List of usage examples for java.security.cert X509Certificate getNotAfter
public abstract Date getNotAfter();
From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java
private void logCertificate(final X509Certificate cert) { log.debug(" Subject DN: {}", cert.getSubjectDN()); log.debug(" Signature algorithm name: {}", cert.getSigAlgName()); log.debug(" Valid from: {}", cert.getNotBefore()); log.debug(" Valid until: {}", cert.getNotAfter()); log.debug(" Issuer DN: {}", cert.getIssuerDN()); }
From source file:com.thoughtworks.go.security.SelfSignedCertificateX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *///from w w w . j a v a 2 s .c o m public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isDebugEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } try { if ((certificates != null) && (certificates.length == 1) && !truststore.containsAlias(CRUISE_SERVER)) { certificates[0].checkValidity(); updateKeystore(CRUISE_SERVER, certificates[0]); } else { defaultTrustManager.checkServerTrusted(certificates, authType); } } catch (KeyStoreException ke) { throw new RuntimeException("Couldn't access keystore while checking server's certificate", ke); } }
From source file:br.gov.serpro.cert.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *///from ww w . ja v a 2s.c om public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } // TODO: Implementar uma caixa de dilogo que pergunta para o usurio se ele quer aceitar o certificado do site // Implementado com try/catch usando JOptionPanel try { defaultTrustManager.checkServerTrusted(certificates, authType); } catch (CertificateException e) { //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"}; Object[] options = { "Aceitar Certificado", "Cancelar" }; switch (JOptionPane.showOptionDialog(null, "Falha na validao do seguinte certificado:\n" + certificates[0].getSubjectX500Principal().getName(), "\nO que voc quer fazer?", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null, options, options[0])) { case 2: // Rejeita certificado! throw e; case 1: // Aceita certificado permanentemente // TODO: Adicionar cdigo para inserir o certificado como um certificado confivel break; // Aceita certificado para esta sesso } } }
From source file:org.nuxeo.ecm.platform.signature.core.user.CUserServiceImpl.java
private String getUserCertInfo(KeyStore keystore, DocumentModel user) throws CertException, ClientException { String userCertInfo = null;/*www .j a v a2s . com*/ if (null != keystore) { String userID = (String) user.getPropertyValue("user:username"); AliasWrapper alias = new AliasWrapper(userID); X509Certificate certificate = getCertService().getCertificate(keystore, alias.getId(AliasType.CERT)); userCertInfo = certificate.getSubjectDN() + " valid till: " + certificate.getNotAfter(); } return userCertInfo; }
From source file:test.unit.be.fedict.eid.tsl.FingerprintTest.java
@Test public void testNewCertipostCAs() throws Exception { X509Certificate caQS_VG = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - VG root signed.cer"); assertNotNull(caQS_VG);/*from w w w . j ava 2s . c o m*/ LOG.debug("CA subject: " + caQS_VG.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_VG.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_VG.getNotBefore()); LOG.debug("CA not after: " + caQS_VG.getNotAfter()); X509Certificate caQS_BCT = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - BCT root signed.cer"); assertNotNull(caQS_BCT); LOG.debug("CA subject: " + caQS_BCT.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_BCT.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_BCT.getNotBefore()); LOG.debug("CA not after: " + caQS_BCT.getNotAfter()); }
From source file:org.ejbca.core.protocol.ocsp.OCSPUtil.java
/** * Checks if a certificate is valid//from w w w. j av a 2 s . co m * Does also print a WARN if the certificate is about to expire. * @param signerCert the certificate to be tested * @return true if the certificate is valid */ public static boolean isCertificateValid(X509Certificate signerCert) { try { signerCert.checkValidity(); } catch (CertificateExpiredException e) { m_log.error(intres.getLocalizedMessage("ocsp.errorcerthasexpired", signerCert.getSerialNumber(), signerCert.getIssuerDN())); return false; } catch (CertificateNotYetValidException e) { m_log.error(intres.getLocalizedMessage("ocsp.errornotyetvalid", signerCert.getSerialNumber(), signerCert.getIssuerDN())); return false; } final long warnBeforeExpirationTime = OcspConfiguration.getWarningBeforeExpirationTime(); if (warnBeforeExpirationTime < 1) { return true; } final Date warnDate = new Date(new Date().getTime() + warnBeforeExpirationTime); try { signerCert.checkValidity(warnDate); } catch (CertificateExpiredException e) { m_log.warn(intres.getLocalizedMessage("ocsp.warncertwillexpire", signerCert.getSerialNumber(), signerCert.getIssuerDN(), signerCert.getNotAfter())); } catch (CertificateNotYetValidException e) { throw new Error("This should never happen.", e); } if (!m_log.isDebugEnabled()) { return true; } m_log.debug("Time for \"certificate will soon expire\" not yet reached. You will be warned after: " + new Date(signerCert.getNotAfter().getTime() - warnBeforeExpirationTime)); return true; }
