List of usage examples for java.security.cert X509Certificate checkValidity
public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException;
From source file:com.groupon.odo.bmp.Utils.java
/** * Gets a keystore manager for a given hostname * Creates one/key if it does not already exist * @param hostname/*from w w w. ja va 2 s . co m*/ * @return * @throws Exception */ public static KeyStoreManager getKeyStoreManager(String hostname) throws Exception { File root = getKeyStoreRoot(hostname); // create entry KeyStoreManager keyStoreManager = new KeyStoreManager(root); // under the hood this will generate the cert if it doesn't exist keyStoreManager.getCertificateByHostname(hostname); // use this since getCertificateByHostname always returns null, but hostname == alias for our purpose X509Certificate cert = keyStoreManager.getCertificateByAlias(hostname); try { cert.checkValidity(); } catch (CertificateExpiredException cee) { // if the cert is expired we should destroy it and recursively call this function keyStoreManager = null; FileUtils.deleteDirectory(root); return getKeyStoreManager(hostname); } return keyStoreManager; }
From source file:org.roda.core.plugins.plugins.characterization.OOXMLSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { boolean isValid = true; try (OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ)) { SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg);/* ww w . j a va 2s . co m*/ SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); Iterable<SignaturePart> it = si.getSignatureParts(); if (it != null) { for (SignaturePart sp : it) { isValid = isValid && sp.validate(); Set<Certificate> trustedRootCerts = new HashSet<>(); Set<Certificate> intermediateCerts = new HashSet<>(); List<X509Certificate> certChain = sp.getCertChain(); for (X509Certificate c : certChain) { c.checkValidity(); if (SignatureUtils.isCertificateSelfSigned(c)) { trustedRootCerts.add(c); } else { intermediateCerts.add(c); } } SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0)); } } } catch (InvalidFormatException e) { return "Error opening a document file"; } catch (CertificateExpiredException e) { return "Contains expired certificates"; } catch (CertificateNotYetValidException e) { return "Contains certificates not yet valid"; } return isValid ? "Passed" : "Not passed"; }
From source file:org.roda.common.certification.OOXMLSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { boolean isValid = true; try {// w w w. ja va 2s . c om OPCPackage pkg = OPCPackage.open(input.toString(), PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); Iterable<SignaturePart> it = si.getSignatureParts(); if (it != null) { for (SignaturePart sp : it) { isValid = isValid && sp.validate(); Set<Certificate> trustedRootCerts = new HashSet<Certificate>(); Set<Certificate> intermediateCerts = new HashSet<Certificate>(); List<X509Certificate> certChain = sp.getCertChain(); for (X509Certificate c : certChain) { c.checkValidity(); if (SignatureUtils.isCertificateSelfSigned(c)) trustedRootCerts.add(c); else intermediateCerts.add(c); } SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certChain.get(0)); } } pkg.close(); } catch (InvalidFormatException e) { return "Error opening a document file"; } catch (CertificateExpiredException e) { return "Contains expired certificates"; } catch (CertificateNotYetValidException e) { return "Contains certificates not yet valid"; } return isValid ? "Passed" : "Not passed"; }
From source file:com.eucalyptus.auth.euare.EuareServerCertificateUtil.java
public static boolean verifyCertificate(final String certPem, final boolean checkSigner) { try {//from w ww .j a va 2s . com final X509Certificate cert = PEMFiles.getCert(B64.standard.dec(certPem)); cert.checkValidity(); if (checkSigner) { final Credentials euareCred = SystemCredentials.lookup(Euare.class); final X509Certificate signer = euareCred.getCertificate(); cert.verify(signer.getPublicKey()); } return true; } catch (final Exception ex) { return false; } }
From source file:net.shirayu.android.WlanLogin.MyHttpClient.java
public static X509Certificate readPem(InputStream stream) throws CertificateException, NoSuchProviderException, IOException { CertPath cp;/*from w ww . j a va 2 s . co m*/ try { CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); cp = cf.generateCertPath(stream, "PEM"); } finally { stream.close(); } List<? extends Certificate> certs = cp.getCertificates(); if (certs.size() < 1) { throw new CertificateException("Certificate list is empty"); } else if (certs.size() > 1) { throw new CertificateException("Intermediate certificate is not allowed"); } if (certs.get(0) instanceof X509Certificate) { X509Certificate cert = (X509Certificate) certs.get(0); cert.checkValidity(); return cert; } else { throw new CertificateException("Certificate is not X509Certificate"); } }
From source file:com.pieframework.runtime.utils.CertificateUtils.java
public static String encryptPassword(String rdpPassword, X509Certificate certificate) { Security.addProvider(new BouncyCastleProvider()); String encryptedPassword = ""; //get PrivateKey And certificate from pfx file try {/*from w w w.ja va2 s.co m*/ certificate.checkValidity(); CMSEnvelopedDataGenerator envDataGen = new CMSEnvelopedDataGenerator(); envDataGen.addKeyTransRecipient(certificate); CMSProcessable envData = new CMSProcessableByteArray(rdpPassword.getBytes()); CMSEnvelopedData enveloped = envDataGen.generate(envData, CMSEnvelopedDataGenerator.DES_EDE3_CBC, "BC"); byte[] data = enveloped.getEncoded(); encryptedPassword = new String(Base64.encodeBase64(data)); } catch (Exception e) { e.printStackTrace(); } return encryptedPassword; }
