Example 31 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project mobile-center-sdk-android by Microsoft.
the class CryptoRsaHandler method encrypt.
@Override
public byte[] encrypt(CryptoUtils.ICryptoFactory cryptoFactory, int apiLevel, KeyStore.Entry keyStoreEntry, byte[] input) throws Exception {
CryptoUtils.ICipher cipher = getCipher(cryptoFactory, apiLevel);
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStoreEntry;
X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate();
try {
certificate.checkValidity();
} catch (CertificateExpiredException e) {
throw new InvalidKeyException(e);
}
cipher.init(ENCRYPT_MODE, certificate.getPublicKey());
return cipher.doFinal(input);
}
Also used :
CertificateExpiredException(java.security.cert.CertificateExpiredException)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Example 32 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project robovm by robovm.
the class RFC3280CertPathUtilities method processCertA.
protected static void processCertA(CertPath certPath, ExtendedPKIXParameters paramsPKIX, int index, PublicKey workingPublicKey, boolean verificationAlreadyPerformed, X500Principal workingIssuerName, X509Certificate sign) throws ExtCertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
if (!verificationAlreadyPerformed) {
try {
// (a) (1)
//
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, paramsPKIX.getSigProvider());
} catch (GeneralSecurityException e) {
throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
}
}
try {
// (a) (2)
//
cert.checkValidity(CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
} catch (CertificateExpiredException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (CertificateNotYetValidException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
}
//
if (paramsPKIX.isRevocationEnabled()) {
try {
checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index), sign, workingPublicKey, certs);
} catch (AnnotatedException e) {
Throwable cause = e;
if (null != e.getCause()) {
cause = e.getCause();
}
throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index);
}
}
//
if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) {
throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null, certPath, index);
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Example 33 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project jdk8u_jdk by JetBrains.
the class SignatureFile method printCert.
/*
* Display some details about a certificate:
*
* [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"]
* [<validity-period> | <expiry-warning>]
*
* Note: no newline character at the end
*/
String printCert(String tab, Certificate c, boolean checkValidityPeriod, Date timestamp, boolean checkUsage) {
StringBuilder certStr = new StringBuilder();
String space = rb.getString("SPACE");
X509Certificate x509Cert = null;
if (c instanceof X509Certificate) {
x509Cert = (X509Certificate) c;
certStr.append(tab).append(x509Cert.getType()).append(rb.getString("COMMA")).append(x509Cert.getSubjectDN().getName());
} else {
certStr.append(tab).append(c.getType());
}
String alias = storeHash.get(c);
if (alias != null) {
certStr.append(space).append(alias);
}
if (checkValidityPeriod && x509Cert != null) {
certStr.append("\n").append(tab).append("[");
Date notAfter = x509Cert.getNotAfter();
try {
boolean printValidity = true;
if (timestamp == null) {
if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
expireDate = notAfter;
}
x509Cert.checkValidity();
// test if cert will expire within six months
if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
hasExpiringCert = true;
if (expiringTimeForm == null) {
expiringTimeForm = new MessageFormat(rb.getString("certificate.will.expire.on"));
}
Object[] source = { notAfter };
certStr.append(expiringTimeForm.format(source));
printValidity = false;
}
} else {
x509Cert.checkValidity(timestamp);
}
if (printValidity) {
if (validityTimeForm == null) {
validityTimeForm = new MessageFormat(rb.getString("certificate.is.valid.from"));
}
Object[] source = { x509Cert.getNotBefore(), notAfter };
certStr.append(validityTimeForm.format(source));
}
} catch (CertificateExpiredException cee) {
hasExpiredCert = true;
if (expiredTimeForm == null) {
expiredTimeForm = new MessageFormat(rb.getString("certificate.expired.on"));
}
Object[] source = { notAfter };
certStr.append(expiredTimeForm.format(source));
} catch (CertificateNotYetValidException cnyve) {
notYetValidCert = true;
if (notYetTimeForm == null) {
notYetTimeForm = new MessageFormat(rb.getString("certificate.is.not.valid.until"));
}
Object[] source = { x509Cert.getNotBefore() };
certStr.append(notYetTimeForm.format(source));
}
certStr.append("]");
if (checkUsage) {
boolean[] bad = new boolean[3];
checkCertUsage(x509Cert, bad);
if (bad[0] || bad[1] || bad[2]) {
String x = "";
if (bad[0]) {
x = "KeyUsage";
}
if (bad[1]) {
if (x.length() > 0)
x = x + ", ";
x = x + "ExtendedKeyUsage";
}
if (bad[2]) {
if (x.length() > 0)
x = x + ", ";
x = x + "NetscapeCertType";
}
certStr.append("\n").append(tab).append(MessageFormat.format(rb.getString(".{0}.extension.does.not.support.code.signing."), x));
}
}
}
return certStr.toString();
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
MessageFormat(java.text.MessageFormat)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
Example 34 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project oxAuth by GluuFederation.
the class GenericCertificateVerifier method validate.
