Example 11 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project service-proxy by membrane.
the class TrustManagerWrapper method adjustChain.
private void adjustChain(X509Certificate[] chain) {
for (int i = 0; i < chain.length; i++) {
final X509Certificate x509 = chain[i];
chain[i] = new X509Certificate() {
public boolean hasUnsupportedCriticalExtension() {
return x509.hasUnsupportedCriticalExtension();
}
public Set<String> getCriticalExtensionOIDs() {
return x509.getCriticalExtensionOIDs();
}
@Override
public boolean equals(Object other) {
return x509.equals(other);
}
@Override
public int hashCode() {
return x509.hashCode();
}
public Set<String> getNonCriticalExtensionOIDs() {
return x509.getNonCriticalExtensionOIDs();
}
@Override
public byte[] getEncoded() throws CertificateEncodingException {
return x509.getEncoded();
}
@Override
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
x509.verify(key);
}
public byte[] getExtensionValue(String oid) {
return x509.getExtensionValue(oid);
}
@Override
public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
x509.verify(key, sigProvider);
}
@Override
public int getVersion() {
return x509.getVersion();
}
@Override
public BigInteger getSerialNumber() {
return x509.getSerialNumber();
}
@Override
public String toString() {
return x509.toString();
}
@Override
public PublicKey getPublicKey() {
return x509.getPublicKey();
}
@Override
public Principal getIssuerDN() {
return x509.getIssuerDN();
}
@Override
public X500Principal getIssuerX500Principal() {
return x509.getIssuerX500Principal();
}
@Override
public Principal getSubjectDN() {
return x509.getSubjectDN();
}
@Override
public X500Principal getSubjectX500Principal() {
return x509.getSubjectX500Principal();
}
@Override
public Date getNotBefore() {
return x509.getNotBefore();
}
@Override
public Date getNotAfter() {
return x509.getNotAfter();
}
@Override
public byte[] getTBSCertificate() throws CertificateEncodingException {
return x509.getTBSCertificate();
}
@Override
public byte[] getSignature() {
return x509.getSignature();
}
@Override
public String getSigAlgName() {
return x509.getSigAlgName();
}
@Override
public String getSigAlgOID() {
return x509.getSigAlgOID();
}
@Override
public byte[] getSigAlgParams() {
return x509.getSigAlgParams();
}
@Override
public boolean[] getIssuerUniqueID() {
return x509.getIssuerUniqueID();
}
@Override
public boolean[] getSubjectUniqueID() {
return x509.getSubjectUniqueID();
}
@Override
public boolean[] getKeyUsage() {
return x509.getKeyUsage();
}
@Override
public List<String> getExtendedKeyUsage() throws CertificateParsingException {
return x509.getExtendedKeyUsage();
}
@Override
public int getBasicConstraints() {
return x509.getBasicConstraints();
}
@Override
public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException {
return x509.getSubjectAlternativeNames();
}
@Override
public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException {
return x509.getIssuerAlternativeNames();
}
@Override
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
if (ignoreTimestampCheckFailure)
return;
x509.checkValidity(date);
}
@Override
public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
if (ignoreTimestampCheckFailure)
return;
x509.checkValidity();
}
};
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
Set(java.util.Set)
CertificateParsingException(java.security.cert.CertificateParsingException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
PublicKey(java.security.PublicKey)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
BigInteger(java.math.BigInteger)
X500Principal(javax.security.auth.x500.X500Principal)
Collection(java.util.Collection)
List(java.util.List)
NoSuchProviderException(java.security.NoSuchProviderException)
X500Principal(javax.security.auth.x500.X500Principal)
Principal(java.security.Principal)
Example 12 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project j2objc by google.
the class CertificateNotYetValidExceptionTest method testCertificateNotYetValidException03.
/**
* Test for <code>CertificateNotYetValidException(String)</code>
* constructor Assertion: constructs CertificateNotYetValidException when
* <code>msg</code> is null
*/
public void testCertificateNotYetValidException03() {
String msg = null;
CertificateNotYetValidException tE = new CertificateNotYetValidException(msg);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
Example 13 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project zm-mailbox by Zimbra.
the class ClientCertAuthenticator method validateClientCert.
