[Android] Recompute expiration of self-signed certificate

Robert Stone git at videolan.org
Thu Dec 5 09:16:49 UTC 2024 

vlc-android | branch: master | Robert Stone <rhstone at gmail.com> | Thu Nov 14 20:28:00 2024 -0800| [deb5437ce384b4cfe136bda465ead9436c5c8c87] | committer: Nicolas Pomepuy

Recompute expiration of self-signed certificate

> https://code.videolan.org/videolan/vlc-android/commit/deb5437ce384b4cfe136bda465ead9436c5c8c87
---

 .../java/org/videolan/vlc/webserver/RemoteAccessServer.kt   | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessServer.kt b/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessServer.kt
index c1004f0fe0..322e623f1a 100644
--- a/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessServer.kt
+++ b/application/webserver/src/main/java/org/videolan/vlc/webserver/RemoteAccessServer.kt
@@ -126,8 +126,8 @@ import java.security.SecureRandom
 import java.security.Security
 import java.security.cert.X509Certificate
 import java.time.Duration
+import java.util.Calendar
 import java.util.Collections
-import java.util.Date
 import java.util.Locale
 
 
@@ -326,8 +326,17 @@ class RemoteAccessServer(private val context: Context) : PlaybackService.Callbac
         //If needed, we can add a setting to let the user revoking the certificate by deleting the keystore file to start all this process over
         val cert: X509Certificate
         try {
+            val cal = Calendar.getInstance()
+            // Start Date
+            // Roll back the date by one day to prevent issues with client clock time sync
+            cal.roll(Calendar.DAY_OF_MONTH, false)
+            val notBefore = cal.time
+            // Expiration Date
+            cal.add(Calendar.YEAR, 25)
+            val notAfter = cal.time
+            // Build Certificate
             val owner = X500Name("CN=vlc-android, O=VideoLAN, L=Paris, C=France")
-            val builder: X509v3CertificateBuilder = JcaX509v3CertificateBuilder(owner, BigInteger(64, random), Date(System.currentTimeMillis() - 86400000L), Date(System.currentTimeMillis() + (25 * 86400000L)), owner, keypair.public)
+            val builder: X509v3CertificateBuilder = JcaX509v3CertificateBuilder(owner, BigInteger(64, random), notBefore, notAfter, owner, keypair.public)
 
             val signer: ContentSigner = JcaContentSignerBuilder("SHA256WithRSAEncryption").build(privateKey)
             val certHolder: X509CertificateHolder = builder.build(signer)

More information about the Android mailing list