List of usage examples for java.security.cert X509Certificate checkValidity
public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException;
From source file:org.olat.core.util.httpclient.EasyX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String) *///w w w. ja v a 2s. c o m @Override public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if ((certificates != null) && LOG.isDebugEnabled()) { LOG.debug("Server certificate chain:"); for (int i = 0; i < certificates.length; i++) { LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); } } if (certificates != null) { for (int i = 0; i < certificates.length; i++) { X509Certificate certificate = certificates[i]; try { certificate.checkValidity(); } catch (CertificateException e) { LOG.error(e.toString()); throw e; } } } else { this.standardTrustManager.checkServerTrusted(certificates, authType); } }
From source file:org.jivesoftware.sparkimpl.updater.EasyX509TrustManager.java
public boolean isServerTrusted(X509Certificate[] certificates) { if ((certificates != null) && LOG.isDebugEnabled()) { LOG.debug("Server certificate chain:"); for (int i = 0; i < certificates.length; i++) { LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); }/*ww w.j av a 2 s .co m*/ } if ((certificates != null) && (certificates.length == 1)) { X509Certificate certificate = certificates[0]; try { certificate.checkValidity(); } catch (CertificateException e) { LOG.error(e.toString()); return false; } return true; } else { try { this.standardTrustManager.checkServerTrusted(certificates, null); return true; } catch (CertificateException e) { return false; } } }
From source file:ch.cyberduck.core.DefaultCertificateStore.java
@Override public boolean isTrusted(final String hostname, final List<X509Certificate> certificates) { if (certificates.isEmpty()) { return false; }//ww w. ja v a 2 s .c o m for (X509Certificate c : certificates) { // Checks that the certificate is currently valid. try { c.checkValidity(); } catch (CertificateExpiredException e) { return false; } catch (CertificateNotYetValidException e) { return false; } } try { verifier.verify(hostname, certificates.get(0)); } catch (SSLException e) { return false; } return true; }
From source file:org.jvnet.hudson.update_center.Signing.java
/** * Loads a certificate chain and makes sure it's valid. *//*from www.j a va2s .c o m*/ private List<X509Certificate> getCertificateChain() throws FileNotFoundException, GeneralSecurityException { CertificateFactory cf = CertificateFactory.getInstance("X509"); List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (File f : certificates) { X509Certificate c = (X509Certificate) cf.generateCertificate(new FileInputStream(f)); c.checkValidity(); certs.add(c); } Set<TrustAnchor> rootCAs = CertificateUtil.getDefaultRootCAs(); rootCAs.add(new TrustAnchor( (X509Certificate) cf.generateCertificate(getClass().getResourceAsStream("/hudson-community.cert")), null)); try { CertificateUtil.validatePath(certs, rootCAs); } catch (GeneralSecurityException e) { e.printStackTrace(); } return certs; }
From source file:ch.cyberduck.cli.TerminalCertificateStore.java
@Override public boolean isTrusted(final String hostname, final List<X509Certificate> certificates) { if (certificates.isEmpty()) { return false; }//from w w w . j a v a2 s . co m for (X509Certificate c : certificates) { // Checks that the certificate is currently valid. try { c.checkValidity(); } catch (CertificateExpiredException e) { return prompt.prompt(LocaleFactory.localizedString(StringUtils.replace( "The certificate for this server has expired. You might be connecting to a server that " + "is pretending to be %@? which could put your confidential information at risk. " + "Would you like to connect to the server anyway?", "%@", hostname), "Keychain")); } catch (CertificateNotYetValidException e) { return prompt.prompt(LocaleFactory.localizedString(StringUtils.replace( "The certificate for this server is not yet valid. You might be connecting to a server that " + "is pretending to be %@? which could put your confidential information at risk. Would you like to connect to the server anyway?", "%@", hostname), "Keychain")); } } try { verifier.verify(hostname, certificates.get(0)); } catch (SSLException e) { return prompt.prompt(LocaleFactory.localizedString(StringUtils.replace( "The certificate for this server is invalid. " + "You might be connecting to a server that is pretending to be %@? which could put " + "your confidential information at risk. Would you like to connect to the server anyway?", "%@", hostname), "Keychain")); } return true; }
