Examples with CertificateNotYetValidException java.security.cert.CertificateNotYetValidException used on opensource projects

Example 1 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project qpid-broker-j by apache.

the class TrustAnchorValidatingTrustManager method checkClientTrusted.

@Override
public void checkClientTrusted(final X509Certificate[] x509Certificates, final String authType) throws CertificateException {
    _x509TrustManager.checkClientTrusted(x509Certificates, authType);
    X509Certificate peerCertificate = x509Certificates[0];
    PKIXCertPathBuilderResult pkixCertPathBuilderResult;
    try {
        pkixCertPathBuilderResult = getPkixCertPathBuilderResult(x509Certificates, _trustAnchors, _otherCerts);
    } catch (GeneralSecurityException e) {
        throw new CertificateException("Unexpected error whilst validating trust-anchor", e);
    }
    X509Certificate trustAnchorCert = pkixCertPathBuilderResult.getTrustAnchor().getTrustedCert();
    try {
        trustAnchorCert.checkValidity();
    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
        LOGGER.warn("Authentication failed for peer bearing certificate (subject DN '{}') " + "as the trust anchor (subject DN '{}') within truststore '{}' " + "is either expired or not yet valid. Validity range {} - {}", peerCertificate.getSubjectDN(), trustAnchorCert.getSubjectDN(), _trustStoreName, trustAnchorCert.getNotBefore(), trustAnchorCert.getNotAfter());
        throw e;
    }
}

Example 2 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project coprhd-controller by CoprHD.

the class ContextManagerImpl method registerVASACertificate.

/**
 * vasaService interface
 */
@Override
public VasaProviderInfo registerVASACertificate(String username, String password, String certificateStr) throws InvalidCertificate, InvalidLogin, InvalidSession, StorageFault {
    final String methodName = "registerVASACertificate() :";
    log.debug(methodName + "Entry with inputs username[" + username + "] password[" + (password != null ? "****" : null) + "] certificateStr[" + (certificateStr != null ? "****" : null) + "]");
    try {
        _sosManager = new SOSManager();
        /*
             * Verify username/password before verifying certificate. This means
             * that if both username/password and certificate are invalid
             * InvalidLogin exception will be thrown.
             */
        _sosManager.verifyLoginCredentials(username, password);
        log.debug(methodName + "Valid username and password. User credentials accepted.");
        String clientAddress = _sslUtil.checkHttpRequest(false, false);
        X509Certificate x509Cert = (X509Certificate) _sslUtil.buildCertificate(certificateStr);
        x509Cert.checkValidity();
        if (!_sslUtil.certificateIsTrusted((Certificate) x509Cert)) {
            _sslUtil.addCertificateToTrustStore(clientAddress, (Certificate) x509Cert);
            log.trace(methodName + "new certificate added as trusted");
            _sslUtil.refreshTrustStore();
            invalidateSession();
        } else {
            log.trace(methodName + "certificate was already trusted");
        }
        log.trace(methodName + "vpInfo: defaultNameSpace[" + _vpInfo.getDefaultNamespace() + "] name[" + _vpInfo.getName() + "] sessionId[" + _vpInfo.getSessionId() + " vasaApiVersion[" + _vpInfo.getVasaApiVersion() + "] vasaProviderVersion[" + _vpInfo.getVasaProviderVersion() + "]");
        log.debug(methodName + "Exit returning vpInfo");
        return _vpInfo;
    } catch (InvalidSession is) {
        // thrown by sslUtil.checkHttpRequest()
        log.error(methodName + "Session is invalid", is);
        throw is;
    } catch (InvalidCertificate ic) {
        // thrown by sslUtil.buildCertificate()
        log.error(methodName + "Certificate is invalid", ic);
        throw ic;
    } catch (CertificateExpiredException e) {
        // thrown by x509Cert.checkValidity()
        log.error(methodName + "Certificate is expired", e);
        throw FaultUtil.InvalidCertificate(e);
    } catch (CertificateNotYetValidException e) {
        // thrown by x509Cert.checkValidity()
        log.error(methodName + "Certificate is not in validity period ", e);
        throw FaultUtil.InvalidCertificate(e);
    } catch (InvalidLogin il) {
        // thrown by verifyPassword();
        log.error(methodName + "Invalid login", il);
        throw il;
    } catch (Exception e) {
        log.error(methodName + "registration failed: ", e);
        throw FaultUtil.StorageFault(methodName + "registration failed: ", e);
    }
}

Example 3 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project jdk8u_jdk by JetBrains.

the class SignatureFile method signerInfo.

/**
     * Returns a string of singer info, with a newline at the end
     */
private String signerInfo(CodeSigner signer, String tab) {
    if (cacheForSignerInfo.containsKey(signer)) {
        return cacheForSignerInfo.get(signer);
    }
    StringBuffer s = new StringBuffer();
    List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
    // display the signature timestamp, if present
    Date timestamp;
    Timestamp ts = signer.getTimestamp();
    if (ts != null) {
        s.append(printTimestamp(tab, ts));
        s.append('\n');
        timestamp = ts.getTimestamp();
    } else {
        timestamp = null;
        noTimestamp = true;
    }
    // display the certificate(s). The first one is end-entity cert and
    // its KeyUsage should be checked.
    boolean first = true;
    for (Certificate c : certs) {
        s.append(printCert(tab, c, true, timestamp, first));
        s.append('\n');
        first = false;
    }
    try {
        validateCertChain(certs);
    } catch (Exception e) {
        if (debug) {
            e.printStackTrace();
        }
        if (e.getCause() != null && (e.getCause() instanceof CertificateExpiredException || e.getCause() instanceof CertificateNotYetValidException)) {
        // No more warning, we alreay have hasExpiredCert or notYetValidCert
        } else {
            chainNotValidated = true;
            s.append(tab + rb.getString(".CertPath.not.validated.") + e.getLocalizedMessage() + // TODO
            "]\n");
        }
    }
    String result = s.toString();
    cacheForSignerInfo.put(signer, result);
    return result;
}

