Java源码示例:java.security.cert.CertificateExpiredException
示例1
@Override
public boolean isTrusted(final X509Certificate[] chain, String authType) throws CertificateException {
try {
if (super.isTrusted(chain, authType))
return true;
// check expiration dates
for (X509Certificate x5 : chain) {
try {
x5.checkValidity();
} catch (CertificateExpiredException | CertificateNotYetValidException ce) {
return true;
}
}
} catch (CertificateException e) {
return true; // temporary
}
return false;
}
示例2
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l * 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
示例3
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例4
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例5
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例6
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l * 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
示例7
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例8
/**
* Verify that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例9
/**
* Verify that that the passed time is within the validity period.
*
* @exception CertificateExpiredException if the certificate has expired
* with respect to the <code>Date</code> supplied.
* @exception CertificateNotYetValidException if the certificate is not
* yet valid with respect to the <code>Date</code> supplied.
*
*/
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
Objects.requireNonNull(now);
/*
* we use the internal Dates rather than the passed in Date
* because someone could override the Date methods after()
* and before() to do something entirely different.
*/
if (notBefore != null && notBefore.after(now)) {
throw new CertificateNotYetValidException("NotBefore: " +
notBefore.toString());
}
if (notAfter != null && notAfter.before(now)) {
throw new CertificateExpiredException("NotAfter: " +
notAfter.toString());
}
}
示例10
private void checkTrustStoreEntries(KeyStore trustStore) throws Exception {
Enumeration<String> aliases = trustStore.aliases();
if (aliases != null) {
Date now = new Date();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (trustStore.isCertificateEntry(alias)) {
Certificate cert = trustStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
try {
((X509Certificate) cert).checkValidity(now);
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
String msg = sm.getString("jsseUtil.trustedCertNotValid", alias,
((X509Certificate) cert).getSubjectDN(), e.getMessage());
if (log.isDebugEnabled()) {
log.debug(msg, e);
} else {
log.warn(msg);
}
}
} else {
if (log.isDebugEnabled()) {
log.debug(sm.getString("jsseUtil.trustedCertNotChecked", alias));
}
}
}
}
}
}
示例11
@Override
public X509Certificate getValidCertificate() {
for (X509Certificate x509Cert : certificates.values()) {
try {
x509Cert.checkValidity();
return x509Cert;
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
continue;
}
}
throw new NoSuchElementException("没有有效的微信支付平台证书");
}
示例12
/**
* 反序列化证书并解密
*/
private List<X509Certificate> deserializeToCerts(byte[] apiV3Key, String body)
throws GeneralSecurityException, IOException {
AesUtil decryptor = new AesUtil(apiV3Key);
ObjectMapper mapper = new ObjectMapper();
JsonNode dataNode = mapper.readTree(body).get("data");
List<X509Certificate> newCertList = new ArrayList<>();
if (dataNode != null) {
for (int i = 0, count = dataNode.size(); i < count; i++) {
JsonNode encryptCertificateNode = dataNode.get(i).get("encrypt_certificate");
//解密
String cert = decryptor.decryptToString(
encryptCertificateNode.get("associated_data").toString().replaceAll("\"", "")
.getBytes("utf-8"),
encryptCertificateNode.get("nonce").toString().replaceAll("\"", "")
.getBytes("utf-8"),
encryptCertificateNode.get("ciphertext").toString().replaceAll("\"", ""));
CertificateFactory cf = CertificateFactory.getInstance("X509");
X509Certificate x509Cert = (X509Certificate) cf.generateCertificate(
new ByteArrayInputStream(cert.getBytes("utf-8"))
);
try {
x509Cert.checkValidity();
} catch (CertificateExpiredException | CertificateNotYetValidException e) {
continue;
}
newCertList.add(x509Cert);
}
}
return newCertList;
}
示例13
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l* 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
示例14
@Test
public void testUseOfExpiredTrustAnchorDenied() throws Exception
{
