Examples with CertificateExpiredException - java.security.cert.CertificateExpiredException

Example 21 with CertificateExpiredException

use of java.security.cert.CertificateExpiredException in project qpid-broker-j by apache.

the class TrustAnchorValidatingTrustManager method checkClientTrusted.

@Override
public void checkClientTrusted(final X509Certificate[] x509Certificates, final String authType) throws CertificateException {
    _x509TrustManager.checkClientTrusted(x509Certificates, authType);
    X509Certificate peerCertificate = x509Certificates[0];
    PKIXCertPathBuilderResult pkixCertPathBuilderResult;
    try {
        pkixCertPathBuilderResult = getPkixCertPathBuilderResult(x509Certificates, _trustAnchors, _otherCerts);
    } catch (GeneralSecurityException e) {
        throw new CertificateException("Unexpected error whilst validating trust-anchor", e);
    }
    X509Certificate trustAnchorCert = pkixCertPathBuilderResult.getTrustAnchor().getTrustedCert();
    try {
        trustAnchorCert.checkValidity();
    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
        LOGGER.warn("Authentication failed for peer bearing certificate (subject DN '{}') " + "as the trust anchor (subject DN '{}') within truststore '{}' " + "is either expired or not yet valid. Validity range {} - {}", peerCertificate.getSubjectDN(), trustAnchorCert.getSubjectDN(), _trustStoreName, trustAnchorCert.getNotBefore(), trustAnchorCert.getNotAfter());
        throw e;
    }
}

Also used : CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) PKIXCertPathBuilderResult(java.security.cert.PKIXCertPathBuilderResult) GeneralSecurityException(java.security.GeneralSecurityException) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate)

Example 22 with CertificateExpiredException

use of java.security.cert.CertificateExpiredException in project qpid-broker-j by apache.

the class NonJavaTrustStoreTest method testUseOfExpiredTrustAnchorDenied.

@Test
public void testUseOfExpiredTrustAnchorDenied() throws Exception {
    final KeyCertificatePair keyCertPair = createExpiredCertificate();
    final Path certificatePath = TLS_RESOURCE.saveCertificateAsPem(keyCertPair.getCertificate());
    Map<String, Object> attributes = new HashMap<>();
    attributes.put(NonJavaTrustStore.NAME, NAME);
    attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
    attributes.put(NonJavaTrustStore.CERTIFICATES_URL, certificatePath.toFile().getAbsolutePath());
    attributes.put(NonJavaTrustStore.TYPE, NON_JAVA_TRUST_STORE);
    TrustStore<?> trustStore = createTestTrustStore(attributes);
    TrustManager[] trustManagers = trustStore.getTrustManagers();
    assertNotNull(trustManagers);
    assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
    final boolean condition = trustManagers[0] instanceof X509TrustManager;
    assertTrue("Unexpected trust manager type", condition);
    X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
    try {
        trustManager.checkClientTrusted(new X509Certificate[] { keyCertPair.getCertificate() }, "NULL");
        fail("Exception not thrown");
    } catch (CertificateException e) {
        if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage())) {
        // IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
        // PASS
        } else {
            throw e;
        }
    }
}

Also used : KeyCertificatePair(org.apache.qpid.test.utils.tls.KeyCertificatePair) Path(java.nio.file.Path) CertificateExpiredException(java.security.cert.CertificateExpiredException) HashMap(java.util.HashMap) CertificateException(java.security.cert.CertificateException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) Test(org.junit.Test)

Example 23 with CertificateExpiredException

use of java.security.cert.CertificateExpiredException in project coprhd-controller by CoprHD.

the class ContextManagerImpl method registerVASACertificate.

/**
 * vasaService interface
 */
@Override
public VasaProviderInfo registerVASACertificate(String username, String password, String certificateStr) throws InvalidCertificate, InvalidLogin, InvalidSession, StorageFault {
    final String methodName = "registerVASACertificate() :";
    log.debug(methodName + "Entry with inputs username[" + username + "] password[" + (password != null ? "****" : null) + "] certificateStr[" + (certificateStr != null ? "****" : null) + "]");
    try {
        _sosManager = new SOSManager();
        /*
             * Verify username/password before verifying certificate. This means
             * that if both username/password and certificate are invalid
             * InvalidLogin exception will be thrown.
             */
        _sosManager.verifyLoginCredentials(username, password);
        log.debug(methodName + "Valid username and password. User credentials accepted.");
        String clientAddress = _sslUtil.checkHttpRequest(false, false);
        X509Certificate x509Cert = (X509Certificate) _sslUtil.buildCertificate(certificateStr);
        x509Cert.checkValidity();
        if (!_sslUtil.certificateIsTrusted((Certificate) x509Cert)) {
            _sslUtil.addCertificateToTrustStore(clientAddress, (Certificate) x509Cert);
            log.trace(methodName + "new certificate added as trusted");
            _sslUtil.refreshTrustStore();
            invalidateSession();
        } else {
            log.trace(methodName + "certificate was already trusted");
        }
        log.trace(methodName + "vpInfo: defaultNameSpace[" + _vpInfo.getDefaultNamespace() + "] name[" + _vpInfo.getName() + "] sessionId[" + _vpInfo.getSessionId() + " vasaApiVersion[" + _vpInfo.getVasaApiVersion() + "] vasaProviderVersion[" + _vpInfo.getVasaProviderVersion() + "]");
        log.debug(methodName + "Exit returning vpInfo");
        return _vpInfo;
    } catch (InvalidSession is) {
        // thrown by sslUtil.checkHttpRequest()
        log.error(methodName + "Session is invalid", is);
        throw is;
    } catch (InvalidCertificate ic) {
        // thrown by sslUtil.buildCertificate()
        log.error(methodName + "Certificate is invalid", ic);
        throw ic;
    } catch (CertificateExpiredException e) {
        // thrown by x509Cert.checkValidity()
        log.error(methodName + "Certificate is expired", e);
        throw FaultUtil.InvalidCertificate(e);
    } catch (CertificateNotYetValidException e) {
        // thrown by x509Cert.checkValidity()
        log.error(methodName + "Certificate is not in validity period ", e);
        throw FaultUtil.InvalidCertificate(e);
    } catch (InvalidLogin il) {
        // thrown by verifyPassword();
        log.error(methodName + "Invalid login", il);
        throw il;
    } catch (Exception e) {
        log.error(methodName + "registration failed: ", e);
        throw FaultUtil.StorageFault(methodName + "registration failed: ", e);
    }
}

