tresf/cert.diff

## cert.diff
diff --git a/src/qz/auth/Certificate.java b/src/qz/auth/Certificate.java
index 70b68bf..5f01b83 100644
--- a/src/qz/auth/Certificate.java
+++ b/src/qz/auth/Certificate.java
@@ -43,6 +43,7 @@ public class Certificate {
     public static Certificate trustedRootCert = null;
     public static final String[] saveFields = new String[] {"fingerprint", "commonName", "organization", "validFrom", "validTo", "valid"};

+    private static final OffsetDateTime UNKNOWN_TIME = OffsetDateTime.MIN;
     private static boolean overrideTrustedRootCert = false;
     private DateTimeFormatter dateFormat = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");

@@ -66,8 +67,8 @@ public class Certificate {
         map.put("fingerprint", "UNKNOWN REQUEST");
         map.put("commonName", "An anonymous request");
         map.put("organization", "Unknown");
-        map.put("validFrom", OffsetDateTime.MIN.toString());
-        map.put("validTo", OffsetDateTime.MAX.toString());
+        map.put("validFrom", UNKNOWN_TIME.toString());
+        map.put("validTo", UNKNOWN_TIME.toString());
         map.put("valid", "false");
         UNKNOWN = Certificate.loadCertificate(map);
     }
@@ -168,8 +169,8 @@ public class Certificate {
                     for(X509Certificate x509Certificate : x509Certificates) {
                         if (x509Certificate.equals(trustedRootCert.theCertificate)) {
                             Instant now = Instant.now();
-                            expired = validFrom.isAfter(now) || validTo.isBefore(now);
-                            if (expired) {
+                            expired = validTo.isBefore(now);
+                            if (expired || validFrom.isAfter(now)) {
                                 valid = false;
                             }
                         }
@@ -249,8 +250,8 @@ public class Certificate {
             cert.validTo = Instant.from(DateTimeFormatter.ISO_DATE_TIME.parse(data.get("validTo")));
         }
         catch(DateTimeException e) {
-            cert.validFrom = OffsetDateTime.MIN.toInstant();
-            cert.validTo = OffsetDateTime.MAX.toInstant();
+            cert.validFrom = UNKNOWN_TIME.toInstant();
+            cert.validTo = UNKNOWN_TIME.toInstant();

             log.error("Unable to parse certificate date", e);
         }
@@ -337,19 +338,12 @@ public class Certificate {
     }

     public String getValidFrom() {
-        if (validFrom.isAfter(OffsetDateTime.MIN.toInstant())) {
-            return dateFormat.format(validFrom.atZone(ZoneId.systemDefault()));
-        } else {
-            return "Not Provided";
-        }
+        return validTo.equals(UNKNOWN_TIME.toInstant()) ? "Not Provided" : dateFormat.format(validFrom.atZone(ZoneId.systemDefault()));
     }

     public String getValidTo() {
-        if (validTo.isBefore(OffsetDateTime.MAX.toInstant())) {
-            return dateFormat.format(validTo.atZone(ZoneId.systemDefault()));
-        } else {
-            return "Not Provided";
-        }
+        return validTo.equals(UNKNOWN_TIME.toInstant()) ? "Not Provided" : dateFormat.format(validTo.atZone(ZoneId.systemDefault()));
+
     }

     public Instant getValidFromDate() {
	diff --git a/src/qz/auth/Certificate.java b/src/qz/auth/Certificate.java
	index 70b68bf..5f01b83 100644
	--- a/src/qz/auth/Certificate.java
	+++ b/src/qz/auth/Certificate.java
	@@ -43,6 +43,7 @@ public class Certificate {
	public static Certificate trustedRootCert = null;
	public static final String[] saveFields = new String[] {"fingerprint", "commonName", "organization", "validFrom", "validTo", "valid"};

	+ private static final OffsetDateTime UNKNOWN_TIME = OffsetDateTime.MIN;
	private static boolean overrideTrustedRootCert = false;
	private DateTimeFormatter dateFormat = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");

	@@ -66,8 +67,8 @@ public class Certificate {
	map.put("fingerprint", "UNKNOWN REQUEST");
	map.put("commonName", "An anonymous request");
	map.put("organization", "Unknown");
	- map.put("validFrom", OffsetDateTime.MIN.toString());
	- map.put("validTo", OffsetDateTime.MAX.toString());
	+ map.put("validFrom", UNKNOWN_TIME.toString());
	+ map.put("validTo", UNKNOWN_TIME.toString());
	map.put("valid", "false");
	UNKNOWN = Certificate.loadCertificate(map);
	}
	@@ -168,8 +169,8 @@ public class Certificate {
	for(X509Certificate x509Certificate : x509Certificates) {
	if (x509Certificate.equals(trustedRootCert.theCertificate)) {
	Instant now = Instant.now();
	- expired = validFrom.isAfter(now) \|\| validTo.isBefore(now);
	- if (expired) {
	+ expired = validTo.isBefore(now);
	+ if (expired \|\| validFrom.isAfter(now)) {
	valid = false;
	}
	}
	@@ -249,8 +250,8 @@ public class Certificate {
	cert.validTo = Instant.from(DateTimeFormatter.ISO_DATE_TIME.parse(data.get("validTo")));
	}
	catch(DateTimeException e) {
	- cert.validFrom = OffsetDateTime.MIN.toInstant();
	- cert.validTo = OffsetDateTime.MAX.toInstant();
	+ cert.validFrom = UNKNOWN_TIME.toInstant();
	+ cert.validTo = UNKNOWN_TIME.toInstant();

	log.error("Unable to parse certificate date", e);
	}
	@@ -337,19 +338,12 @@ public class Certificate {
	}

	public String getValidFrom() {
	- if (validFrom.isAfter(OffsetDateTime.MIN.toInstant())) {
	- return dateFormat.format(validFrom.atZone(ZoneId.systemDefault()));
	- } else {
	- return "Not Provided";
	- }
	+ return validTo.equals(UNKNOWN_TIME.toInstant()) ? "Not Provided" : dateFormat.format(validFrom.atZone(ZoneId.systemDefault()));
	}

	public String getValidTo() {
	- if (validTo.isBefore(OffsetDateTime.MAX.toInstant())) {
	- return dateFormat.format(validTo.atZone(ZoneId.systemDefault()));
	- } else {
	- return "Not Provided";
	- }
	+ return validTo.equals(UNKNOWN_TIME.toInstant()) ? "Not Provided" : dateFormat.format(validTo.atZone(ZoneId.systemDefault()));
	+
	}

	public Instant getValidFromDate() {