final KeyCertificatePair keyCertPair = createExpiredCertificate();
final Path certificatePath = TLS_RESOURCE.saveCertificateAsPem(keyCertPair.getCertificate());
Map<String, Object> attributes = new HashMap<>();
attributes.put(NonJavaTrustStore.NAME, NAME);
attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
attributes.put(NonJavaTrustStore.CERTIFICATES_URL, certificatePath.toFile().getAbsolutePath());
attributes.put(NonJavaTrustStore.TYPE, NON_JAVA_TRUST_STORE);
TrustStore<?> trustStore = createTestTrustStore(attributes);
TrustManager[] trustManagers = trustStore.getTrustManagers();
assertNotNull(trustManagers);
assertEquals("Unexpected number of trust managers", 1, trustManagers.length);
final boolean condition = trustManagers[0] instanceof X509TrustManager;
assertTrue("Unexpected trust manager type", condition);
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
try
{
trustManager.checkClientTrusted(new X509Certificate[]{keyCertPair.getCertificate()}, "NULL");
fail("Exception not thrown");
}
catch (CertificateException e)
{
if (e instanceof CertificateExpiredException || "Certificate expired".equals(e.getMessage()))
{
// IBMJSSE2 does not throw CertificateExpiredException, it throws a CertificateException
// PASS
}
else
{
throw e;
}
}
}
示例15
@Parameterized.Parameters(name = "{index}: serverProvider = {0}, clientProvider = {1}, exception = {2}")
public static Collection<Object[]> data() {
List<SslProvider> serverProviders = new ArrayList<SslProvider>(2);
List<SslProvider> clientProviders = new ArrayList<SslProvider>(3);
if (OpenSsl.isAvailable()) {
serverProviders.add(SslProvider.OPENSSL);
serverProviders.add(SslProvider.OPENSSL_REFCNT);
clientProviders.add(SslProvider.OPENSSL);
clientProviders.add(SslProvider.OPENSSL_REFCNT);
}
// We not test with SslProvider.JDK on the server side as the JDK implementation currently just send the same
// alert all the time, sigh.....
clientProviders.add(SslProvider.JDK);
List<CertificateException> exceptions = new ArrayList<CertificateException>(6);
exceptions.add(new CertificateExpiredException());
exceptions.add(new CertificateNotYetValidException());
exceptions.add(new CertificateRevokedException(
new Date(), CRLReason.AA_COMPROMISE, new X500Principal(""),
Collections.<String, Extension>emptyMap()));
// Also use wrapped exceptions as this is what the JDK implementation of X509TrustManagerFactory is doing.
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.EXPIRED));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.NOT_YET_VALID));
exceptions.add(newCertificateException(CertPathValidatorException.BasicReason.REVOKED));
List<Object[]> params = new ArrayList<Object[]>();
for (SslProvider serverProvider: serverProviders) {
for (SslProvider clientProvider: clientProviders) {
for (CertificateException exception: exceptions) {
params.add(new Object[] { serverProvider, clientProvider, exception});
}
}
}
return params;
}
示例16
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
示例17
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
示例18
public static void verifyValiditySigningCert(DateTime signingTime, SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity(signingTime.toDate());
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
示例19
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
示例20
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
示例21
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, Integer.valueOf(5));
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration.intValue(), timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
示例22
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
示例23
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, Integer.valueOf(5));
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration.intValue(), timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
示例24
private void verifyValidity(SignatureVerificationResult result) {
try {
result.getSigningCert().checkValidity();
} catch (CertificateExpiredException var3) {
LOG.error("Signing certificate expired.", var3);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var4) {
LOG.error("Signing certificate not yet valid.", var4);
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
示例25
protected void validateChain(SignatureVerificationResult result, Map<String, Object> options) throws TechnicalConnectorException {
