Example 21 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project robovm by robovm.
the class RFC3280CertPathUtilities method processCertA.
protected static void processCertA(CertPath certPath, ExtendedPKIXParameters paramsPKIX, int index, PublicKey workingPublicKey, boolean verificationAlreadyPerformed, X500Principal workingIssuerName, X509Certificate sign) throws ExtCertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
//
if (!verificationAlreadyPerformed) {
try {
// (a) (1)
//
CertPathValidatorUtilities.verifyX509Certificate(cert, workingPublicKey, paramsPKIX.getSigProvider());
} catch (GeneralSecurityException e) {
throw new ExtCertPathValidatorException("Could not validate certificate signature.", e, certPath, index);
}
}
try {
// (a) (2)
//
cert.checkValidity(CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index));
} catch (CertificateExpiredException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (CertificateNotYetValidException e) {
throw new ExtCertPathValidatorException("Could not validate certificate: " + e.getMessage(), e, certPath, index);
} catch (AnnotatedException e) {
throw new ExtCertPathValidatorException("Could not validate time of certificate.", e, certPath, index);
}
//
if (paramsPKIX.isRevocationEnabled()) {
try {
checkCRLs(paramsPKIX, cert, CertPathValidatorUtilities.getValidCertDateFromValidityModel(paramsPKIX, certPath, index), sign, workingPublicKey, certs);
} catch (AnnotatedException e) {
Throwable cause = e;
if (null != e.getCause()) {
cause = e.getCause();
}
throw new ExtCertPathValidatorException(e.getMessage(), cause, certPath, index);
}
}
//
if (!CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert).equals(workingIssuerName)) {
throw new ExtCertPathValidatorException("IssuerName(" + CertPathValidatorUtilities.getEncodedIssuerPrincipal(cert) + ") does not match SubjectName(" + workingIssuerName + ") of signing certificate.", null, certPath, index);
}
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
ExtCertPathValidatorException(org.bouncycastle.jce.exception.ExtCertPathValidatorException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
GeneralSecurityException(java.security.GeneralSecurityException)
List(java.util.List)
ArrayList(java.util.ArrayList)
X509Certificate(java.security.cert.X509Certificate)
Example 22 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project jdk8u_jdk by JetBrains.
the class SignatureFile method printCert.
/*
* Display some details about a certificate:
*
* [<tab>] <cert-type> [", " <subject-DN>] [" (" <keystore-entry-alias> ")"]
* [<validity-period> | <expiry-warning>]
*
* Note: no newline character at the end
*/
String printCert(String tab, Certificate c, boolean checkValidityPeriod, Date timestamp, boolean checkUsage) {
StringBuilder certStr = new StringBuilder();
String space = rb.getString("SPACE");
X509Certificate x509Cert = null;
if (c instanceof X509Certificate) {
x509Cert = (X509Certificate) c;
certStr.append(tab).append(x509Cert.getType()).append(rb.getString("COMMA")).append(x509Cert.getSubjectDN().getName());
} else {
certStr.append(tab).append(c.getType());
}
String alias = storeHash.get(c);
if (alias != null) {
certStr.append(space).append(alias);
}
if (checkValidityPeriod && x509Cert != null) {
certStr.append("\n").append(tab).append("[");
Date notAfter = x509Cert.getNotAfter();
try {
boolean printValidity = true;
if (timestamp == null) {
if (expireDate.getTime() == 0 || expireDate.after(notAfter)) {
expireDate = notAfter;
}
x509Cert.checkValidity();
// test if cert will expire within six months
if (notAfter.getTime() < System.currentTimeMillis() + SIX_MONTHS) {
hasExpiringCert = true;
if (expiringTimeForm == null) {
expiringTimeForm = new MessageFormat(rb.getString("certificate.will.expire.on"));
}
Object[] source = { notAfter };
certStr.append(expiringTimeForm.format(source));
printValidity = false;
}
} else {
x509Cert.checkValidity(timestamp);
}
if (printValidity) {
if (validityTimeForm == null) {
validityTimeForm = new MessageFormat(rb.getString("certificate.is.valid.from"));
}
Object[] source = { x509Cert.getNotBefore(), notAfter };
certStr.append(validityTimeForm.format(source));
}
} catch (CertificateExpiredException cee) {
hasExpiredCert = true;
if (expiredTimeForm == null) {
expiredTimeForm = new MessageFormat(rb.getString("certificate.expired.on"));
}
Object[] source = { notAfter };
certStr.append(expiredTimeForm.format(source));
} catch (CertificateNotYetValidException cnyve) {
notYetValidCert = true;
if (notYetTimeForm == null) {
notYetTimeForm = new MessageFormat(rb.getString("certificate.is.not.valid.until"));
}
Object[] source = { x509Cert.getNotBefore() };
certStr.append(notYetTimeForm.format(source));
}
certStr.append("]");
if (checkUsage) {
boolean[] bad = new boolean[3];
checkCertUsage(x509Cert, bad);
if (bad[0] || bad[1] || bad[2]) {
String x = "";
if (bad[0]) {
x = "KeyUsage";
}
if (bad[1]) {
if (x.length() > 0)
x = x + ", ";
x = x + "ExtendedKeyUsage";
}
if (bad[2]) {
if (x.length() > 0)
x = x + ", ";
x = x + "NetscapeCertType";
}
certStr.append("\n").append(tab).append(MessageFormat.format(rb.getString(".{0}.extension.does.not.support.code.signing."), x));
}
}
}
return certStr.toString();
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
MessageFormat(java.text.MessageFormat)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
Example 23 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project oxAuth by GluuFederation.
the class GenericCertificateVerifier method validate.
