Refine search
private void checkValidity(long time) throws CertificateExpiredException, CertificateNotYetValidException { if (time < getNotBeforeInternal()) { throw new CertificateNotYetValidException("current time: " + new Date(time) + ", validation time: " + new Date(getNotBeforeInternal())); } if (time > getNotAfterInternal()) { throw new CertificateExpiredException("current time: " + new Date(time) + ", expiration time: " + new Date(getNotAfterInternal())); } }
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
public void checkValidity( Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility { throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); } if (date.getTime() < this.getNotBefore().getTime()) { throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); } }
public void checkValidity( Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (date.after(this.getNotAfter())) { throw new CertificateExpiredException("certificate expired on " + this.getNotAfter()); } if (date.before(this.getNotBefore())) { throw new CertificateNotYetValidException("certificate not valid till " + this.getNotBefore()); } }
@Override public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception { if (evt instanceof SslHandshakeCompletionEvent) { ctx.pipeline().remove(this); SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt; if (event.isSuccess()) { try { X509Certificate endUserCert = (X509Certificate) sslEngine.getSession().getPeerCertificates()[0]; endUserCert.checkValidity(new Date()); } catch (CertificateExpiredException e) { connectionAvailabilityFuture .notifyFailure(new SSLException("Certificate expired : " + e.getMessage())); ctx.close(); } this.httpClientChannelInitializer.configureHttpPipeline(ctx.pipeline(), targetHandler); connectionAvailabilityFuture.notifySuccess(Constants.HTTP_SCHEME); } else { connectionAvailabilityFuture.notifyFailure(event.cause()); } } } }
caCert.checkValidity(new Date(System.currentTimeMillis()+DateUtils.MILLIS_PER_DAY)); log.info("Valid alias found for " + alias); e.getMessage(), e); } catch (CertificateNotYetValidException e) { e.getMessage(), e); } catch (GeneralSecurityException e) {
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (getNotBefore().compareTo(date) > 0) { throw new CertificateNotYetValidException("Certificate not valid until " + getNotBefore().toString() + " (compared to " + date.toString() + ")"); } if (getNotAfter().compareTo(date) < 0) { throw new CertificateExpiredException("Certificate expired at " + getNotAfter().toString() + " (compared to " + date.toString() + ")"); } }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (getNotBefore().compareTo(date) > 0) { throw new CertificateNotYetValidException(); } if (getNotAfter().compareTo(date) < 0) { throw new CertificateExpiredException(); } }
@Override public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { if (chain == null) { throw new NullPointerException("certificate chain must not be null"); } else if (chain.length < 1) { throw new IllegalArgumentException("certificate chain must not be empty"); } else { final X509Certificate deviceCert = chain[0]; final Instant notBefore = deviceCert.getNotBefore().toInstant(); final Instant notAfter = deviceCert.getNotAfter().toInstant(); final Instant now = Instant.now(); if (now.isBefore(notBefore)) { throw new CertificateNotYetValidException(); } else if (now.isAfter(notAfter)) { throw new CertificateExpiredException(); } else { // certificate is valid, defer further checks to application layer // where the certificate's signature should be validated using the // tenant's root CA certificate if (LOG.isDebugEnabled()) { LOG.debug("accepting client certificate [not before: {}, not after: {}, issuer DN: {}]", notBefore, notAfter, deviceCert.getIssuerX500Principal().getName(X500Principal.RFC2253)); } } } } };
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { try { cert.checkValidity(date); } catch (java.security.cert.CertificateNotYetValidException e) { throw new CertificateNotYetValidException(e.getMessage()); } catch (java.security.cert.CertificateExpiredException e) { throw new CertificateExpiredException(e.getMessage()); } }
+ df.format(start) + " to " + df .format(end) + ")"; throw new CertificateExpiredException(msg); + df.format(start) + " to " + df .format(end) + ")"; throw new CertificateNotYetValidException(msg);