From source file:ee.ria.xroad.common.request.ManagementRequestHandler.java
private static void verifyCertificate(X509Certificate ownerCert, OCSPResp ownerCertOcsp) throws Exception { try {// ww w . j a va 2s . c om ownerCert.checkValidity(); } catch (Exception e) { throw new CodedException(X_CERT_VALIDATION, "Owner certificate is invalid: %s", e.getMessage()); } X509Certificate issuer = GlobalConf.getCaCert(GlobalConf.getInstanceIdentifier(), ownerCert); new OcspVerifier(GlobalConf.getOcspFreshnessSeconds(false), new OcspVerifierOptions(GlobalConfExtensions.getInstance().shouldVerifyOcspNextUpdate())) .verifyValidityAndStatus(ownerCertOcsp, ownerCert, issuer); }
From source file:com.amazon.speech.speechlet.authentication.SpeechletRequestSignatureVerifier.java
/** * Retrieves the certificate from the specified URL and confirms that the certificate is valid. * * @param signingCertificateChainUrl//from ww w . j a va2 s . c o m * the URL to retrieve the certificate chain from * @return the certificate at the specified URL, if the certificate is valid * @throws CertificateException * if the certificate cannot be retrieve or is invalid */ public static X509Certificate retrieveAndVerifyCertificateChain(final String signingCertificateChainUrl) throws CertificateException { try (InputStream in = getAndVerifySigningCertificateChainUrl(signingCertificateChainUrl).openStream()) { CertificateFactory certificateFactory = CertificateFactory.getInstance(Sdk.SIGNATURE_CERTIFICATE_TYPE); @SuppressWarnings("unchecked") Collection<X509Certificate> certificateChain = (Collection<X509Certificate>) certificateFactory .generateCertificates(in); /* * check the before/after dates on the certificate date to confirm that it is valid on * the current date */ X509Certificate signingCertificate = certificateChain.iterator().next(); signingCertificate.checkValidity(); // check the certificate chain TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init((KeyStore) null); X509TrustManager x509TrustManager = null; for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509TrustManager) { x509TrustManager = (X509TrustManager) trustManager; } } if (x509TrustManager == null) { throw new IllegalStateException( "No X509 TrustManager available. Unable to check certificate chain"); } else { x509TrustManager.checkServerTrusted( certificateChain.toArray(new X509Certificate[certificateChain.size()]), Sdk.SIGNATURE_KEY_TYPE); } /* * verify Echo API's hostname is specified as one of subject alternative names on the * signing certificate */ if (!subjectAlernativeNameListContainsEchoSdkDomainName( signingCertificate.getSubjectAlternativeNames())) { throw new CertificateException("The provided certificate is not valid for the Echo SDK"); } return signingCertificate; } catch (KeyStoreException | IOException | NoSuchAlgorithmException ex) { throw new CertificateException("Unable to verify certificate at URL: " + signingCertificateChainUrl, ex); } }
From source file:com.cedarsoft.crypt.X509Support.java
/** * Reads the x509 certificate from the given url * * @param certificateUrl the certificate url * @return the certificate//from ww w . j av a 2 s. co m * * @throws IOException if any. * @throws GeneralSecurityException * if any. */ @Nonnull public static X509Certificate readCertificate(@Nonnull URL certificateUrl) throws IOException, GeneralSecurityException { //Read the cert DataInputStream in = new DataInputStream(certificateUrl.openStream()); try { CertificateFactory cf = CertificateFactory.getInstance(X_509_CERTIFICATE_TYPE); X509Certificate certificate = (X509Certificate) cf.generateCertificate(in); certificate.checkValidity(); return certificate; } finally { in.close(); } }
From source file:org.roda.common.certification.PDFSignatureUtils.java
public static String runDigitalSignatureVerify(Path input) throws IOException, GeneralSecurityException { Security.addProvider(new BouncyCastleProvider()); PdfReader reader = new PdfReader(input.toString()); AcroFields fields = reader.getAcroFields(); ArrayList<String> names = fields.getSignatureNames(); String result = "Passed"; for (int i = 0; i < names.size(); i++) { String name = names.get(i); try {/*ww w .j ava2s . c o m*/ PdfPKCS7 pk = fields.verifySignature(name); X509Certificate certificate = pk.getSigningCertificate(); certificate.checkValidity(); if (!SignatureUtils.isCertificateSelfSigned(certificate)) { Set<Certificate> trustedRootCerts = new HashSet<Certificate>(); Set<Certificate> intermediateCerts = new HashSet<Certificate>(); for (Certificate c : pk.getSignCertificateChain()) { X509Certificate cert = (X509Certificate) c; cert.checkValidity(); if (SignatureUtils.isCertificateSelfSigned(c)) trustedRootCerts.add(c); else intermediateCerts.add(c); } SignatureUtils.verifyCertificateChain(trustedRootCerts, intermediateCerts, certificate); if (pk.getCRLs() != null) { for (CRL crl : pk.getCRLs()) { if (crl.isRevoked(certificate)) { result = "Signing certificate is included on a Certificate Revocation List"; } } } } } catch (NoSuchFieldError e) { result = "Missing signature timestamp field"; } catch (CertificateExpiredException e) { result = "Contains expired certificates"; } catch (CertificateNotYetValidException e) { result = "Contains certificates not yet valid"; } } reader.close(); return result; }