From source file:com.sk89q.mclauncher.security.X509KeyStore.java
/** * Check if a server certificate chain is trusted. *//*from w w w .jav a 2 s .c om*/ @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { for (X509Certificate cert : chain) { cert.checkValidity(); if (cert.hasUnsupportedCriticalExtension()) { throw new CertificateException("Unsupported critical extension found"); } } try { verify(chain); } catch (CertificateVerificationException e) { throw new CertificateException("Verification error: " + e.getMessage(), e); } catch (CertPathBuilderException e) { throw new CertificateException(e.getMessage(), e); } }
From source file:it.drwolf.ridire.session.ssl.EasyX509TrustManager.java
/** * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(X509Certificate[]) *//*from w ww . j a va 2s.co m*/ public boolean isServerTrusted(X509Certificate[] certificates) { if (certificates != null && LOG.isDebugEnabled()) { LOG.debug("Server certificate chain:"); for (int i = 0; i < certificates.length; i++) { LOG.debug("X509Certificate[" + i + "]=" + certificates[i]); } } if (certificates != null && certificates.length == 1) { X509Certificate certificate = certificates[0]; try { certificate.checkValidity(); } catch (CertificateException e) { LOG.error(e.toString()); return false; } return true; } else { return ((EasyX509TrustManager) this.standardTrustManager).isServerTrusted(certificates); } }
From source file:com.peterphi.std.crypto.keygen.CaHelper.java
/** * @param kp/* ww w.ja v a 2 s .co m*/ * @param issuer * @param subject * * @return */ public static X509Certificate generateCaCertificate(final String friendlyName, final KeyPair kp, final BigInteger serial, final X509Name issuer, final X509Name subject) throws Exception { X509Certificate cert = null; X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.setIssuerDN(issuer); setNotBeforeNotAfter(gen, 20); // The CA certificate is valid for 20 years gen.setSubjectDN(subject); gen.setPublicKey(kp.getPublic()); gen.setSignatureAlgorithm(getSignatureAlgorithm()); if (serial != null) gen.setSerialNumber(serial); else gen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); gen = addCaExtensions(gen, kp.getPublic()); // gen.addExtension(X509Extensions.SubjectKeyIdentifier, false, // new SubjectKeyIdentifierStructure(kp.getPublic())); cert = gen.generate(kp.getPrivate(), "BC"); cert.checkValidity(); cert.verify(kp.getPublic(), "BC"); if (friendlyName != null) { PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) cert; bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(friendlyName)); } return cert; }
From source file:com.cedarsoft.crypt.CertTest.java
@Test public void testCert() throws Exception { DataInputStream inStream = new DataInputStream(getClass().getResource("/test.crt").openStream()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); inStream.close();/*from www . jav a 2 s . c o m*/ assertNotNull(cert); cert.checkValidity(); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, cert); byte[] clear = cipher.doFinal(Base64.decodeBase64(SCRAMBLED.getBytes())); assertEquals(PLAINTEXT, new String(clear)); }
From source file:org.projectforge.business.ldap.MyTrustManager.java
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { if (certificate != null) { try {/* w ww . ja v a 2 s.c o m*/ chain[0].verify(certificate.getPublicKey()); for (final X509Certificate cert : chain) { // Verifing by public key cert.checkValidity(); } } catch (final InvalidKeyException ex) { throw new CertificateException(ex); } catch (final NoSuchAlgorithmException ex) { throw new CertificateException(ex); } catch (final NoSuchProviderException ex) { throw new CertificateException(ex); } catch (final SignatureException ex) { throw new CertificateException(ex); } } else { trustManager.checkServerTrusted(chain, authType); } }