@Test public void checkServerTrusted_throwsExceptionWhenCertIsExpired() throws Exception { X509ExpiryCheckingTrustManager manager = new X509ExpiryCheckingTrustManager(); X509TrustManager mockedDelegate = Mockito.mock(X509TrustManager.class); manager.setDelegate(mockedDelegate); X509Certificate certificate = Mockito.mock(X509Certificate.class); X509Certificate[] x509Certificates = {certificate}; doNothing().when(mockedDelegate).checkServerTrusted(x509Certificates, "string"); doThrow(new CertificateExpiredException()).when(certificate).checkValidity(); try { manager.checkServerTrusted(x509Certificates,"string"); Assert.fail(); } catch (CertificateExpiredException e) { verify(mockedDelegate).checkServerTrusted(x509Certificates, "string"); verify(certificate).checkValidity(); } }
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) */ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { // if ((certificates != null) && logger.isDebugEnabled()) { // logger.debug("Server certificate chain:"); // for (int i = 0; i < certificates.length; i++) { // logger.debug("X509Certificate[" + i + "]=" + certificates[i]); // } // } try { if ((certificates != null) && (certificates.length == 1)) { certificates[0].checkValidity(); } else { standardTrustManager.checkServerTrusted(certificates, authType); } } catch (CertificateExpiredException e) { e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. throw e; } catch (CertificateException e) { e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates. throw e; } }
public void checkValidity( Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (date.getTime() > this.getNotAfter().getTime()) // for other VM compatibility { throw new CertificateExpiredException("certificate expired on " + c.getEndDate().getTime()); } if (date.getTime() < this.getNotBefore().getTime()) { throw new CertificateNotYetValidException("certificate not valid till " + c.getStartDate().getTime()); } }
@Override public void checkValidity( Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (date.after(this.getNotAfter())) { throw new CertificateExpiredException("certificate expired on " + this.getNotAfter()); } if (date.before(this.getNotBefore())) { throw new CertificateNotYetValidException("certificate not valid till " + this.getNotBefore()); } }
@Override public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws CertificateNotYetValidException, CertificateExpiredException, SSLPeerUnverifiedException { if (evt instanceof SslHandshakeCompletionEvent) { SslHandshakeCompletionEvent event = (SslHandshakeCompletionEvent) evt; if (event.isSuccess() && event.cause() == null) { try { X509Certificate endUserCert = (X509Certificate) sslEngine.getSession().getPeerCertificates()[0]; endUserCert.checkValidity(new Date()); } catch (CertificateExpiredException e) { clientHandshakeFuture .notifyError(new SSLException("Certificate expired : " + e.getMessage()), null); } configureHandshakePipeline(ctx.channel().pipeline()); ctx.pipeline().remove(Constants.SSL_COMPLETION_HANDLER); ctx.fireChannelActive(); } else { clientHandshakeFuture.notifyError(event.cause(), null); } } } }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (getNotBefore().compareTo(date) > 0) { throw new CertificateNotYetValidException("Certificate not valid until " + getNotBefore().toString() + " (compared to " + date.toString() + ")"); } if (getNotAfter().compareTo(date) < 0) { throw new CertificateExpiredException("Certificate expired at " + getNotAfter().toString() + " (compared to " + date.toString() + ")"); } }
@Override public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (getNotBefore().compareTo(date) > 0) { throw new CertificateNotYetValidException(); } if (getNotAfter().compareTo(date) < 0) { throw new CertificateExpiredException(); } }
@Override public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { if (chain == null) { throw new NullPointerException("certificate chain must not be null"); } else if (chain.length < 1) { throw new IllegalArgumentException("certificate chain must not be empty"); } else { final X509Certificate deviceCert = chain[0]; final Instant notBefore = deviceCert.getNotBefore().toInstant(); final Instant notAfter = deviceCert.getNotAfter().toInstant(); final Instant now = Instant.now(); if (now.isBefore(notBefore)) { throw new CertificateNotYetValidException(); } else if (now.isAfter(notAfter)) { throw new CertificateExpiredException(); } else { // certificate is valid, defer further checks to application layer // where the certificate's signature should be validated using the // tenant's root CA certificate if (LOG.isDebugEnabled()) { LOG.debug("accepting client certificate [not before: {}, not after: {}, issuer DN: {}]", notBefore, notAfter, deviceCert.getIssuerX500Principal().getName(X500Principal.RFC2253)); } } } } };
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { try { cert.checkValidity(); } catch (java.security.cert.CertificateNotYetValidException e) { throw new CertificateNotYetValidException(e.getMessage()); } catch (java.security.cert.CertificateExpiredException e) { throw new CertificateExpiredException(e.getMessage()); } }