Also used : InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) InvalidLogin(com.vmware.vim.vasa._1_0.InvalidLogin) X509Certificate(java.security.cert.X509Certificate) InvalidSession(com.vmware.vim.vasa._1_0.InvalidSession) CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException) CertificateExpiredException(java.security.cert.CertificateExpiredException) X509Certificate(java.security.cert.X509Certificate) InvalidCertificate(com.vmware.vim.vasa._1_0.InvalidCertificate) Certificate(java.security.cert.Certificate)

Example 24 with CertificateExpiredException

use of java.security.cert.CertificateExpiredException in project robovm by robovm.

the class X509CertificateTest method checkValidity.

private void checkValidity(CertificateFactory f) throws Exception {
    X509Certificate c = getCertificate(f, CERT_RSA);
    Calendar cal = Calendar.getInstance();
    Date[] dates = getRsaCertificateDates();
    /*
         * The certificate validity periods in the test certificate MUST lie
         * within the tested period. The API doesn't appear to allow any other
         * way to test this code path as an unprivileged user.
         */
    Date now = new Date();
    assertTrue(now.after(dates[0]));
    assertTrue(now.before(dates[1]));
    /* This assumes the script makes a long-lived cert. */
    c.checkValidity();
    /* A day after the start date. */
    cal.setTime(dates[0]);
    cal.add(Calendar.DAY_OF_MONTH, 1);
    c.checkValidity(cal.getTime());
    /* A second before the start date. */
    cal.setTime(dates[1]);
    cal.add(Calendar.SECOND, -1);
    c.checkValidity(cal.getTime());
    try {
        cal.setTime(dates[0]);
        cal.add(Calendar.SECOND, -1);
        c.checkValidity(cal.getTime());
        fail();
    } catch (CertificateNotYetValidException expected) {
    }
    try {
        cal.setTime(dates[0]);
        cal.add(Calendar.MONTH, -6);
        c.checkValidity(cal.getTime());
        fail();
    } catch (CertificateNotYetValidException expected) {
    }
    try {
        cal.setTime(dates[1]);
        cal.add(Calendar.SECOND, 1);
        c.checkValidity(cal.getTime());
        fail();
    } catch (CertificateExpiredException expected) {
    }
    try {
        cal.setTime(dates[1]);
        cal.add(Calendar.YEAR, 1);
        c.checkValidity(cal.getTime());
        fail();
    } catch (CertificateExpiredException expected) {
    }
}

Example 25 with CertificateExpiredException

use of java.security.cert.CertificateExpiredException in project robovm by robovm.

the class CertificateExpiredExceptionTest method testCertificateExpiredException02.

/**
     * Test for <code>CertificateExpiredException(String)</code> constructor
     * Assertion: constructs CertificateExpiredException with detail message
     * msg. Parameter <code>msg</code> is not null.
     */
public void testCertificateExpiredException02() {
    CertificateExpiredException tE;
    for (int i = 0; i < msgs.length; i++) {
        tE = new CertificateExpiredException(msgs[i]);
        assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
        assertNull("getCause() must return null", tE.getCause());
    }
}

Also used : CertificateExpiredException(java.security.cert.CertificateExpiredException)

Aggregations

CertificateExpiredException (java.security.cert.CertificateExpiredException)46 X509Certificate (java.security.cert.X509Certificate)32 CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)28 CertificateException (java.security.cert.CertificateException)15 ArrayList (java.util.ArrayList)7 GeneralSecurityException (java.security.GeneralSecurityException)6 InvalidKeyException (java.security.InvalidKeyException)6 KeyStore (java.security.KeyStore)6 Certificate (java.security.cert.Certificate)6 IOException (java.io.IOException)5 KeyStoreException (java.security.KeyStoreException)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5 Date (java.util.Date)5 SuppressLint (android.annotation.SuppressLint)4 Principal (java.security.Principal)4 Calendar (java.util.Calendar)4 Test (org.junit.Test)4 FileNotFoundException (java.io.FileNotFoundException)3 CertificateFactory (java.security.cert.CertificateFactory)3 X509TrustManager (javax.net.ssl.X509TrustManager)3