java.security.cert.CertificateNotYetValidException Java Examples

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

@Override
public boolean isTrusted(final X509Certificate[] chain, String authType) throws CertificateException {
  try {
    if (super.isTrusted(chain, authType))
      return true;
    // check expiration dates
    for (X509Certificate x5 : chain) {
      try {
        x5.checkValidity();
      } catch (CertificateExpiredException | CertificateNotYetValidException ce) {
        return true;
      }
    }
  } catch (CertificateException e) {
    return true; // temporary
  }
  return false;
}
 

public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

/**
 * Verify that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}
 

@Test
public void testClassifyCertificateNotYetValidException()
{
    LdapTlsHandshakeFailCause classification = LdapTlsHandshakeExceptionClassifier
        .classify( new CertificateNotYetValidException( "foo" ) );
    assertThat( classification.getReason(), equalTo( ( Reason ) BasicReason.NOT_YET_VALID ) );
    assertThat( classification.getReasonPhrase(), equalTo( "Certificate not yet valid" ) );
    assertThat( classification.getRootCause(), instanceOf( CertificateNotYetValidException.class ) );
}
 

protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
   Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
   TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
   CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
   Iterator i$ = result.getCertChain().iterator();

   while(i$.hasNext()) {
      X509Certificate cert = (X509Certificate)i$.next();

      try {
         cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
      } catch (CertificateExpiredException var10) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
      } catch (CertificateNotYetValidException var11) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
      }
   }

   try {
      if (!certChecker.isValidCertificateChain(result.getCertChain())) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
      }

      this.validateEndCertificate(result, certChecker, duration, timeUnit);
   } catch (TechnicalConnectorException var9) {
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
   }

}
 

@Test
public void testClassifyCertificateNotYetValidException()
{
    LdapTlsHandshakeException e = new LdapTlsHandshakeException( "msg",
        new CertificateNotYetValidException( "foo" ) );
    assertThat( e.getMessage(), equalTo( "msg, reason: Certificate not yet valid: foo" ) );
}
 

@Override
public void checkValidity(final Date arg0)
        throws CertificateExpiredException, CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}
 

/**
 * 反序列化证书并解密
 */
private List<X509Certificate> deserializeToCerts(byte[] apiV3Key, String body)
    throws GeneralSecurityException, IOException {
  AesUtil decryptor = new AesUtil(apiV3Key);
  ObjectMapper mapper = new ObjectMapper();
  JsonNode dataNode = mapper.readTree(body).get("data");
  List<X509Certificate> newCertList = new ArrayList<>();
  if (dataNode != null) {
    for (int i = 0, count = dataNode.size(); i < count; i++) {
      JsonNode encryptCertificateNode = dataNode.get(i).get("encrypt_certificate");
      //解密
      String cert = decryptor.decryptToString(
          encryptCertificateNode.get("associated_data").toString().replaceAll("\"", "")
              .getBytes("utf-8"),
          encryptCertificateNode.get("nonce").toString().replaceAll("\"", "")
              .getBytes("utf-8"),
          encryptCertificateNode.get("ciphertext").toString().replaceAll("\"", ""));

      CertificateFactory cf = CertificateFactory.getInstance("X509");
      X509Certificate x509Cert = (X509Certificate) cf.generateCertificate(
          new ByteArrayInputStream(cert.getBytes("utf-8"))
      );
      try {
        x509Cert.checkValidity();
      } catch (CertificateExpiredException | CertificateNotYetValidException e) {
        continue;
      }
      newCertList.add(x509Cert);
    }
  }
  return newCertList;
}
 

@Override
public X509Certificate getValidCertificate() {
  for (X509Certificate x509Cert : certificates.values()) {
    try {
      x509Cert.checkValidity();

      return x509Cert;
    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
      continue;
    }
  }

  throw new NoSuchElementException("没有有效的微信支付平台证书");
}
 

void validateCertChain(List<? extends Certificate> certs) throws Exception {
    try {
        Validator.getInstance(Validator.TYPE_PKIX,
                Validator.VAR_CODE_SIGNING,
                pkixParameters)
                .validate(certs.toArray(new X509Certificate[certs.size()]));
    } catch (Exception e) {
        if (debug) {
            e.printStackTrace();
        }
        if (e instanceof ValidatorException) {
            // Throw cause if it's CertPathValidatorException,
            if (e.getCause() != null &&
                    e.getCause() instanceof CertPathValidatorException) {
                e = (Exception) e.getCause();
                Throwable t = e.getCause();
                if ((t instanceof CertificateExpiredException &&
                            hasExpiredCert) ||
                        (t instanceof CertificateNotYetValidException &&
                                notYetValidCert)) {
                    // we already have hasExpiredCert and notYetValidCert
                    return;
                }
            }
            if (e instanceof ValidatorException) {
                ValidatorException ve = (ValidatorException)e;
                if (ve.getErrorType() == ValidatorException.T_EE_EXTENSIONS &&
                        (badKeyUsage || badExtendedKeyUsage || badNetscapeCertType)) {
                    // We already have badKeyUsage, badExtendedKeyUsage
                    // and badNetscapeCertType
                    return;
                }
            }
        }
        throw e;
    }
}
 