private void validateClientCert(X509Certificate[] certs) throws ServiceException {
String subjectDN = null;
try {
boolean revocationCheckEnabled = Provisioning.getInstance().getLocalServer().isMailSSLClientCertOCSPEnabled();
Set<TrustAnchor> trustedCertsSet = null;
if (revocationCheckEnabled) {
char[] pass = LC.client_ssl_truststore_password.value().toCharArray();
trustedCertsSet = CertValidationUtil.loadTrustedAnchors(pass, LC.client_ssl_truststore.value());
}
for (X509Certificate cert : certs) {
subjectDN = getSubjectDNForLogging(cert);
CertValidationUtil.validateCertificate(cert, revocationCheckEnabled, trustedCertsSet);
}
} catch (CertificateExpiredException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "client certificate expired", e);
} catch (CertificateNotYetValidException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "client certificate not yet valid", e);
} catch (CertificateException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "can't generate certpath for client certificate", e);
} catch (KeyStoreException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "received KeyStoreException while loading KeyStore", e);
} catch (NoSuchAlgorithmException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "received NoSuchAlgorithmException while obtaining instance of certpath validator", e);
} catch (FileNotFoundException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "mailboxd keystore can't be found", e);
} catch (IOException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "received IOException", e);
} catch (InvalidAlgorithmParameterException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "received InvalidAlgorithmParameter while obtaining instance of certpath validator", e);
} catch (CertPathValidatorException e) {
throw AuthFailedServiceException.AUTH_FAILED(subjectDN, "received CertPathValidatorException" + e.getMessage(), e);
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
FileNotFoundException(java.io.FileNotFoundException)
TrustAnchor(java.security.cert.TrustAnchor)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
CertPathValidatorException(java.security.cert.CertPathValidatorException)
Example 14 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project robovm by robovm.
the class X509CertificateTest method checkValidity.
private void checkValidity(CertificateFactory f) throws Exception {
X509Certificate c = getCertificate(f, CERT_RSA);
Calendar cal = Calendar.getInstance();
Date[] dates = getRsaCertificateDates();
/*
* The certificate validity periods in the test certificate MUST lie
* within the tested period. The API doesn't appear to allow any other
* way to test this code path as an unprivileged user.
*/
Date now = new Date();
assertTrue(now.after(dates[0]));
assertTrue(now.before(dates[1]));
/* This assumes the script makes a long-lived cert. */
c.checkValidity();
/* A day after the start date. */
cal.setTime(dates[0]);
cal.add(Calendar.DAY_OF_MONTH, 1);
c.checkValidity(cal.getTime());
/* A second before the start date. */
cal.setTime(dates[1]);
cal.add(Calendar.SECOND, -1);
c.checkValidity(cal.getTime());
try {
cal.setTime(dates[0]);
cal.add(Calendar.SECOND, -1);
c.checkValidity(cal.getTime());
fail();
} catch (CertificateNotYetValidException expected) {
}
try {
cal.setTime(dates[0]);
cal.add(Calendar.MONTH, -6);
c.checkValidity(cal.getTime());
fail();
} catch (CertificateNotYetValidException expected) {
}
try {
cal.setTime(dates[1]);
cal.add(Calendar.SECOND, 1);
c.checkValidity(cal.getTime());
fail();
} catch (CertificateExpiredException expected) {
}
try {
cal.setTime(dates[1]);
cal.add(Calendar.YEAR, 1);
c.checkValidity(cal.getTime());
fail();
} catch (CertificateExpiredException expected) {
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Calendar(java.util.Calendar)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
Example 15 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project robovm by robovm.
the class CertificateNotYetValidExceptionTest method testCertificateNotYetValidException03.
/**
* Test for <code>CertificateNotYetValidException(String)</code>
* constructor Assertion: constructs CertificateNotYetValidException when
* <code>msg</code> is null
*/
public void testCertificateNotYetValidException03() {
String msg = null;
CertificateNotYetValidException tE = new CertificateNotYetValidException(msg);
assertNull("getMessage() must return null.", tE.getMessage());
assertNull("getCause() must return null", tE.getCause());
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
Aggregations
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)32
CertificateExpiredException (java.security.cert.CertificateExpiredException)26
X509Certificate (java.security.cert.X509Certificate)25
CertificateException (java.security.cert.CertificateException)10
GeneralSecurityException (java.security.GeneralSecurityException)6
Certificate (java.security.cert.Certificate)6
ArrayList (java.util.ArrayList)6
IOException (java.io.IOException)5
KeyStoreException (java.security.KeyStoreException)5
Date (java.util.Date)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Principal (java.security.Principal)4
File (java.io.File)3
FileNotFoundException (java.io.FileNotFoundException)3
MessageFormat (java.text.MessageFormat)3
List (java.util.List)3
FileInputStream (java.io.FileInputStream)2
BigInteger (java.math.BigInteger)2
SocketTimeoutException (java.net.SocketTimeoutException)2
URISyntaxException (java.net.URISyntaxException)2
