Example usage for java.security.cert X509Certificate getNotAfter

List of usage examples for java.security.cert X509Certificate getNotAfter

Introduction

In this page you can find the example usage for java.security.cert X509Certificate getNotAfter.

Prototype

public abstract Date getNotAfter();

Source Link

Document

Gets the notAfter date from the validity period of the certificate.

Usage

From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java

private void logCertificate(final X509Certificate cert) {
    log.debug("  Subject DN: {}", cert.getSubjectDN());
    log.debug("  Signature algorithm name: {}", cert.getSigAlgName());
    log.debug("  Valid from: {}", cert.getNotBefore());
    log.debug("  Valid until: {}", cert.getNotAfter());
    log.debug("  Issuer DN: {}", cert.getIssuerDN());
}

From source file:com.thoughtworks.go.security.SelfSignedCertificateX509TrustManager.java

/**
 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
 *///from  w  w w  . j  a v  a  2  s .c o  m
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
    if (LOG.isDebugEnabled() && certificates != null) {
        for (int c = 0; c < certificates.length; c++) {
            X509Certificate cert = certificates[c];
            LOG.info(" Server certificate " + (c + 1) + ":");
            LOG.info("  Subject DN: " + cert.getSubjectDN());
            LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
            LOG.info("  Valid from: " + cert.getNotBefore());
            LOG.info("  Valid until: " + cert.getNotAfter());
            LOG.info("  Issuer: " + cert.getIssuerDN());
        }
    }

    try {
        if ((certificates != null) && (certificates.length == 1) && !truststore.containsAlias(CRUISE_SERVER)) {
            certificates[0].checkValidity();
            updateKeystore(CRUISE_SERVER, certificates[0]);
        } else {
            defaultTrustManager.checkServerTrusted(certificates, authType);
        }
    } catch (KeyStoreException ke) {
        throw new RuntimeException("Couldn't access keystore while checking server's certificate", ke);
    }
}

From source file:br.gov.serpro.cert.AuthSSLX509TrustManager.java

/**
 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
 *///from ww  w  .  ja v a 2s.c  om
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
    if (LOG.isInfoEnabled() && certificates != null) {
        for (int c = 0; c < certificates.length; c++) {
            X509Certificate cert = certificates[c];
            LOG.info(" Server certificate " + (c + 1) + ":");
            LOG.info("  Subject DN: " + cert.getSubjectDN());
            LOG.info("  Signature Algorithm: " + cert.getSigAlgName());
            LOG.info("  Valid from: " + cert.getNotBefore());
            LOG.info("  Valid until: " + cert.getNotAfter());
            LOG.info("  Issuer: " + cert.getIssuerDN());
        }
    }
    // TODO: Implementar uma caixa de dilogo que pergunta para o usurio se ele quer aceitar o certificado do site
    // Implementado com try/catch usando JOptionPanel

    try {
        defaultTrustManager.checkServerTrusted(certificates, authType);
    } catch (CertificateException e) {
        //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"};
        Object[] options = { "Aceitar Certificado", "Cancelar" };
        switch (JOptionPane.showOptionDialog(null,
                "Falha na validao do seguinte certificado:\n"
                        + certificates[0].getSubjectX500Principal().getName(),
                "\nO que voc quer fazer?", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null,
                options, options[0])) {
        case 2:
            // Rejeita certificado!
            throw e;
        case 1:
            // Aceita certificado permanentemente
            // TODO: Adicionar cdigo para inserir o certificado como um certificado confivel
            break;
        // Aceita certificado para esta sesso

        }
    }
}

From source file:org.nuxeo.ecm.platform.signature.core.user.CUserServiceImpl.java

private String getUserCertInfo(KeyStore keystore, DocumentModel user) throws CertException, ClientException {
    String userCertInfo = null;/*www .j  a  v  a2s  . com*/
    if (null != keystore) {
        String userID = (String) user.getPropertyValue("user:username");
        AliasWrapper alias = new AliasWrapper(userID);
        X509Certificate certificate = getCertService().getCertificate(keystore, alias.getId(AliasType.CERT));
        userCertInfo = certificate.getSubjectDN() + " valid till: " + certificate.getNotAfter();
    }
    return userCertInfo;
}

