Java Code Examples for java.security.cert.X509Certificate#getNotAfter()

The following examples show how to use java.security.cert.X509Certificate#getNotAfter() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: CertificateUtils.java    From freehealth-connector with GNU Affero General Public License v3.0 7 votes vote down vote up
public static X509Certificate generateCert(PublicKey rqPubKey, BigInteger serialNr, Credential cred) throws TechnicalConnectorException {
   try {
      X509Certificate cert = cred.getCertificate();
      X500Principal principal = cert.getSubjectX500Principal();
      Date notBefore = cert.getNotBefore();
      Date notAfter = cert.getNotAfter();
      X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(principal, serialNr, notBefore, notAfter, principal, rqPubKey);
      int keyUsageDetails = 16 + 32;
      builder.addExtension(Extension.keyUsage, true, new KeyUsage(keyUsageDetails));
      ContentSigner signer = (new JcaContentSignerBuilder(cert.getSigAlgName())).build(cred.getPrivateKey());
      X509CertificateHolder holder = builder.build(signer);
      return (new JcaX509CertificateConverter()).setProvider("BC").getCertificate(holder);
   } catch (OperatorCreationException | IOException | CertificateException ex) {
      throw new IllegalArgumentException(ex);
   }
}
 
Example 2
Source File: X509Utils.java    From Cake-VPN with GNU General Public License v2.0 6 votes vote down vote up
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}
 
Example 3
Source File: CryptoTest.java    From athenz with Apache License 2.0 6 votes vote down vote up
@Test
public void testGenerateX509Certificate() throws IOException {

    Path path = Paths.get("src/test/resources/valid.csr");
    String certStr = new String(Files.readAllBytes(path));

    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
    X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(privateEncryptedKey, encryptedKeyPassword);

    X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
            caCertificate, 600, false);
    assertNotNull(cert);
    assertEquals(cert.getIssuerX500Principal().getName(),
            "CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");

    Date notAfter = cert.getNotAfter();
    long diff = notAfter.getTime() - System.currentTimeMillis();
    assertTrue(diff <= 600 * 60 * 1000); // convert minutes to milliseconds
}
 
Example 4
Source File: CertificatePriorityComparator.java    From cwac-netsecurity with Apache License 2.0 6 votes vote down vote up
@Override
public int compare(X509Certificate lhs, X509Certificate rhs) {
    int result;
    boolean lhsSelfSigned = lhs.getSubjectDN().equals(lhs.getIssuerDN());
    boolean rhsSelfSigned = rhs.getSubjectDN().equals(rhs.getIssuerDN());
    // Self-issued before not self-issued to avoid trying bridge certs first.
    if (lhsSelfSigned != rhsSelfSigned) {
        return rhsSelfSigned ? 1 : -1;
    }
    // Strength descending.
    result = compareStrength(rhs, lhs);
    if (result != 0) {
        return result;
    }
    // notAfter descending.
    Date lhsNotAfter = lhs.getNotAfter();
    Date rhsNotAfter = rhs.getNotAfter();
    result = rhsNotAfter.compareTo(lhsNotAfter);
    if (result != 0) {
        return result;
    }
    // notBefore descending.
    Date lhsNotBefore = lhs.getNotBefore();
    Date rhsNotBefore = rhs.getNotBefore();
    return rhsNotBefore.compareTo(lhsNotBefore);
}
 
Example 5
Source File: X509Utils.java    From Cybernet-VPN with GNU General Public License v3.0 6 votes vote down vote up
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}
 
Example 6
Source File: TlsHelperTest.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
@Test
public void testGenerateSelfSignedCert() throws GeneralSecurityException, IOException, OperatorCreationException {
    String dn = "CN=testDN,O=testOrg";

    X509Certificate x509Certificate = CertificateUtils.generateSelfSignedX509Certificate(TlsHelper.generateKeyPair(keyPairAlgorithm, keySize), dn, signingAlgorithm, days);

    Date notAfter = x509Certificate.getNotAfter();
    assertTrue(notAfter.after(inFuture(days - 1)));
    assertTrue(notAfter.before(inFuture(days + 1)));