private X509Certificate selectSigningKeyFromXML(List xmlElements) throws KeyStoreException, CertificateNotYetValidException {
    PublicKey recovered = recoverPublicKeyFromXML(xmlElements);
    //Certificates from the XML might be in the wrong order
    List<X509Certificate> certList = reorderCertificateChain(getCertificateChainFromXML(xmlElements));
    for (X509Certificate crt : certList)
    {
        try
        {
            crt.checkValidity();
        }
        catch (CertificateExpiredException e)
        {
            //allow this
            System.out.println("Allowing expired cert: " + e.getMessage());
            continue;
        }
        if (recovered != null)
        {
            PublicKey certKey = crt.getPublicKey();
            if (Arrays.equals(recovered.getEncoded(), certKey.getEncoded()))
            {
                return crt;
            }
        }
        else if (crt.getSigAlgName().equals("SHA256withECDSA"))
        {
            return crt;
        }
    }
    //if non recovered, simply return the first certificate?
    return certList.get(0);

}
 

@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}
 

private void verifyValidity(SignatureVerificationResult result) {
   try {
      result.getSigningCert().checkValidity();
   } catch (CertificateExpiredException var3) {
      LOG.error("Signing certificate expired.", var3);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
   } catch (CertificateNotYetValidException var4) {
      LOG.error("Signing certificate not yet valid.", var4);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
   }

}
 

protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
   Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
   TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
   CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
   Iterator i$ = result.getCertChain().iterator();

   while(i$.hasNext()) {
      X509Certificate cert = (X509Certificate)i$.next();

      try {
         cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
      } catch (CertificateExpiredException var10) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
      } catch (CertificateNotYetValidException var11) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
      }
   }

   try {
      if (!certChecker.isValidCertificateChain(result.getCertChain())) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
      }

      this.validateEndCertificate(result, certChecker, duration, timeUnit);
   } catch (TechnicalConnectorException var9) {
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
   }

}
 

public static void verifyValiditySigningCert(DateTime signingTime, SignatureVerificationResult result) {
   try {
      result.getSigningCert().checkValidity(signingTime.toDate());
   } catch (CertificateExpiredException var3) {
      LOG.error("Signing certificate expired.", var3);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
   } catch (CertificateNotYetValidException var4) {
      LOG.error("Signing certificate not yet valid.", var4);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
   }

}
 

@Parameterized.Parameters(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}")
public static Collection<Object[]> data() {
    List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
    List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);

    if (OpenSsl.isAvailable()) {
        serverProviders.add(SslProvider.OPENSSL);
        serverProviders.add(SslProvider.OPENSSL_REFCNT);
        clientProviders.add(SslProvider.OPENSSL);
        clientProviders.add(SslProvider.OPENSSL_REFCNT);
    }
    // We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
    // alert all the time, sigh.....
    clientProviders.add(SslProvider.JDK);

    List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
    exceptions.add(new CertificateExpiredException());
    exceptions.add(new CertificateNotYetValidException());
    exceptions.add(new CertificateRevokedException(
            new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""),
            Collections.<String, Extension>emptyMap()));

    // Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
    exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));

    List<Object[]> params = new ArrayList<Object[]>();
    for (SslProvider serverProvider: serverProviders) {
        for (SslProvider clientProvider: clientProviders) {
            for (CertificateException exception: exceptions) {
                params.add(new Object[] { serverProvider, clientProvider, exception});
            }
        }
    }
    return params;
}
 

private void verifyValidity(SignatureVerificationResult result) {
   try {
      result.getSigningCert().checkValidity();
   } catch (CertificateExpiredException var3) {
      LOG.error("Signing certificate expired.", var3);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
   } catch (CertificateNotYetValidException var4) {
      LOG.error("Signing certificate not yet valid.", var4);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
   }

}
 

protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
   Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, Integer.valueOf(5));
   TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
   CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
   Iterator i$ = result.getCertChain().iterator();

   while(i$.hasNext()) {
      X509Certificate cert = (X509Certificate)i$.next();

      try {
         cert.checkValidity(result.getVerifiedSigningTime(duration.intValue(), timeUnit).toDate());
      } catch (CertificateExpiredException var10) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
      } catch (CertificateNotYetValidException var11) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
      }
   }

   try {
      if (!certChecker.isValidCertificateChain(result.getCertChain())) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
      }

      this.validateEndCertificate(result, certChecker, duration, timeUnit);
   } catch (TechnicalConnectorException var9) {
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
   }

}
 

@Override
public void checkValidity(final Date arg0)
        throws CertificateExpiredException, CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}
 

private void verifyValidity(SignatureVerificationResult result) {
   try {
      result.getSigningCert().checkValidity();
   } catch (CertificateExpiredException var3) {
      LOG.error("Signing certificate expired.", var3);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
   } catch (CertificateNotYetValidException var4) {
      LOG.error("Signing certificate not yet valid.", var4);
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
   }

}
 

protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
   Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
   TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
   CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
   Iterator i$ = result.getCertChain().iterator();

   while(i$.hasNext()) {
      X509Certificate cert = (X509Certificate)i$.next();

      try {
         cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
      } catch (CertificateExpiredException var10) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
      } catch (CertificateNotYetValidException var11) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
      }
   }

   try {
      if (!certChecker.isValidCertificateChain(result.getCertChain())) {
         result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
      }

      this.validateEndCertificate(result, certChecker, duration, timeUnit);
   } catch (TechnicalConnectorException var9) {
      result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
   }

}
 

@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}