List of usage examples for java.security.cert CertificateExpiredException getMessage
public String getMessage()
From source file:com.vangent.hieos.services.sts.util.STSUtil.java
/** * * @param cert// w ww . j a v a 2s.co m * @param trustStore * @throws STSException */ public static void validateCertificate(X509Certificate cert, KeyStore trustStore) throws STSException { try { // To check the validity of the dates cert.checkValidity(); } catch (CertificateExpiredException ex) { throw new STSException("Certificate expired: " + ex.getMessage()); } catch (CertificateNotYetValidException ex) { throw new STSException("Certificate not yet valid: " + ex.getMessage()); } // Check the chain. try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); List<X509Certificate> mylist = new ArrayList<X509Certificate>(); mylist.add(cert); CertPath cp = cf.generateCertPath(mylist); PKIXParameters params = new PKIXParameters(trustStore); // FIXME: Add revocation checking. params.setRevocationEnabled(false); CertPathValidator cpv = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); PKIXCertPathValidatorResult pkixCertPathValidatorResult = (PKIXCertPathValidatorResult) cpv.validate(cp, params); if (logger.isDebugEnabled()) { logger.debug(pkixCertPathValidatorResult); } } catch (Exception ex) { throw new STSException("Exception while validating Certificate: " + ex.getMessage()); } }
From source file:be.fedict.trust.TrustValidator.java
/** * Validate the specified encoded {@link X509V2AttributeCertificate}'s. The * supplied certificate path will also be validated and used to validate the * attribute certificates.//from www. j a v a 2s . c o m * * @param encodedAttributeCertificates * the encoded X509V2 attribute certificate. * * @param certificatePath * the certificate path. * @param validationDate * the validation date. * @throws CertPathValidatorException */ public void isTrusted(List<byte[]> encodedAttributeCertificates, List<X509Certificate> certificatePath, Date validationDate) throws CertPathValidatorException { try { /* * Validate the supplied certificate path */ isTrusted(certificatePath, validationDate); /* * Validate the attribute certificates */ for (byte[] encodedAttributeCertificate : encodedAttributeCertificates) { X509V2AttributeCertificate attributeCertificate = new X509V2AttributeCertificate( encodedAttributeCertificate); // check validity attributeCertificate.checkValidity(); if (certificatePath.size() < 2) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_TRUST, "Certificate path should at least contain 2 certificates"); throw new CertPathValidatorException(this.result.getMessage()); } // validate the signature on the attribute certificate against // the attribute certificate's holder X509Certificate issuerCertificate = certificatePath.get(1); attributeCertificate.verify(issuerCertificate.getPublicKey(), "BC"); } } catch (CertificateExpiredException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_VALIDITY_INTERVAL, "CertificateExpiredException: " + e.getMessage()); } catch (InvalidKeyException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "InvalidKeyException: " + e.getMessage()); } catch (CertificateException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "CertificateException: " + e.getMessage()); } catch (NoSuchAlgorithmException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "NoSuchAlgorithmException: " + e.getMessage()); } catch (NoSuchProviderException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "NoSuchProviderException: " + e.getMessage()); } catch (SignatureException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "SignatureException: " + e.getMessage()); } catch (IOException e) { this.result = new TrustLinkerResult(false, TrustLinkerResultReason.INVALID_SIGNATURE, "IOException: " + e.getMessage()); } }
From source file:org.cesecore.certificates.ca.CaSessionBean.java
/** * Checks if the CA certificate has expired (or is not yet valid) since last check. * Logs an info message first time that the CA certificate has expired, or every time when not yet valid. * /* w w w. ja v a 2 s. c o m*/ * @return the true if the CA is expired */ private boolean hasCAExpiredNow(final CA ca) { boolean expired = false; // Check that CA hasn't expired. try { CertTools.checkValidity(ca.getCACertificate(), new Date()); } catch (CertificateExpiredException cee) { // Signers Certificate has expired, we want to make sure that the // status in the database is correctly EXPIRED for this CA // Don't set external CAs to expired though, because they should always be treated as external CAs if (ca.getStatus() != CAConstants.CA_EXPIRED && ca.getStatus() != CAConstants.CA_EXTERNAL) { log.info(intres.getLocalizedMessage("caadmin.caexpired", ca.getSubjectDN()) + " " + cee.getMessage()); expired = true; } } catch (CertificateNotYetValidException e) { // Signers Certificate is not yet valid. log.warn(intres.getLocalizedMessage("caadmin.canotyetvalid", ca.getSubjectDN()) + " " + e.getMessage()); } return expired; }