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.APP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
try {
log.debug("Validity status is valid for '" + subjectX500Principal + "'");
certificate.checkValidity(validationDate);
status.setValidity(CertificateValidity.VALID);
} catch (CertificateExpiredException ex) {
log.debug("Validity status is expied for '" + subjectX500Principal + "'");
} catch (CertificateNotYetValidException ex) {
log.warn("Validity status is not yet valid for '" + subjectX500Principal + "'");
}
} catch (Exception ex) {
log.error("CRL exception: ", ex);
}
return status;
}
Also used :
ValidationStatus(org.xdi.oxauth.cert.validation.model.ValidationStatus)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
Principal(java.security.Principal)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Example 35 with CertificateExpiredException
use of java.security.cert.CertificateExpiredException in project nhin-d by DirectProject.
the class CertificateStore method filterUsable.
/*
* Removed certs that are not valid due to date expiration, CLR lists, or other revocation criteria
*/
protected Collection<X509Certificate> filterUsable(Collection<X509Certificate> certs) {
Collection<X509Certificate> filteredCerts = new ArrayList<X509Certificate>();
for (X509Certificate cert : certs) {
try {
/*
* flow control based on exception handling is generally bad
* practice, but this is how the X509Certificate checks validity
* based on date (instead of returning a boolean)
*/
cert.checkValidity(new GregorianCalendar().getTime());
// Search CRLs to determine if this certificate has been revoked
final RevocationManager revocationManager = CRLRevocationManager.getInstance();
if (!revocationManager.isRevoked(cert))
filteredCerts.add(cert);
} catch (CertificateExpiredException e) {
final StringBuilder builder = new StringBuilder("Certificate has expired.\r\n\tExpiration: ").append(cert.getNotAfter());
builder.append("\r\n\tDN: ").append(cert.getSubjectDN());
builder.append("\r\n\tSerial Number: ").append(cert.getSerialNumber().toString(16));
LOGGER.warn(builder.toString());
} catch (CertificateNotYetValidException e) {
final StringBuilder builder = new StringBuilder("Certificate is not yet valid.\r\n\nNot Before: ").append(cert.getNotBefore());
builder.append("\r\n\tDN: ").append(cert.getSubjectDN());
builder.append("\r\n\tSerial Number: ").append(cert.getSerialNumber().toString(16));
LOGGER.warn(builder.toString());
} catch (Exception e) {
LOGGER.warn("filterUsable(Collection<X509Certificate> certs) - Certificate with DN " + cert.getSubjectDN() + " is not valid.", e);
}
}
return filteredCerts.size() == 0 ? null : filteredCerts;
}
Also used :
CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
ArrayList(java.util.ArrayList)
GregorianCalendar(java.util.GregorianCalendar)
X509Certificate(java.security.cert.X509Certificate)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
NHINDException(org.nhindirect.stagent.NHINDException)
Aggregations
CertificateExpiredException (java.security.cert.CertificateExpiredException)46
X509Certificate (java.security.cert.X509Certificate)32
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)28
CertificateException (java.security.cert.CertificateException)15
ArrayList (java.util.ArrayList)7
GeneralSecurityException (java.security.GeneralSecurityException)6
InvalidKeyException (java.security.InvalidKeyException)6
KeyStore (java.security.KeyStore)6
Certificate (java.security.cert.Certificate)6
IOException (java.io.IOException)5
KeyStoreException (java.security.KeyStoreException)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
Date (java.util.Date)5
SuppressLint (android.annotation.SuppressLint)4
Principal (java.security.Principal)4
Calendar (java.util.Calendar)4
Test (org.junit.Test)4
FileNotFoundException (java.io.FileNotFoundException)3
CertificateFactory (java.security.cert.CertificateFactory)3
X509TrustManager (javax.net.ssl.X509TrustManager)3