From source file:test.unit.be.fedict.eid.tsl.FingerprintTest.java

@Test
public void testNewCertipostCAs() throws Exception {
    X509Certificate caQS_VG = TrustTestUtils.loadCertificateFromResource(
            "eu/be/certipost/Certipost Public CA for Qualified Signatures - VG root signed.cer");
    assertNotNull(caQS_VG);/*from  w w w . j ava 2s . c o  m*/
    LOG.debug("CA subject: " + caQS_VG.getSubjectX500Principal());
    LOG.debug("CA issuer: " + caQS_VG.getIssuerX500Principal());
    LOG.debug("CA not before: " + caQS_VG.getNotBefore());
    LOG.debug("CA not after: " + caQS_VG.getNotAfter());

    X509Certificate caQS_BCT = TrustTestUtils.loadCertificateFromResource(
            "eu/be/certipost/Certipost Public CA for Qualified Signatures - BCT root signed.cer");
    assertNotNull(caQS_BCT);
    LOG.debug("CA subject: " + caQS_BCT.getSubjectX500Principal());
    LOG.debug("CA issuer: " + caQS_BCT.getIssuerX500Principal());
    LOG.debug("CA not before: " + caQS_BCT.getNotBefore());
    LOG.debug("CA not after: " + caQS_BCT.getNotAfter());

}

From source file:org.ejbca.core.protocol.ocsp.OCSPUtil.java

/**
 * Checks if a certificate is valid//from  w w w.  j  av a 2  s .  co m
 * Does also print a WARN if the certificate is about to expire.
 * @param signerCert the certificate to be tested
 * @return true if the certificate is valid
 */
public static boolean isCertificateValid(X509Certificate signerCert) {
    try {
        signerCert.checkValidity();
    } catch (CertificateExpiredException e) {
        m_log.error(intres.getLocalizedMessage("ocsp.errorcerthasexpired", signerCert.getSerialNumber(),
                signerCert.getIssuerDN()));
        return false;
    } catch (CertificateNotYetValidException e) {
        m_log.error(intres.getLocalizedMessage("ocsp.errornotyetvalid", signerCert.getSerialNumber(),
                signerCert.getIssuerDN()));
        return false;
    }
    final long warnBeforeExpirationTime = OcspConfiguration.getWarningBeforeExpirationTime();
    if (warnBeforeExpirationTime < 1) {
        return true;
    }
    final Date warnDate = new Date(new Date().getTime() + warnBeforeExpirationTime);
    try {
        signerCert.checkValidity(warnDate);
    } catch (CertificateExpiredException e) {
        m_log.warn(intres.getLocalizedMessage("ocsp.warncertwillexpire", signerCert.getSerialNumber(),
                signerCert.getIssuerDN(), signerCert.getNotAfter()));
    } catch (CertificateNotYetValidException e) {
        throw new Error("This should never happen.", e);
    }
    if (!m_log.isDebugEnabled()) {
        return true;
    }
    m_log.debug("Time for \"certificate will soon expire\" not yet reached. You will be warned after: "
            + new Date(signerCert.getNotAfter().getTime() - warnBeforeExpirationTime));
    return true;
}

From source file:org.eclipse.gyrex.http.jetty.internal.admin.CertificateDefinition.java

@Override
public String getInfo() {
    try {/* www  .  j a v  a2s  .co m*/
        final StrBuilder certInfo = new StrBuilder();
        final KeyStore ks = getKeyStore();
        final Enumeration aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            final String alias = (String) aliases.nextElement();
            if (!certInfo.isEmpty()) {
                certInfo.append(", ");
            }
            //            certInfo.append(alias).append(": ");
            if (ks.isKeyEntry(alias)) {
                Certificate[] chain = ks.getCertificateChain(alias);
                if (null == chain) {
                    final Certificate certificate = ks.getCertificate(alias);
                    chain = new Certificate[] { certificate };
                }
                for (int i = 0; i < chain.length; i++) {
                    if (i > 0) {
                        certInfo.append(" ");
                    }
                    final Certificate certificate = chain[i];
                    if (certificate instanceof X509Certificate) {
                        final X509Certificate x509 = (X509Certificate) certificate;
                        final X500PrincipalHelper helper = new X500PrincipalHelper(
                                x509.getSubjectX500Principal());
                        certInfo.append(helper.getCN());
                        certInfo.append(", valid till ").append(TO_STRING_FORMAT.format(x509.getNotAfter()));
                    } else {
                        certInfo.append("INVALID");
                    }
                }
            } else {
                certInfo.append("IGNORED");
            }
        }
        return StringUtils.trim(certInfo.toString());
    } catch (final Exception e) {
        return ExceptionUtils.getRootCauseMessage(e);
    }
}

