14 +59,14 @@ public class Distrust {
"affirmtrustpremiumca", "affirmtrustpremiumeccca" }; "affirmtrustpremiumca", "affirmtrustpremiumeccca" };
// A date that is after the restrictions take effect // A date that is after the restrictions take effect
private static final Date NOVEMBER_1_2024 = private static final Date NOVEMBER_12_2024 =
Date.from(LocalDate.of(2024, 11, 1) Date.from(LocalDate.of(2024, 11, 12)
.atStartOfDay(ZoneOffset.UTC) .atStartOfDay(ZoneOffset.UTC)
.toInstant()); .toInstant());
// A date that is a second before the restrictions take effect // A date that is a second before the restrictions take effect
private static final Date BEFORE_NOVEMBER_1_2024 = private static final Date BEFORE_NOVEMBER_12_2024 =
Date.from(LocalDate.of(2024, 11, 1) Date.from(LocalDate.of(2024, 11, 12)
.atStartOfDay(ZoneOffset.UTC) .atStartOfDay(ZoneOffset.UTC)
.minusSeconds(1) .minusSeconds(1)
.toInstant()); .toInstant());
...@@ -84,7 +84,7 @@ public class Distrust { ...@@ -84,7 +84,7 @@ public class Distrust {
Security.setProperty("jdk.security.caDistrustPolicies", ""); Security.setProperty("jdk.security.caDistrustPolicies", "");
} }
Date notBefore = before ? BEFORE_NOVEMBER_1_2024 : NOVEMBER_1_2024; Date notBefore = before ? BEFORE_NOVEMBER_12_2024 : NOVEMBER_12_2024;
X509TrustManager pkixTM = getTMF("PKIX", null); X509TrustManager pkixTM = getTMF("PKIX", null);
X509TrustManager sunX509TM = getTMF("SunX509", null); X509TrustManager sunX509TM = getTMF("SunX509", null);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment