/** * verify that the given certificate successfully handles and confirms * the signature associated with this signer and, if a signingTime * attribute is available, that the certificate was valid at the time the * signature was generated. * @deprecated use verify(ContentVerifierProvider) */ public boolean verify( X509Certificate cert, Provider sigProvider) throws NoSuchAlgorithmException, CertificateExpiredException, CertificateNotYetValidException, CMSException { Time signingTime = getSigningTime(); if (signingTime != null) { cert.checkValidity(signingTime.getDate()); } return doVerify(cert.getPublicKey(), sigProvider); }
public static String getCertificateValidityString(X509Certificate cert, Resources res) { try { cert.checkValidity(); } catch (CertificateExpiredException ce) { return "EXPIRED: "; } catch (CertificateNotYetValidException cny) { return "NOT YET VALID: "; } Date certNotAfter = cert.getNotAfter(); Date now = new Date(); long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms // More than 72h left, display days // More than 3 months display months if (timeLeft > 90l * 24 * 3600 * 1000) { long months = getMonthsDifference(now, certNotAfter); return res.getString(R.string.months_left, months); } else if (timeLeft > 72 * 3600 * 1000) { long days = timeLeft / (24 * 3600 * 1000); return res.getString(R.string.days_left, days); } else { long hours = timeLeft / (3600 * 1000); return res.getString(R.string.hours_left, hours); } }
/** * Verify that that the passed time is within the validity period. * * @exception CertificateExpiredException if the certificate has expired * with respect to the <code>Date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not * yet valid with respect to the <code>Date</code> supplied. * */ public void valid(Date now) throws CertificateNotYetValidException, CertificateExpiredException { /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() * and before() to do something entirely different. */ if (notBefore.after(now)) { throw new CertificateNotYetValidException("NotBefore: " + notBefore.toString()); } if (notAfter.before(now)) { throw new CertificateExpiredException("NotAfter: " + notAfter.toString()); } }
/** * Verify that that the passed time is within the validity period. * * @exception CertificateExpiredException if the certificate has expired * with respect to the <code>Date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not * yet valid with respect to the <code>Date</code> supplied. * */ public void valid(Date now) throws CertificateNotYetValidException, CertificateExpiredException { Objects.requireNonNull(now); /* * we use the internal Dates rather than the passed in Date * because someone could override the Date methods after() * and before() to do something entirely different. */ if (notBefore != null && notBefore.after(now)) { throw new CertificateNotYetValidException("NotBefore: " + notBefore.toString()); } if (notAfter != null && notAfter.before(now)) { throw new CertificateExpiredException("NotAfter: " + notAfter.toString()); } }
@Test public void sign() { final DistinguishedName caName = dn("CN=CA-Test"); final RootCertificate ca = createSelfSignedCertificate(caName).build(); final CSR csr = createCsr().generateRequest(dn("CN=test")); final X509Certificate cert = ca.signCsr(csr) .setRandomSerialNumber() .sign() .getX509Certificate(); try { cert.checkValidity(); } catch (CertificateExpiredException | CertificateNotYetValidException e) { fail("Invalid certificate: " + e.toString()); } assertEquals("CN=CA-Test", cert.getIssuerX500Principal().getName()); assertEquals("CN=test", cert.getSubjectX500Principal().getName()); assertEquals(csr.getPublicKey(), cert.getPublicKey()); }
@Test public void test_generateSelfSignedX509CertificateV1() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException { final DistinguishedName issuer = issuer(); final X500Principal principal = issuer.toX500Principal(); final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE); final KeyPair keyPair = keyPairGenerator.generateKeyPair(); final SelfSignedX509V1CertRequest request = new SelfSignedX509V1CertRequest( principal, BigInteger.ONE, Instant.now(), Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)), keyPair ); log.info(String.format("request : %s", request)); final X509Certificate cert = certificateService.generateSelfSignedX509CertificateV1(request); log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion())); assertThat(cert.getVersion(), is(1)); cert.checkValidity(); assertThat(Arrays.areEqual(principal.getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true)); cert.verify(cert.getPublicKey()); }
@Override public boolean checkCertificateValidity() { X509Certificate sigCert = getCertSign(); X509Certificate encCert = getCertEnc(); if (null == sigCert || null == encCert) { logger.error("Cannot obtain Certificates for validation"); // treat as invalid return false; } Date now = new Date(); try { sigCert.checkValidity(now); encCert.checkValidity(now); } catch (CertificateExpiredException | CertificateNotYetValidException e) { // certificate not (yet) valid return false; } return true; }
public VerificationResultCode verifySignature(VerificationContext context) throws KSIException { Date validAt = context.getSignature().getAggregationTime(); SignatureData signatureData = context.getCalendarAuthenticationRecord().getSignatureData(); Certificate certificate = context.getCertificate(signatureData.getCertificateId()); if (certificate instanceof X509Certificate) { try { ((X509Certificate) certificate).checkValidity(validAt); return VerificationResultCode.OK; } catch (CertificateExpiredException | CertificateNotYetValidException e) { LOGGER.info("Certificate id {} was not valid at the aggregation time {}", Base16.encode(signatureData.getCertificateId()), validAt); } } LOGGER.info("Unable to check certificate validity, id = {}", Base16.encode(signatureData.getCertificateId())); return VerificationResultCode.FAIL; }
private boolean isValidSigningCertificateChain(X509Certificate[] signingCertificateChain) { // Verify issuing chain if (signingCertificateChain.length > 1) { X500Principal expectedPrincipal = signingCertificateChain[0].getIssuerX500Principal(); for (int i = 1; i < signingCertificateChain.length; ++i) { // start at the direct issuer X500Principal subject = signingCertificateChain[i].getSubjectX500Principal(); if (!subject.equals(expectedPrincipal)) { LOG.error("Expecting: " + expectedPrincipal + " But found: " + subject); return false; } expectedPrincipal = signingCertificateChain[i].getIssuerX500Principal(); } } // Check validity of the signing certificate; try { signingCertificateChain[0].checkValidity(); } catch (CertificateExpiredException | CertificateNotYetValidException e) { LOG.error("Signing certificate was invalid!"); return false; } // All good return true; }
/** * @see java.security.cert.X509Certificate#checkValidity() * method documentation for more information. */ public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = System.currentTimeMillis(); if (time < notBefore) { throw new CertificateNotYetValidException(); } if (time > notAfter) { throw new CertificateExpiredException(); } }
/** * @see java.security.cert.X509Certificate#checkValidity(Date) * method documentation for more information. */ public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = date.getTime(); if (time < notBefore) { // BEGIN android-changed throw new CertificateNotYetValidException("current time: " + date + ", validation time: " + new Date(notBefore)); // END android-changed } if (time > notAfter) { // BEGIN android-changed throw new CertificateExpiredException("current time: " + date + ", expiration time: " + new Date(notAfter)); // END android-changed } }
/** * @see java.security.cert.X509Certificate#checkValidity(Date) * method documentation for more information. */ public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = date.getTime(); if (time < notBefore) { throw new CertificateNotYetValidException(); } if (time > notAfter) { throw new CertificateExpiredException(); } }
private void checkCertificatesValidity(KeyStore keyStore) throws KeyStoreException { if (ROOT_LOGGER.isEnabled(Logger.Level.WARN)) { Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate certificate = keyStore.getCertificate(alias); if (certificate != null && certificate instanceof X509Certificate) { try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException | CertificateNotYetValidException e) { ROOT_LOGGER.certificateNotValid(alias, e); } } } } }
/** * @see X509Certificate#checkValidity() * method documentation for more information. */ public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = System.currentTimeMillis(); if (time < notBefore) { throw new CertificateNotYetValidException(); } if (time > notAfter) { throw new CertificateExpiredException(); } }
/** * @see X509Certificate#checkValidity(Date) * method documentation for more information. */ public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException { if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = date.getTime(); if (time < notBefore) { throw new CertificateNotYetValidException(); } if (time > notAfter) { throw new CertificateExpiredException(); } }
@Override public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException { if (!this.valid) { throw new CertificateExpiredException(); } }
@Override public void checkValidity(final Date arg0) throws CertificateExpiredException, CertificateNotYetValidException { if (!this.valid) { throw new CertificateExpiredException(); } }