java.security.cert.CertificateExpiredException Java Examples
The following examples show how to use
java.security.cert.CertificateExpiredException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PrivateKeyUsageExtension.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #2
| Source File: PrivateKeyUsageExtension.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #3
| Source File: PrivateKeyUsageExtension.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #4
| Source File: HTTPSession.java From netcdf-java with BSD 3-Clause "New" or "Revised" License | 6 votes |
|
@Override
public boolean isTrusted(final X509Certificate[] chain, String authType) throws CertificateException {
try {
if (super.isTrusted(chain, authType))
return true;
// check expiration dates
for (X509Certificate x5 : chain) {
try {
x5.checkValidity();
} catch (CertificateExpiredException | CertificateNotYetValidException ce) {
return true;
}
}
} catch (CertificateException e) {
return true; // temporary
}
return false;
}
Example #5
| Source File: PrivateKeyUsageExtension.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #6
| Source File: PrivateKeyUsageExtension.java From Bytecoder with Apache License 2.0 | 6 votes |
|
/**
* Verify that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #7
| Source File: X509Utils.java From Cybernet-VPN with GNU General Public License v3.0 | 6 votes |
|
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l * 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
Example #8
| Source File: X509Utils.java From Cake-VPN with GNU General Public License v2.0 | 6 votes |
|
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l * 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
Example #9
| Source File: PrivateKeyUsageExtension.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
Example #10
| Source File: AbstractSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, Integer.valueOf(5));
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration.intValue(), timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
Example #11
| Source File: AbstractSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
Example #12
| Source File: XadesBesSpecification.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
Example #13
| Source File: AbstractSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
Example #14
| Source File: XadesVerificationHelper.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
public static void verifyValiditySigningCert(DateTime signingTime, SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity(signingTime.toDate());
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
Example #15
| Source File: AbstractSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
Example #16
| Source File: XadesBesSpecification.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
Example #17
| Source File: NonJavaTrustStoreTest.java From qpid-broker-j with Apache License 2.0 | 5 votes |
|
@Test
public void testUseOfExpiredTrustAnchorDenied() throws Exception
{
final KeyCertificatePair keyCertPair = createExpiredCertificate();
final Path certificatePath = TLS_RESOURCE.saveCertificateAsPem(keyCertPair.getCertificate());
Map<String, Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, NAME);
attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
attributes.put(NonJavaTrustStore.CERTIFICATES_URL, certificatePath.toFile().getAbsolutePath());
attributes.put(NonJavaTrustStore.TYPE, NON_JAVA_TRUST_STORE);
TrustStore<?> trustStore = createTestTrustStore(attributes);
TrustManager[] trustManagers = trustStore.getTrustManagers();
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
final boolean condition = trustManagers[0] instanceof X509TrustManager;
assertTrue("Unexpected trust manager type", condition);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
try
{
trustManager.checkClientTrusted(new X509Certificate[]{keyCertPair.getCertificate()}, "NULL");
fail("Exception not thrown");
}
catch (CertificateException e)
{
if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage()))
{
// IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
// PASS
}
else
{
throw e;
}
}
}
Example #18
| Source File: DefaultX509TrustManagerTest.java From cyberduck with GNU General Public License v3.0 | 5 votes |
|
@Test(expected = CertificateExpiredException.class)
public void testCheckServerTrusted() throws Exception {
final DefaultX509TrustManager m = new DefaultX509TrustManager();
InputStream inStream = new FileInputStream("src/test/resources/OXxlRDVcWqdPEvFm.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
m.checkServerTrusted(new X509Certificate[]{cert}, "RSA");
}
Example #19
| Source File: XadesBesSpecification.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
Example #20
| Source File: AbstractSignatureBuilder.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, Integer.valueOf(5));
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration.intValue(), timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
Example #21
| Source File: XadesBesSpecification.java From freehealth-connector with GNU Affero General Public License v3.0 | 5 votes |
|
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
Example #22
| Source File: SSLUtilBase.java From Tomcat8-Source-Read with MIT License | 5 votes |
|
private void checkTrustStoreEntries(KeyStore trustStore) throws Exception {
