Open kyanha opened 4 years ago
I'm not overly familiar with CertPath details. Please provide refs for the commented out Java and C# code you are referring to.
bc-prov:org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi line 112 bc-csharp:Org.BouncyCastle.Pkix.PkixCertPathValidator line 69
Specifically, the portions that would implement part (b) of the PKIX "Inputs" section (6.1.1 of RFC3280/5280).
The date appears to be supported by the processing for RFC3281 (the attribute certificate profile).
Would you happen to have some test data that specifically covers the chain validity model?
PkixCertPathValidator does not validate against PkixParameters.Date when
PkixParameters.ValidityModel == ChainValidityModel
. In fact, any processing where the date can be set is completely commented out. This appears to follow the Java implementation, where that kind of processing has been commented out since "first cut of code" on Feb 7, 2013.This breaks an independent implementation of Authenticode processing with BC, among other things.
@peterdettman, would you know the history surrounding this? or maybe be able to ask around?