Examples with CertificateNotYetValidException java.security.cert.CertificateNotYetValidException used on opensource projects

Example 16 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project robovm by robovm.

the class CertificateNotYetValidExceptionTest method testCertificateNotYetValidException02.

/**
     * Test for <code>CertificateNotYetValidException(String)</code>
     * constructor Assertion: constructs CertificateNotYetValidException with
     * detail message msg. Parameter <code>msg</code> is not null.
     */
public void testCertificateNotYetValidException02() {
    CertificateNotYetValidException tE;
    for (int i = 0; i < msgs.length; i++) {
        tE = new CertificateNotYetValidException(msgs[i]);
        assertEquals("getMessage() must return: ".concat(msgs[i]), tE.getMessage(), msgs[i]);
        assertNull("getCause() must return null", tE.getCause());
    }
}

Example 17 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project robovm by robovm.

the class CertificateNotYetValidExceptionTest method testCertificateNotYetValidException01.

/**
     * Test for <code>CertificateNotYetValidException()</code> constructor
     * Assertion: constructs CertificateNotYetValidException with no detail
     * message
     */
public void testCertificateNotYetValidException01() {
    CertificateNotYetValidException tE = new CertificateNotYetValidException();
    assertNull("getMessage() must return null.", tE.getMessage());
    assertNull("getCause() must return null", tE.getCause());
}

Example 18 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project netty by netty.

the class SslErrorTest method testCorrectAlert.

@Test(timeout = 30000)
public void testCorrectAlert() throws Exception {
    // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
    // no need to run it if there is no openssl is available at all.
    Assume.assumeTrue(OpenSsl.isAvailable());
    SelfSignedCertificate ssc = new SelfSignedCertificate();
    final SslContext sslServerCtx = SslContextBuilder.forServer(ssc.certificate(), ssc.privateKey()).sslProvider(serverProvider).trustManager(new SimpleTrustManagerFactory() {

        @Override
        protected void engineInit(KeyStore keyStore) {
        }

        @Override
        protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
        }

        @Override
        protected TrustManager[] engineGetTrustManagers() {
            return new TrustManager[] { new X509TrustManager() {

                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                    throw exception;
                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                // NOOP
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return EmptyArrays.EMPTY_X509_CERTIFICATES;
                }
            } };
        }
    }).clientAuth(ClientAuth.REQUIRE).build();
    final SslContext sslClientCtx = SslContextBuilder.forClient().trustManager(InsecureTrustManagerFactory.INSTANCE).keyManager(new File(getClass().getResource("test.crt").getFile()), new File(getClass().getResource("test_unencrypted.pem").getFile())).sslProvider(clientProvider).build();
    Channel serverChannel = null;
    Channel clientChannel = null;
    EventLoopGroup group = new NioEventLoopGroup();
    try {
        serverChannel = new ServerBootstrap().group(group).channel(NioServerSocketChannel.class).handler(new LoggingHandler(LogLevel.INFO)).childHandler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslServerCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        ctx.close();
                    }
                });
            }
        }).bind(0).sync().channel();
        final Promise<Void> promise = group.next().newPromise();
        clientChannel = new Bootstrap().group(group).channel(NioSocketChannel.class).handler(new ChannelInitializer<Channel>() {

            @Override
            protected void initChannel(Channel ch) throws Exception {
                ch.pipeline().addLast(sslClientCtx.newHandler(ch.alloc()));
                ch.pipeline().addLast(new ChannelInboundHandlerAdapter() {

                    @Override
                    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
                        // Unwrap as its wrapped by a DecoderException
                        Throwable unwrappedCause = cause.getCause();
                        if (unwrappedCause instanceof SSLException) {
                            if (exception instanceof TestCertificateException) {
                                CertPathValidatorException.Reason reason = ((CertPathValidatorException) exception.getCause()).getReason();
                                if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
                                    verifyException(unwrappedCause, "expired", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
                                    verifyException(unwrappedCause, "bad", promise);
                                } else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
                                    verifyException(unwrappedCause, "revoked", promise);
                                }
                            } else if (exception instanceof CertificateExpiredException) {
                                verifyException(unwrappedCause, "expired", promise);
                            } else if (exception instanceof CertificateNotYetValidException) {
                                verifyException(unwrappedCause, "bad", promise);
                            } else if (exception instanceof CertificateRevokedException) {
                                verifyException(unwrappedCause, "revoked", promise);
                            }
                        }
                    }
                });
            }
        }).connect(serverChannel.localAddress()).syncUninterruptibly().channel();
        // Block until we received the correct exception
        promise.syncUninterruptibly();
    } finally {
        if (clientChannel != null) {
            clientChannel.close().syncUninterruptibly();
        }
        if (serverChannel != null) {
            serverChannel.close().syncUninterruptibly();
        }
        group.shutdownGracefully();
        ReferenceCountUtil.release(sslServerCtx);
        ReferenceCountUtil.release(sslClientCtx);
    }
}