    Date notBefore = x509Certificate.getNotBefore();
    assertTrue(notBefore.after(inFuture(-1)));
    assertTrue(notBefore.before(inFuture(1)));

    assertEquals(dn, x509Certificate.getIssuerX500Principal().getName());
    assertEquals(signingAlgorithm, x509Certificate.getSigAlgName());
    assertEquals(keyPairAlgorithm, x509Certificate.getPublicKey().getAlgorithm());

    x509Certificate.checkValidity();
}
 
Example 7
Source File: EntityCertificate.java    From FairEmail with GNU General Public License v3.0 6 votes vote down vote up
public static EntityCertificate fromJSON(JSONObject json) throws JSONException, CertificateException, NoSuchAlgorithmException {
    EntityCertificate certificate = new EntityCertificate();
    // id
    certificate.intermediate = json.optBoolean("intermediate");
    certificate.email = json.getString("email");
    certificate.data = json.getString("data");

    X509Certificate cert = certificate.getCertificate();
    certificate.fingerprint = getFingerprint(cert);
    certificate.subject = getSubject(cert);

    Date after = cert.getNotBefore();
    Date before = cert.getNotAfter();

    certificate.after = (after == null ? null : after.getTime());
    certificate.before = (before == null ? null : before.getTime());

    return certificate;
}
 
Example 8
Source File: EntityCertificate.java    From FairEmail with GNU General Public License v3.0 6 votes vote down vote up
static EntityCertificate from(X509Certificate certificate, boolean intermediate, String email) throws CertificateEncodingException, NoSuchAlgorithmException {
    EntityCertificate record = new EntityCertificate();
    record.fingerprint = getFingerprint(certificate);
    record.intermediate = intermediate;
    record.email = email;
    record.subject = getSubject(certificate);

    Date after = certificate.getNotBefore();
    Date before = certificate.getNotAfter();

    record.after = (after == null ? null : after.getTime());
    record.before = (before == null ? null : before.getTime());

    record.data = Base64.encodeToString(certificate.getEncoded(), Base64.NO_WRAP);

    return record;
}
 
Example 9
Source File: X509Cert.java    From xipki with Apache License 2.0 5 votes vote down vote up
public X509Cert(X509Certificate cert, byte[] encoded) {
  this.bcInstance = null;
  this.jceInstance = Args.notNull(cert, "cert");
  this.encoded = encoded;

  this.notBefore = cert.getNotBefore();
  this.notAfter = cert.getNotAfter();
  this.serialNumber = cert.getSerialNumber();

  this.issuer = X500Name.getInstance(cert.getIssuerX500Principal().getEncoded());
  this.subject = X500Name.getInstance(cert.getSubjectX500Principal().getEncoded());

  this.selfSigned = subject.equals(issuer);
}
 
Example 10
Source File: CertificateMetas.java    From apk-parser with BSD 2-Clause "Simplified" License 5 votes vote down vote up
public static CertificateMeta from(X509Certificate certificate) throws CertificateEncodingException {
    byte[] bytes = certificate.getEncoded();
    String certMd5 = md5Digest(bytes);
    String publicKeyString = byteToHexString(bytes);
    String certBase64Md5 = md5Digest(publicKeyString);
    return new CertificateMeta(
            certificate.getSigAlgName().toUpperCase(),
            certificate.getSigAlgOID(),
            certificate.getNotBefore(),
            certificate.getNotAfter(),
            bytes, certBase64Md5, certMd5);
}
 
Example 11
Source File: X509Utils.java    From SimpleOpenVpn-Android with Apache License 2.0 5 votes vote down vote up
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }

    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms

    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l* 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);

        return res.getString(R.string.hours_left, hours);
    }
}
 
Example 12
Source File: PeriodValidator.java    From signer with GNU Lesser General Public License v3.0 5 votes vote down vote up
public Date valDate(X509Certificate x509) throws CertificateValidatorException {
    try {
    	if (x509 != null){
    		x509.checkValidity();        		
    	}else{
    		throw new CertificateValidatorException(coreMessagesBundle.getString("error.invalid.certificate"));
    	}
        
