changeset 804:6923a82c1036

Merge
author mullan
date Thu, 06 Nov 2008 11:58:06 -0500
parents 8d17cc67a857 5102df668164
children 3a3e02a55de8
files
diffstat 1 files changed, 9 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Fri Oct 31 17:34:52 2008 +0100
+++ b/src/share/classes/sun/security/provider/certpath/OCSPResponse.java	Thu Nov 06 11:58:06 2008 -0500
@@ -151,6 +151,10 @@
 
     private SingleResponse singleResponse;
 
+    // Maximum clock skew in milliseconds (10 minutes) allowed when checking
+    // validity of OCSP responses
+    private static final long MAX_CLOCK_SKEW = 600000;
+
     // an array of all of the CRLReasons (used in SingleResponse)
     private static CRLReason[] values = CRLReason.values();
 
@@ -583,7 +587,9 @@
                 }
             }
 
-            Date now = new Date();
+            long now = System.currentTimeMillis();
+            Date nowPlusSkew = new Date(now + MAX_CLOCK_SKEW);
+            Date nowMinusSkew = new Date(now - MAX_CLOCK_SKEW);
             if (DEBUG != null) {
                 String until = "";
                 if (nextUpdate != null) {
@@ -593,8 +599,8 @@
                     thisUpdate + until);
             }
             // Check that the test date is within the validity interval
-            if ((thisUpdate != null && now.before(thisUpdate)) ||
-                (nextUpdate != null && now.after(nextUpdate))) {
+            if ((thisUpdate != null && nowPlusSkew.before(thisUpdate)) ||
+                (nextUpdate != null && nowMinusSkew.after(nextUpdate))) {
 
                 if (DEBUG != null) {
                     DEBUG.println("Response is unreliable: its validity " +