Example 19 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project XobotOS by xamarin.

the class RFC3280CertPathUtilities method processCertA.

protected static void processCertA(CertPath certPath, ExtendedPKIXParameters paramsPKIX, int index, PublicKey workingPublicKey, boolean verificationAlreadyPerformed, X500Principal workingIssuerName, X509Certificate sign) throws ExtCertPathValidatorException {
    List certs = certPath.getCertificates();
    X509Certificate cert = (X509Certificate) certs.get(index);
    //
    if (!verificationAlreadyPerformed) {
        try {
            // (a) (1)
            //
            CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, paramsPKIX.getSigProvider());
        } catch (GeneralSecurityException e) {
            throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
        }
    }
    try {
        // (a) (2)
        //
        cert.checkValidity(CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
    } catch (CertificateExpiredException e) {
        throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
    } catch (CertificateNotYetValidException e) {
        throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
    } catch (AnnotatedException e) {
        throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
    }
    //
    if (paramsPKIX.isRevocationEnabled()) {
        try {
            checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index), sign, workingPublicKey, certs);
        } catch (AnnotatedException e) {
            Throwable cause = e;
            if (null != e.getCause()) {
                cause = e.getCause();
            }
            throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index);
        }
    }
    //
    if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) {
        throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null, certPath, index);
    }
}

Example 20 with CertificateNotYetValidException

use of java.security.cert.CertificateNotYetValidException in project otertool by wuntee.

the class JarSigner method getAliasInfo.

void getAliasInfo(String alias) throws JarSigningException {
    Key key = null;
    try {
        java.security.cert.Certificate[] cs = null;
        try {
            cs = store.getCertificateChain(alias);
        } catch (KeyStoreException kse) {
        // this never happens, because keystore has been loaded
        }
        if (cs == null) {
            MessageFormat form = new MessageFormat(rb.getString("Certificate chain not found for: alias.  alias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."));
            Object[] source = { alias, alias };
            error(form.format(source));
        }
        certChain = new X509Certificate[cs.length];
        for (int i = 0; i < cs.length; i++) {
            if (!(cs[i] instanceof X509Certificate)) {
                error(rb.getString("found non-X.509 certificate in signer's chain"));
            }
            certChain[i] = (X509Certificate) cs[i];
        }
        // order the cert chain if necessary (put user cert first,
        // root-cert last in the chain)
        X509Certificate userCert = (X509Certificate) store.getCertificate(alias);
        // check validity of signer certificate
        try {
            userCert.checkValidity();
            if (userCert.getNotAfter().getTime() < System.currentTimeMillis() + SIX_MONTHS) {
                hasExpiringCert = true;
            }
        } catch (CertificateExpiredException cee) {
            hasExpiredCert = true;
        } catch (CertificateNotYetValidException cnyve) {
            notYetValidCert = true;
        }
        checkCertUsage(userCert, null);
        if (!userCert.equals(certChain[0])) {
            // need to order ...
            X509Certificate[] certChainTmp = new X509Certificate[certChain.length];
            certChainTmp[0] = userCert;
            Principal issuer = userCert.getIssuerDN();
            for (int i = 1; i < certChain.length; i++) {
                int j;
                // given issuer
                for (j = 0; j < certChainTmp.length; j++) {
                    if (certChainTmp[j] == null)
                        continue;
                    Principal subject = certChainTmp[j].getSubjectDN();
                    if (issuer.equals(subject)) {
                        certChain[i] = certChainTmp[j];
                        issuer = certChainTmp[j].getIssuerDN();
                        certChainTmp[j] = null;
                        break;
                    }
                }
                if (j == certChainTmp.length) {
                    error(rb.getString("incomplete certificate chain"));
                }
            }
            // ordered
            certChain = certChainTmp;
        }
        try {
            if (!token && keypass == null)
                key = store.getKey(alias, storepass);
            else
                key = store.getKey(alias, keypass);
        } catch (UnrecoverableKeyException e) {
            if (token) {
                throw e;
            }
        }
    } catch (NoSuchAlgorithmException e) {
        error(e.getMessage());
    } catch (UnrecoverableKeyException e) {
        error(rb.getString("unable to recover key from keystore"));
    } catch (KeyStoreException kse) {
    // this never happens, because keystore has been loaded
    }
    if (!(key instanceof PrivateKey)) {
        MessageFormat form = new MessageFormat(rb.getString("key associated with alias not a private key"));
        Object[] source = { alias };
        error(form.format(source));
    } else {
        privateKey = (PrivateKey) key;
    }
}