Bug 1469 – org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate in the chain

Bug 1469 - org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate in the chain

Summary:

org.globus.gsi.GlobusCredential.getTimeLeft() only checks first certificate i...

Status:	RESOLVED FIXED

Product:	CoG jglobus
Component:	security
Version:	1.1
Platform:	PC All

Importance:	P2 minor
Target Milestone:	---
Assigned To:	Jarek Gawor

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-12-16 14:35 by Jim Basney
Modified:	2005-12-05 17:10 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Jim Basney 2003-12-16 14:35:51

The org.globus.gsi.GlobusCredential.getTimeLeft() method (used by grid-proxy-
info -timeleft) reports the remaining lifetime of the first certificate in the 
proxy chain, assuming it has the shortest lifetime of all certificates in the 
chain.  In rare cases (probably due to bugs in other software), users can get a 
proxy credential where this assumption does not hold, i.e., a certificate 
somewhere else in the chain has a shorter lifetime than the first certificate.  
It would help users to diagnose these cases if getTimeLeft() checked all 
certificates in the chain to get the true lifetime of the credential, i.e., the 
intersection of the valid lifetimes of all the certificates.