Example 4 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project jdk8u_jdk by JetBrains.

the class SignatureFile method getAliasInfo.

void getAliasInfo(String alias) {
    Key key = null;
    try {
        java.security.cert.Certificate[] cs = null;
        if (altCertChain != null) {
            try (FileInputStream fis = new FileInputStream(altCertChain)) {
                cs = CertificateFactory.getInstance("X.509").generateCertificates(fis).toArray(new Certificate[0]);
            } catch (FileNotFoundException ex) {
                error(rb.getString("File.specified.by.certchain.does.not.exist"));
            } catch (CertificateException | IOException ex) {
                error(rb.getString("Cannot.restore.certchain.from.file.specified"));
            }
        } else {
            try {
                cs = store.getCertificateChain(alias);
            } catch (KeyStoreException kse) {
            // this never happens, because keystore has been loaded
            }
        }
        if (cs == null || cs.length == 0) {
            if (altCertChain != null) {
                error(rb.getString("Certificate.chain.not.found.in.the.file.specified."));
            } else {
                MessageFormat form = new MessageFormat(rb.getString("Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and"));
                Object[] source = { alias, alias };
                error(form.format(source));
            }
        }
        certChain = new X509Certificate[cs.length];
        for (int i = 0; i < cs.length; i++) {
            if (!(cs[i] instanceof X509Certificate)) {
                error(rb.getString("found.non.X.509.certificate.in.signer.s.chain"));
            }
            certChain[i] = (X509Certificate) cs[i];
        }
        // We don't meant to print anything, the next call
        // checks validity and keyUsage etc
        printCert("", certChain[0], true, null, true);
        try {
            validateCertChain(Arrays.asList(certChain));
        } catch (Exception e) {
            if (debug) {
                e.printStackTrace();
            }
            if (e.getCause() != null && (e.getCause() instanceof CertificateExpiredException || e.getCause() instanceof CertificateNotYetValidException)) {
            // No more warning, we alreay have hasExpiredCert or notYetValidCert
            } else {
                chainNotValidated = true;
            }
        }
        try {
            if (!token && keypass == null)
                key = store.getKey(alias, storepass);
            else
                key = store.getKey(alias, keypass);
        } catch (UnrecoverableKeyException e) {
            if (token) {
                throw e;
            } else if (keypass == null) {
                // Did not work out, so prompt user for key password
                MessageFormat form = new MessageFormat(rb.getString("Enter.key.password.for.alias."));
                Object[] source = { alias };
                keypass = getPass(form.format(source));
                key = store.getKey(alias, keypass);
            }
        }
    } catch (NoSuchAlgorithmException e) {
        error(e.getMessage());
    } catch (UnrecoverableKeyException e) {
        error(rb.getString("unable.to.recover.key.from.keystore"));
    } catch (KeyStoreException kse) {
    // this never happens, because keystore has been loaded
    }
    if (!(key instanceof PrivateKey)) {
        MessageFormat form = new MessageFormat(rb.getString("key.associated.with.alias.not.a.private.key"));
        Object[] source = { alias };
        error(form.format(source));
    } else {
        privateKey = (PrivateKey) key;
    }
}

Example 5 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project jdk8u_jdk by JetBrains.

the class CertsInFilesystemDirectoryResolver method readCertsFromHarddrive.

/**
     * Method readCertsFromHarddrive
     *
     * @throws StorageResolverException
     */
private void readCertsFromHarddrive() throws StorageResolverException {
    File certDir = new File(this.merlinsCertificatesDir);
    List<String> al = new ArrayList<String>();
    String[] names = certDir.list();
    for (int i = 0; i < names.length; i++) {
        String currentFileName = names[i];
        if (currentFileName.endsWith(".crt")) {
            al.add(names[i]);
        }
    }
    CertificateFactory cf = null;
    try {
        cf = CertificateFactory.getInstance("X.509");
    } catch (CertificateException ex) {
        throw new StorageResolverException("empty", ex);
    }
    if (cf == null) {
        throw new StorageResolverException("empty");
    }
    for (int i = 0; i < al.size(); i++) {
        String filename = certDir.getAbsolutePath() + File.separator + al.get(i);
        File file = new File(filename);
        boolean added = false;
        String dn = null;
        FileInputStream fis = null;
        try {
            fis = new FileInputStream(file);
            X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
            //add to ArrayList
            cert.checkValidity();
            this.certs.add(cert);
            dn = cert.getSubjectX500Principal().getName();
            added = true;
        } catch (FileNotFoundException ex) {
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
            }
        } catch (CertificateNotYetValidException ex) {
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
            }
        } catch (CertificateExpiredException ex) {
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
            }
        } catch (CertificateException ex) {
            if (log.isLoggable(java.util.logging.Level.FINE)) {
                log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
            }
        } finally {
            try {
                if (fis != null) {
                    fis.close();
                }
            } catch (IOException ex) {
                if (log.isLoggable(java.util.logging.Level.FINE)) {
                    log.log(java.util.logging.Level.FINE, "Could not add certificate from file " + filename, ex);
                }
            }
        }
        if (added && log.isLoggable(java.util.logging.Level.FINE)) {
            log.log(java.util.logging.Level.FINE, "Added certificate: " + dn);
        }
    }
}