    } catch (Exception e) {
    	Format formatter = new SimpleDateFormat("dd.MM.yyyy"); 
    	throw new CertificateValidatorException(coreMessagesBundle.getString("error.certificate.out.date", 
        		formatter.format(x509.getNotBefore()), formatter.format(x509.getNotAfter())), e);
    }
    return x509.getNotAfter();
}
 
Example 13
Source File: X509Utils.java    From EasyVPN-Free with GNU General Public License v3.0 5 votes vote down vote up
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }

    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms

    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l* 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);

        return res.getString(R.string.hours_left, hours);
    }
}
 
Example 14
Source File: X509CertificateShortInfo.java    From oxTrust with MIT License 5 votes vote down vote up
public X509CertificateShortInfo(String alias, X509Certificate cert) {
	this.alias = alias;

	if (cert.getIssuerDN() != null)
		issuer = cert.getIssuerDN().getName();
	if (cert.getSubjectDN() != null)
		subject = cert.getSubjectDN().getName();
	algorithm = cert.getSigAlgName();
	notBeforeDatetime = cert.getNotBefore();
	notAfterDatetime = cert.getNotAfter();

	updateViewStyle();
}
 
Example 15
Source File: CertModel.java    From Jpom with MIT License 4 votes vote down vote up
/**
 * 解析证书
 *
 * @param key  zip里面文件
 * @param file 证书文件
 * @return 处理后的json
 */
public static JSONObject decodeCert(String file, String key) {
    if (file == null) {
        return null;
    }
    if (!FileUtil.exist(file)) {
        return null;
    }
    InputStream inputStream = null;
    try {
        inputStream = ResourceUtil.getStream(key);
        PrivateKey privateKey = PemUtil.readPemPrivateKey(inputStream);
        IoUtil.close(inputStream);
        inputStream = ResourceUtil.getStream(file);
        PublicKey publicKey = PemUtil.readPemPublicKey(inputStream);
        IoUtil.close(inputStream);
        RSA rsa = new RSA(privateKey, publicKey);
        String encryptStr = rsa.encryptBase64(KEY, KeyType.PublicKey);
        String decryptStr = rsa.decryptStr(encryptStr, KeyType.PrivateKey);
        if (!KEY.equals(decryptStr)) {
            throw new JpomRuntimeException("证书和私钥证书不匹配");
        }
    } finally {
        IoUtil.close(inputStream);
    }
    try {
        inputStream = ResourceUtil.getStream(file);
        // 创建证书对象
        X509Certificate oCert = (X509Certificate) KeyUtil.readX509Certificate(inputStream);
        //到期时间
        Date expirationTime = oCert.getNotAfter();
        //生效日期
        Date effectiveTime = oCert.getNotBefore();
        //域名
        String name = oCert.getSubjectDN().getName();
        int i = name.indexOf("=");
        String domain = name.substring(i + 1);
        JSONObject jsonObject = new JSONObject();
        jsonObject.put("expirationTime", expirationTime.getTime());
        jsonObject.put("effectiveTime", effectiveTime.getTime());
        jsonObject.put("domain", domain);
        jsonObject.put("pemPath", file);
        jsonObject.put("keyPath", key);
        return jsonObject;
    } catch (Exception e) {
        DefaultSystemLog.getLog().error(e.getMessage(), e);
    } finally {
        IoUtil.close(inputStream);
    }
    return null;
}
 
Example 16
Source File: X509CertUtils.java    From MaxKey with Apache License 2.0 4 votes vote down vote up
/**
 * Renew a self-signed X509 Version 1 certificate.
 * 
 * @return The renewed certificate
 * @param oldCert
 *            old certificate
 * @param iValidity
 *            Validity period of certificate in days to add to the old
 *            cert's expiry date, or current time if the certificate has
 *            expired
 * @param publicKey
 *            Public part of key pair
 * @param privateKey
 *            Private part of key pair
 * @throws CryptoException
 *             If there was a problem generating the certificate
 */
public static X509Certificate renewCert(X509Certificate oldCert,
		int iValidity, PublicKey publicKey, PrivateKey privateKey)
		throws CryptoException {
	// Get an X509 Version 1 Certificate generator
	X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();

