From 04e318c9ca122868c205551fa0af617fe9b2c754 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 26 Aug 2015 22:42:42 +0200 Subject: [PATCH] force swap X.509 cert generation to use English/Gregorian times MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When using locales that use different calendars, like Farsi, Arabic, Hebrew, etc. there was a crash in spongycastle's X.509 generation because it was trying to parse a Farsi date string as English. fixes #334 https://gitlab.com/fdroid/fdroidclient/issues/334 Here's the original stacktrace: java.lang.IllegalArgumentException: invalid date string: Unparseable date: "ñõðøòñðóñõõóGMT+00:00" (at offset 0) at org.spongycastle.asn1.ASN1UTCTime.(ASN1UTCTime.java:115) at org.spongycastle.asn1.DERUTCTime.(DERUTCTime.java:23) at org.spongycastle.asn1.x509.Time.(Time.java:67) at org.spongycastle.cert.X509v3CertificateBuilder.(X509v3CertificateBuilder.java:40) at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.generateSelfSignedCertChain(LocalRepoKeyStore.java:301) at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.generateSelfSignedCertChain(LocalRepoKeyStore.java:281) at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.(LocalRepoKeyStore.java:136) at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.get(LocalRepoKeyStore.java:73) at org.fdroid.fdroid.net.WifiStateChangeService$WaitForWifiAsyncTask.doInBackground(WifiStateChangeService.java:124) at org.fdroid.fdroid.net.WifiStateChangeService$WaitForWifiAsyncTask.doInBackground(WifiStateChangeService.java:62) --- .../fdroid/localrepo/LocalRepoKeyStore.java | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java b/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java index 548043b1c..a38fb559c 100644 --- a/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java +++ b/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java @@ -10,6 +10,7 @@ import org.spongycastle.asn1.x500.X500Name; import org.spongycastle.asn1.x509.GeneralName; import org.spongycastle.asn1.x509.GeneralNames; import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; +import org.spongycastle.asn1.x509.Time; import org.spongycastle.asn1.x509.X509Extension; import org.spongycastle.cert.X509CertificateHolder; import org.spongycastle.cert.X509v3CertificateBuilder; @@ -41,6 +42,8 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Calendar; import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Locale; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -291,17 +294,22 @@ public class LocalRepoKeyStore { SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo( ASN1Sequence.getInstance(pubKey.getEncoded())); - Date startDate = new Date(); // now + Date now = new Date(); // now - Calendar c = Calendar.getInstance(); - c.setTime(startDate); + /* force it to use a English/Gregorian dates for the cert, hardly anyone + ever looks at the cert metadata anyway, and its very likely that they + understand English/Gregorian dates */ + Calendar c = new GregorianCalendar(Locale.ENGLISH); + c.setTime(now); c.add(Calendar.YEAR, 1); - Date endDate = c.getTime(); + Time startTime = new Time(now, Locale.ENGLISH); + Time endTime = new Time(c.getTime(), Locale.ENGLISH); X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder( subject, BigInteger.valueOf(rand.nextLong()), - startDate, endDate, + startTime, + endTime, subject, subPubKeyInfo);