From source file:org.dataone.proto.trove.mn.http.client.DataHttpClientHandler.java

/**
 * Show details of an X509 certificate, printing the information to STDOUT.
 *
 * @param cert the certificate to be displayed
 */// ww w . ja v a 2s  . c o m
public void displayCertificate(X509Certificate cert) {
    if (cert == null) {
        return;
    }
    logger.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
    Principal issuerDN = cert.getIssuerDN();
    logger.debug(" Issuer: " + issuerDN.toString());
    Date notBefore = cert.getNotBefore();
    DateFormat fmt = SimpleDateFormat.getDateTimeInstance();
    logger.debug("   From: " + fmt.format(notBefore));
    Date notAfter = cert.getNotAfter();
    logger.debug("     To: " + fmt.format(notAfter));
    Principal subjectDN = cert.getSubjectDN();
    logger.debug("Subject: " + subjectDN.toString());
    logger.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
}

From source file:org.apache.nifi.toolkit.tls.util.TlsHelperTest.java

@Test
public void testGenerateSelfSignedCert()
        throws GeneralSecurityException, IOException, OperatorCreationException {
    String dn = "CN=testDN,O=testOrg";

    X509Certificate x509Certificate = CertificateUtils.generateSelfSignedX509Certificate(
            TlsHelper.generateKeyPair(keyPairAlgorithm, keySize), dn, signingAlgorithm, days);

    Date notAfter = x509Certificate.getNotAfter();
    assertTrue(notAfter.after(inFuture(days - 1)));
    assertTrue(notAfter.before(inFuture(days + 1)));

    Date notBefore = x509Certificate.getNotBefore();
    assertTrue(notBefore.after(inFuture(-1)));
    assertTrue(notBefore.before(inFuture(1)));

    assertEquals(dn, x509Certificate.getIssuerX500Principal().getName());
    assertEquals(signingAlgorithm, x509Certificate.getSigAlgName());
    assertEquals(keyPairAlgorithm, x509Certificate.getPublicKey().getAlgorithm());

    x509Certificate.checkValidity();
}

From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java

private X509KeyManager getCustomX509KeyManager(final URL url, final String password)
        throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException,
        UnrecoverableKeyException {
    KeyManagerFactory keyManagerFactory = KeyManagerFactory
            .getInstance(KeyManagerFactory.getDefaultAlgorithm());
    if (url == null) {
        throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null");
    }/*  w  w  w  .ja va  2s .  c  om*/

    LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store");
    KeyStore customKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream is = null;
    try {
        is = url.openStream();
        customKeystore.load(is, password != null ? password.toCharArray() : null);
    } finally {
        if (is != null)
            is.close();
    }

    if (LOGGER.isTraceEnabled()) {
        Enumeration aliases = customKeystore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();
            LOGGER.trace("Trusted certificate '" + alias + "':");
            Certificate trustedcert = customKeystore.getCertificate(alias);
            if (trustedcert != null && trustedcert instanceof X509Certificate) {
                X509Certificate cert = (X509Certificate) trustedcert;
                LOGGER.trace("  Subject DN: " + cert.getSubjectDN());
                LOGGER.trace("  Signature Algorithm: " + cert.getSigAlgName());
                LOGGER.trace("  Valid from: " + cert.getNotBefore());
                LOGGER.trace("  Valid until: " + cert.getNotAfter());
                LOGGER.trace("  Issuer: " + cert.getIssuerDN());
            }
        }
    }
    keyManagerFactory.init(customKeystore, password.toCharArray());

    KeyManager[] customX509KeyManagers = keyManagerFactory.getKeyManagers();
    if (customX509KeyManagers != null && customX509KeyManagers.length > 0) {
        for (int i = 0; i < customX509KeyManagers.length; i++) {
            if (customX509KeyManagers[i] instanceof X509KeyManager) {
                return (X509KeyManager) customX509KeyManagers[i];
            }
        }
    }

    return null;
}