	// Load the generator with generation parameters

	// Valid before and after dates now to iValidity days in the future from
	// now or existing expiry date
	Date now = new Date();
	Date oldExpiry = oldCert.getNotAfter();
	if (oldExpiry == null || oldExpiry.before(now)) {
		oldExpiry = now;
	}

	certGen.setNotBefore(now);
	certGen.setNotAfter(new Date(oldExpiry.getTime()
			+ ((long) iValidity * 24 * 60 * 60 * 1000)));

	// Set the public key
	certGen.setPublicKey(publicKey);

	// Set the algorithm
	certGen.setSignatureAlgorithm(oldCert.getSigAlgName());

	// Set the serial number
	certGen.setSerialNumber(generateX509SerialNumber());

	try {
		// Set the issuer distinguished name
		// TODO: verify/force self-signedness
		certGen.setIssuerDN(PrincipalUtil.getIssuerX509Principal(oldCert));

		// Set the subject distinguished name (same as issuer for our
		// purposes)
		certGen.setSubjectDN(PrincipalUtil.getSubjectX509Principal(oldCert));

		// Generate an X.509 certificate, based on the current issuer and
		// subject
		return certGen.generate(privateKey, "BC");
	}
	// Something went wrong
	catch (GeneralSecurityException ex) {
		throw new CryptoException("Certificate generation failed.", ex);
	}
}
 
Example 17
Source File: KeyStoresTestCase.java    From wildfly-core with GNU Lesser General Public License v2.1 4 votes vote down vote up
@Test
public void testGenerateKeyPair() throws Exception {
    addKeyStore();

    try {
        int numAliasesBefore = readAliases().size();

        ModelNode operation = new ModelNode();
        operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("key-store", KEYSTORE_NAME);
        operation.get(ClientConstants.OP).set(ElytronDescriptionConstants.GENERATE_KEY_PAIR);
        operation.get(ElytronDescriptionConstants.ALIAS).set("bsmith");
        operation.get(ElytronDescriptionConstants.ALGORITHM).set("RSA");
        operation.get(ElytronDescriptionConstants.KEY_SIZE).set(1024);
        operation.get(ElytronDescriptionConstants.VALIDITY).set(365);
        operation.get(ElytronDescriptionConstants.SIGNATURE_ALGORITHM).set("SHA256withRSA");
        operation.get(ElytronDescriptionConstants.DISTINGUISHED_NAME).set("CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us");
        ModelNode extensions = new ModelNode();
        extensions.add(getExtension(false, "ExtendedKeyUsage", "clientAuth"));
        extensions.add(getExtension(true, "KeyUsage", "digitalSignature"));
        extensions.add(getExtension(false, "SubjectAlternativeName", "email:bobsmith@example.com,DNS:bobsmith.example.com"));
        operation.get(ElytronDescriptionConstants.EXTENSIONS).set(extensions);
        operation.get(CredentialReference.CREDENTIAL_REFERENCE).get(CredentialReference.CLEAR_TEXT).set(KEY_PASSWORD);
        assertSuccess(services.executeOperation(operation));
        assertEquals(numAliasesBefore + 1, readAliases().size());

        ModelNode newAlias = readAlias("bsmith");
        assertEquals(KeyStore.PrivateKeyEntry.class.getSimpleName(), newAlias.get(ElytronDescriptionConstants.ENTRY_TYPE).asString());
        assertEquals(1, newAlias.get(ElytronDescriptionConstants.CERTIFICATE_CHAIN).asList().size());