@Override
public ValidationStatus validate(X509Certificate certificate, List<X509Certificate> issuers, Date validationDate) {
X509Certificate issuer = issuers.get(0);
ValidationStatus status = new ValidationStatus(certificate, issuer, validationDate, ValidatorSourceType.APP, CertificateValidity.UNKNOWN);
try {
Principal subjectX500Principal = certificate.getSubjectX500Principal();
try {
log.debug("Validity status is valid for '" + subjectX500Principal + "'");
certificate.checkValidity(validationDate);
status.setValidity(CertificateValidity.VALID);
} catch (CertificateExpiredException ex) {
log.debug("Validity status is expied for '" + subjectX500Principal + "'");
} catch (CertificateNotYetValidException ex) {
log.warn("Validity status is not yet valid for '" + subjectX500Principal + "'");
}
} catch (Exception ex) {
log.error("CRL exception: ", ex);
}
return status;
}
Also used :
ValidationStatus(org.xdi.oxauth.cert.validation.model.ValidationStatus)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
X509Certificate(java.security.cert.X509Certificate)
Principal(java.security.Principal)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
Example 24 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project nhin-d by DirectProject.
the class CertificateStore method filterUsable.
/*
* Removed certs that are not valid due to date expiration, CLR lists, or other revocation criteria
*/
protected Collection<X509Certificate> filterUsable(Collection<X509Certificate> certs) {
Collection<X509Certificate> filteredCerts = new ArrayList<X509Certificate>();
for (X509Certificate cert : certs) {
try {
/*
* flow control based on exception handling is generally bad
* practice, but this is how the X509Certificate checks validity
* based on date (instead of returning a boolean)
*/
cert.checkValidity(new GregorianCalendar().getTime());
// Search CRLs to determine if this certificate has been revoked
final RevocationManager revocationManager = CRLRevocationManager.getInstance();
if (!revocationManager.isRevoked(cert))
filteredCerts.add(cert);
} catch (CertificateExpiredException e) {
final StringBuilder builder = new StringBuilder("Certificate has expired.\r\n\tExpiration: ").append(cert.getNotAfter());
builder.append("\r\n\tDN: ").append(cert.getSubjectDN());
builder.append("\r\n\tSerial Number: ").append(cert.getSerialNumber().toString(16));
LOGGER.warn(builder.toString());
} catch (CertificateNotYetValidException e) {
final StringBuilder builder = new StringBuilder("Certificate is not yet valid.\r\n\nNot Before: ").append(cert.getNotBefore());
builder.append("\r\n\tDN: ").append(cert.getSubjectDN());
builder.append("\r\n\tSerial Number: ").append(cert.getSerialNumber().toString(16));
LOGGER.warn(builder.toString());
} catch (Exception e) {
LOGGER.warn("filterUsable(Collection<X509Certificate> certs) - Certificate with DN " + cert.getSubjectDN() + " is not valid.", e);
}
}
return filteredCerts.size() == 0 ? null : filteredCerts;
}
Also used :
CRLRevocationManager(org.nhindirect.stagent.cert.impl.CRLRevocationManager)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
ArrayList(java.util.ArrayList)
GregorianCalendar(java.util.GregorianCalendar)
X509Certificate(java.security.cert.X509Certificate)
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
NHINDException(org.nhindirect.stagent.NHINDException)
Example 25 with CertificateNotYetValidException
use of java.security.cert.CertificateNotYetValidException in project Payara by payara.
the class KeystoreManager method getValidCertificateAliases.
protected Map<String, Certificate> getValidCertificateAliases(KeyStore keyStore, String keyStorePassword) throws RepositoryException {
Map<String, Certificate> validCerts = new HashMap<>();
try {
for (String alias : Collections.list(keyStore.aliases())) {
Certificate cert = keyStore.getCertificate(alias);
if (cert.getType().equals("X.509")) {
X509Certificate xCert = (X509Certificate) cert;
try {
xCert.checkValidity();
validCerts.put(alias, cert);
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
// Ignore invalid certificates
}
}
}
} catch (KeyStoreException ex) {
throw new RepositoryException("Keystore hasn't been initialized.", ex);
}
return validCerts;
}
Also used :
CertificateNotYetValidException(java.security.cert.CertificateNotYetValidException)
CertificateExpiredException(java.security.cert.CertificateExpiredException)
HashMap(java.util.HashMap)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
CertificateNotYetValidException (java.security.cert.CertificateNotYetValidException)32
CertificateExpiredException (java.security.cert.CertificateExpiredException)26
X509Certificate (java.security.cert.X509Certificate)25
CertificateException (java.security.cert.CertificateException)10
GeneralSecurityException (java.security.GeneralSecurityException)6
Certificate (java.security.cert.Certificate)6
ArrayList (java.util.ArrayList)6
IOException (java.io.IOException)5
KeyStoreException (java.security.KeyStoreException)5
Date (java.util.Date)5
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
Principal (java.security.Principal)4
File (java.io.File)3
FileNotFoundException (java.io.FileNotFoundException)3
MessageFormat (java.text.MessageFormat)3
List (java.util.List)3
FileInputStream (java.io.FileInputStream)2
BigInteger (java.math.BigInteger)2
SocketTimeoutException (java.net.SocketTimeoutException)2
URISyntaxException (java.net.URISyntaxException)2