Enumeration<String> aliases = trustStore.aliases();
if (aliases != null) {
Date now = new Date();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (trustStore.isCertificateEntry(alias)) {
Certificate cert = trustStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
try {
((X509Certificate) cert).checkValidity(now);
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
String msg = sm.getString("jsseUtil.trustedCertNotValid", alias,
((X509Certificate) cert).getSubjectDN(), e.getMessage());
if (log.isDebugEnabled()) {
log.debug(msg, e);
} else {
log.warn(msg);
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsseUtil.trustedCertNotChecked", alias));
}
}
}
}
}
}
Example #23
| Source File: AbstractX509CertificateTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Override
public void checkValidity(final Date arg0)
throws CertificateExpiredException, CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
Example #24
| Source File: AbstractX509CertificateTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
|
@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
Example #25
| Source File: LdapTlsHandshakeExceptionClassifierTest.java From directory-ldap-api with Apache License 2.0 | 5 votes |
|
@Test
public void testClassifyCertificateExpiredException()
{
LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
.classify( new CertificateExpiredException( "foo" ) );
assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.EXPIRED ) );
assertThat( classification.getReasonPhrase(), equalTo( "Certificate expired" ) );
assertThat( classification.getRootCause(), instanceOf( CertificateExpiredException.class ) );
}
Example #26
| Source File: Certs.java From daq with Apache License 2.0 | 5 votes |
|
private CertificateStatus validateCertificates(Certificate[] certificates) {
for (Certificate certificate : certificates) {
if (certificate instanceof X509Certificate) {
try {
certificateReport += "Certificate:\n" + certificate + "\n";
// Check the expiration date
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity();
certificateReport += "Certificate is active for current date.\n\n";
// Check the public key bit length is at least 2048
PublicKey key = x509Certificate.getPublicKey();
int keyLength = 0;
if (key instanceof RSAPublicKey) {
keyLength = ((RSAPublicKey) key).getModulus().bitLength();
} else if (key instanceof DSAPublicKey) {
keyLength = ((DSAPublicKey) key).getParams().getP().bitLength();
}
if (keyLength >= 2048) {
certificateReport += "Certificate has valid public key length: " + keyLength + "\n\n";
return CertificateStatus.CERTIFICATE_VALID;
}
return CertificateStatus.PUBLIC_KEY_INVALID_LENGTH;
} catch (CertificateExpiredException cee) {
certificateReport += "Certificate is expired.\n";
return CertificateStatus.CERTIFICATE_EXPIRED;
} catch (CertificateNotYetValidException e) {
certificateReport += "Certificate not yet valid.\n";
return CertificateStatus.CERTIFICATE_NOT_YET_VALID;
}
} else {
certificateReport += "Unsupported certificate type.\n";
return CertificateStatus.CERTIFICATE_TYPE_UNSUPPORTED;
}
}
return CertificateStatus.CERTIFICATE_INVALID;
}
Example #27
| Source File: X509CertificateValidator.java From localization_nifi with Apache License 2.0 | 5 votes |
|
/**
* Extract the client certificate from the specified HttpServletRequest or null if none is specified.
*
* @param certificates the client certificates
* @throws java.security.cert.CertificateExpiredException cert is expired
* @throws java.security.cert.CertificateNotYetValidException cert is not yet valid
* @throws org.apache.nifi.web.security.x509.ocsp.CertificateStatusException ocsp validation issue
*/
public void validateClientCertificate(final X509Certificate[] certificates)
throws CertificateExpiredException, CertificateNotYetValidException, CertificateStatusException {
// ensure the cert is valid
certificates[0].checkValidity();
// perform ocsp validator if necessary
ocspValidator.validate(certificates);
}
Example #28
| Source File: XMLDSigVerifier.java From alpha-wallet-android with MIT License | 5 votes |
|
private X509Certificate selectSigningKeyFromXML(List xmlElements) throws KeyStoreException, CertificateNotYetValidException {
PublicKey recovered = recoverPublicKeyFromXML(xmlElements);
//Certificates from the XML might be in the wrong order
List<X509Certificate> certList = reorderCertificateChain(getCertificateChainFromXML(xmlElements));
for (X509Certificate crt : certList)
{
try
{
crt.checkValidity();
}
catch (CertificateExpiredException e)
{
//allow this
System.out.println("Allowing expired cert: " + e.getMessage());
continue;
}
if (recovered != null)
{
PublicKey certKey = crt.getPublicKey();
if (Arrays.equals(recovered.getEncoded(), certKey.getEncoded()))
{
return crt;
}
}
else if (crt.getSigAlgName().equals("SHA256withECDSA"))
{
return crt;
}
}
//if non recovered, simply return the first certificate?
return certList.get(0);
}
Example #29
| Source File: AbstractX509CertificateTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public void checkValidity(final Date arg0)
throws CertificateExpiredException, CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
Example #30
| Source File: AbstractX509CertificateTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
|
@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