Integer duration = (Integer)SignatureUtils.getOption("SigningTimeClockSkewDuration", options, 5);
TimeUnit timeUnit = (TimeUnit)SignatureUtils.getOption("SigningTimeClockSkewTimeUnit", options, TimeUnit.MINUTES);
CertificateChecker certChecker = CertificateCheckerFactory.getCertificateChecker();
Iterator i$ = result.getCertChain().iterator();
while(i$.hasNext()) {
X509Certificate cert = (X509Certificate)i$.next();
try {
cert.checkValidity(result.getVerifiedSigningTime(duration, timeUnit).toDate());
} catch (CertificateExpiredException var10) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_EXPIRED);
} catch (CertificateNotYetValidException var11) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_NOT_YET_VALID);
}
}
try {
if (!certChecker.isValidCertificateChain(result.getCertChain())) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_NOT_TRUSTED);
}
this.validateEndCertificate(result, certChecker, duration, timeUnit);
} catch (TechnicalConnectorException var9) {
result.getErrors().add(SignatureVerificationError.CERTIFICATE_CHAIN_COULD_NOT_BE_VERIFIED);
}
}
示例26
private CertificateStatus validateCertificates(Certificate[] certificates) {
for (Certificate certificate : certificates) {
if (certificate instanceof X509Certificate) {
try {
certificateReport += "Certificate:\n" + certificate + "\n";
// Check the expiration date
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity();
certificateReport += "Certificate is active for current date.\n\n";
// Check the public key bit length is at least 2048
PublicKey key = x509Certificate.getPublicKey();
int keyLength = 0;
if (key instanceof RSAPublicKey) {
keyLength = ((RSAPublicKey) key).getModulus().bitLength();
} else if (key instanceof DSAPublicKey) {
keyLength = ((DSAPublicKey) key).getParams().getP().bitLength();
}
if (keyLength >= 2048) {
certificateReport += "Certificate has valid public key length: " + keyLength + "\n\n";
return CertificateStatus.CERTIFICATE_VALID;
}
return CertificateStatus.PUBLIC_KEY_INVALID_LENGTH;
} catch (CertificateExpiredException cee) {
certificateReport += "Certificate is expired.\n";
return CertificateStatus.CERTIFICATE_EXPIRED;
} catch (CertificateNotYetValidException e) {
certificateReport += "Certificate not yet valid.\n";
return CertificateStatus.CERTIFICATE_NOT_YET_VALID;
}
} else {
certificateReport += "Unsupported certificate type.\n";
return CertificateStatus.CERTIFICATE_TYPE_UNSUPPORTED;
}
}
return CertificateStatus.CERTIFICATE_INVALID;
}
示例27
/**
* Extract the client certificate from the specified HttpServletRequest or null if none is specified.
*
* @param certificates the client certificates
* @throws java.security.cert.CertificateExpiredException cert is expired
* @throws java.security.cert.CertificateNotYetValidException cert is not yet valid
* @throws org.apache.nifi.web.security.x509.ocsp.CertificateStatusException ocsp validation issue
*/
public void validateClientCertificate(final X509Certificate[] certificates)
throws CertificateExpiredException, CertificateNotYetValidException, CertificateStatusException {
// ensure the cert is valid
certificates[0].checkValidity();
// perform ocsp validator if necessary
ocspValidator.validate(certificates);
}
示例28
private X509Certificate selectSigningKeyFromXML(List xmlElements) throws KeyStoreException, CertificateNotYetValidException {
PublicKey recovered = recoverPublicKeyFromXML(xmlElements);
//Certificates from the XML might be in the wrong order
List<X509Certificate> certList = reorderCertificateChain(getCertificateChainFromXML(xmlElements));
for (X509Certificate crt : certList)
{
try
{
crt.checkValidity();
}
catch (CertificateExpiredException e)
{
//allow this
System.out.println("Allowing expired cert: " + e.getMessage());
continue;
}
if (recovered != null)
{
PublicKey certKey = crt.getPublicKey();
if (Arrays.equals(recovered.getEncoded(), certKey.getEncoded()))
{
return crt;
}
}
else if (crt.getSigAlgName().equals("SHA256withECDSA"))
{
return crt;
}
}
//if non recovered, simply return the first certificate?
return certList.get(0);
}
示例29
@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
示例30
@Override
public void checkValidity(final Date arg0)
throws CertificateExpiredException, CertificateNotYetValidException {
if (!this.valid) {
throw new CertificateExpiredException();
}
}
