@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { mDelegate.checkValidity(); }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { mDelegate.checkValidity(date); }
@Override public void checkServerTrusted( X509Certificate[] certs, String param ) throws CertificateException { for ( X509Certificate cert : certs ) { cert.checkValidity(); // validate date // cert.verify( key ); // check by Public key // cert.getBasicConstraints()!=-1 // check by CA } }
public boolean isServerTrusted(X509Certificate[] cert) { try { cert[0].checkValidity(); return true; } catch (CertificateExpiredException e) { return false; } catch (CertificateNotYetValidException e) { return false; } }
@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { unwrap().checkValidity(); }
@Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { if (delegate == null) { throw new CertificateException(); } else { delegate.checkServerTrusted(x509Certificates, s); } for (X509Certificate certificate : x509Certificates) { certificate.checkValidity(); } }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { unwrap().checkValidity(date); }
/** * Check that the certificate is valid and that the principal is actually SNS. * * @param cer Certificate to validate. * @throws CertificateExpiredException * @throws CertificateNotYetValidException */ private void validateCertificate(X509Certificate cer) throws CertificateExpiredException, CertificateNotYetValidException { verifyHostname(cer); cer.checkValidity(); }
@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { unwrap().checkValidity(); }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { unwrap().checkValidity(date); }
public String getDn() throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = engine.getSession().getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); return cert.getSubjectDN().getName().trim(); }
private Set<String> getCertificateIdentities(final SSLSession sslSession) throws CertificateException, SSLPeerUnverifiedException { final Certificate[] certs = sslSession.getPeerCertificates(); if (certs == null || certs.length == 0) { throw new SSLPeerUnverifiedException("No certificates found"); } final X509Certificate cert = CertificateUtils.convertAbstractX509Certificate(certs[0]); cert.checkValidity(); final Set<String> identities = CertificateUtils.getSubjectAlternativeNames(cert).stream() .map(CertificateUtils::extractUsername) .collect(Collectors.toSet()); return identities; } }
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
@Test public void shouldCreateCertWithDnThatIsValidFromEpochToNowPlusTenYears() throws Exception { X509CertificateGenerator generator = new X509CertificateGenerator(); Registration certChain = generator.createCertificateWithDn("CN=hostname"); Date epoch = new Date(0); X509Certificate cert = certChain.getFirstCertificate(); cert.checkValidity(epoch); // does not throw CertificateNotYetValidException cert.checkValidity(DateUtils.addYears(new Date(), 9)); // does not throw CertificateNotYetValidException }
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { try { cert.checkValidity(); } catch (java.security.cert.CertificateNotYetValidException e) { throw new CertificateNotYetValidException(e.getMessage()); } catch (java.security.cert.CertificateExpiredException e) { throw new CertificateExpiredException(e.getMessage()); } }
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { try { cert.checkValidity(date); } catch (java.security.cert.CertificateNotYetValidException e) { throw new CertificateNotYetValidException(e.getMessage()); } catch (java.security.cert.CertificateExpiredException e) { throw new CertificateExpiredException(e.getMessage()); } }
@Test public void shouldCreateCertsThatIsValidFromEpochToNowPlusTenYears() throws Exception { X509CertificateGenerator generator = new X509CertificateGenerator(); Registration caCert = generator.createAndStoreCACertificates(keystore); Date epoch = new Date(0); X509Certificate serverCert = caCert.getFirstCertificate(); serverCert.checkValidity(epoch); // does not throw CertificateNotYetValidException serverCert.checkValidity(DateUtils.addYears(new Date(), 9)); // does not throw CertificateNotYetValidException }
@Test public void shouldCreateCertsForAgentThatIsValidFromEpochToNowPlusTenYears() throws Exception { X509CertificateGenerator generator = new X509CertificateGenerator(); Registration agentCertChain = generator.createAgentCertificate(keystore, "agentHostName"); Date epoch = new Date(0); X509Certificate agentCert = agentCertChain.getFirstCertificate(); agentCert.checkValidity(epoch); // does not throw CertificateNotYetValidException agentCert.checkValidity(DateUtils.addYears(new Date(), 9)); // does not throw CertificateNotYetValidException }
private X509Certificate[] fetchCertificateChain(Context context, String alias) throws KeyChainException, InterruptedException, MessagingException { X509Certificate[] chain = KeyChain.getCertificateChain(context, alias); if (chain == null || chain.length == 0) { throw new MessagingException("No certificate chain found for: " + alias); } try { for (X509Certificate certificate : chain) { certificate.checkValidity(); } } catch (CertificateException e) { throw new CertificateValidationException(e.getMessage(), Reason.Expired, alias); } return chain; }