        ServiceName serviceName = Capabilities.KEY_STORE_RUNTIME_CAPABILITY.getCapabilityServiceName(KEYSTORE_NAME);
        KeyStore keyStore = (KeyStore) services.getContainer().getService(serviceName).getValue();
        assertNotNull(keyStore);
        X509Certificate certificate = (X509Certificate) keyStore.getCertificate("bsmith");
        assertEquals("RSA", certificate.getPublicKey().getAlgorithm());
        assertEquals(1024, ((RSAKey) certificate.getPublicKey()).getModulus().bitLength());
        Date notBefore = certificate.getNotBefore();
        Date notAfter = certificate.getNotAfter();
        assertEquals(365, (notAfter.getTime() - notBefore.getTime()) / (1000 * 60 * 60 * 24));
        assertEquals("SHA256withRSA", certificate.getSigAlgName());
        assertEquals(new X500Principal("CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us"), certificate.getSubjectX500Principal());
        assertEquals(new X500Principal("CN=bob smith, OU=jboss, O=red hat, L=raleigh, ST=north carolina, C=us"), certificate.getIssuerX500Principal());
        try {
            certificate.verify(certificate.getPublicKey());
        } catch (Exception e) {
            fail("Exception not expected");
        }
        assertEquals(1, certificate.getCriticalExtensionOIDs().size());
        assertEquals(3, certificate.getNonCriticalExtensionOIDs().size());
        assertEquals(Arrays.asList(X500.OID_KP_CLIENT_AUTH), certificate.getExtendedKeyUsage());
        boolean[] keyUsage = certificate.getKeyUsage();
        assertTrue(KeyUsage.digitalSignature.in(keyUsage));
        final Collection<List<?>> names = certificate.getSubjectAlternativeNames();
        assertEquals(2, names.size());
        final Iterator<List<?>> iterator = names.iterator();
        List<?> item = iterator.next();
        assertEquals(2, item.size());
        assertEquals(Integer.valueOf(GeneralName.RFC_822_NAME), item.get(0));
        assertEquals("bobsmith@example.com", item.get(1));
        item = iterator.next();
        assertEquals(2, item.size());
        assertEquals(Integer.valueOf(GeneralName.DNS_NAME), item.get(0));
        assertEquals("bobsmith.example.com", item.get(1));
        assertNotNull(certificate.getExtensionValue(X500.OID_CE_SUBJECT_KEY_IDENTIFIER));

        assertNotNull(keyStore.getKey("bsmith", KEY_PASSWORD.toCharArray()));
    } finally {
        removeKeyStore();
    }
}
 
Example 18
Source File: Ca.java    From strimzi-kafka-operator with Apache License 2.0 4 votes vote down vote up
public boolean certNeedsRenewal(X509Certificate cert)  {
    Date notAfter = cert.getNotAfter();
    log.trace("Certificate {} expires on {}", cert.getSubjectDN(), notAfter);
    long msTillExpired = notAfter.getTime() - System.currentTimeMillis();
    return msTillExpired < renewalDays * 24L * 60L * 60L * 1000L;
}
 
Example 19
Source File: SecurityUtils.java    From RISE-V2G with MIT License 3 votes vote down vote up
/**
 * Checks how many days a given certificate is still valid. 
 * If the certificate is not valid any more, a negative number will be returned according to the number
 * of days the certificate is already expired.
 * 
 * @param certificate The X509Certificiate to be checked for validity period
 * @return The number of days the given certificate is still valid, a negative number if already expired.
 */
public static short getValidityPeriod(X509Certificate certificate) {
	Date today = Calendar.getInstance().getTime();
	Date certificateExpirationDate = certificate.getNotAfter();
	long diff = certificateExpirationDate.getTime() - today.getTime();
	
	return (short) TimeUnit.DAYS.convert(diff, TimeUnit.MILLISECONDS);
}
 
Example 20
Source File: CertificadoService.java    From Java_Certificado with MIT License 3 votes vote down vote up
private static Date dataValidade(Certificado certificado) throws CertificadoException {

        KeyStore keyStore = getKeyStore(certificado);
        if (keyStore ==
                null) {
            throw new CertificadoException("Erro Ao pegar Keytore, verifique o Certificado");
        }

        X509Certificate certificate = getCertificate(certificado, keyStore);


        return certificate.getNotAfter();

    }