From source file:org.eclipse.gyrex.http.jetty.internal.admin.CertificateDefinition.java
@Override public String getInfo() { try {/* www . j a v a2s .co m*/ final StrBuilder certInfo = new StrBuilder(); final KeyStore ks = getKeyStore(); final Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { final String alias = (String) aliases.nextElement(); if (!certInfo.isEmpty()) { certInfo.append(", "); } // certInfo.append(alias).append(": "); if (ks.isKeyEntry(alias)) { Certificate[] chain = ks.getCertificateChain(alias); if (null == chain) { final Certificate certificate = ks.getCertificate(alias); chain = new Certificate[] { certificate }; } for (int i = 0; i < chain.length; i++) { if (i > 0) { certInfo.append(" "); } final Certificate certificate = chain[i]; if (certificate instanceof X509Certificate) { final X509Certificate x509 = (X509Certificate) certificate; final X500PrincipalHelper helper = new X500PrincipalHelper( x509.getSubjectX500Principal()); certInfo.append(helper.getCN()); certInfo.append(", valid till ").append(TO_STRING_FORMAT.format(x509.getNotAfter())); } else { certInfo.append("INVALID"); } } } else { certInfo.append("IGNORED"); } } return StringUtils.trim(certInfo.toString()); } catch (final Exception e) { return ExceptionUtils.getRootCauseMessage(e); } }
From source file:org.dataone.proto.trove.mn.http.client.DataHttpClientHandler.java
/** * Show details of an X509 certificate, printing the information to STDOUT. * * @param cert the certificate to be displayed */// ww w . ja v a 2s . c o m public void displayCertificate(X509Certificate cert) { if (cert == null) { return; } logger.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); Principal issuerDN = cert.getIssuerDN(); logger.debug(" Issuer: " + issuerDN.toString()); Date notBefore = cert.getNotBefore(); DateFormat fmt = SimpleDateFormat.getDateTimeInstance(); logger.debug(" From: " + fmt.format(notBefore)); Date notAfter = cert.getNotAfter(); logger.debug(" To: " + fmt.format(notAfter)); Principal subjectDN = cert.getSubjectDN(); logger.debug("Subject: " + subjectDN.toString()); logger.debug("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"); }
From source file:org.apache.nifi.toolkit.tls.util.TlsHelperTest.java
@Test public void testGenerateSelfSignedCert() throws GeneralSecurityException, IOException, OperatorCreationException { String dn = "CN=testDN,O=testOrg"; X509Certificate x509Certificate = CertificateUtils.generateSelfSignedX509Certificate( TlsHelper.generateKeyPair(keyPairAlgorithm, keySize), dn, signingAlgorithm, days); Date notAfter = x509Certificate.getNotAfter(); assertTrue(notAfter.after(inFuture(days - 1))); assertTrue(notAfter.before(inFuture(days + 1))); Date notBefore = x509Certificate.getNotBefore(); assertTrue(notBefore.after(inFuture(-1))); assertTrue(notBefore.before(inFuture(1))); assertEquals(dn, x509Certificate.getIssuerX500Principal().getName()); assertEquals(signingAlgorithm, x509Certificate.getSigAlgName()); assertEquals(keyPairAlgorithm, x509Certificate.getPublicKey().getAlgorithm()); x509Certificate.checkValidity(); }
From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java
private X509KeyManager getCustomX509KeyManager(final URL url, final String password) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (url == null) { throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null"); }/* w w w .ja va 2s . c om*/ LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store"); KeyStore customKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream is = null; try { is = url.openStream(); customKeystore.load(is, password != null ? password.toCharArray() : null); } finally { if (is != null) is.close(); } if (LOGGER.isTraceEnabled()) { Enumeration aliases = customKeystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOGGER.trace("Trusted certificate '" + alias + "':"); Certificate trustedcert = customKeystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOGGER.trace(" Subject DN: " + cert.getSubjectDN()); LOGGER.trace(" Signature Algorithm: " + cert.getSigAlgName()); LOGGER.trace(" Valid from: " + cert.getNotBefore()); LOGGER.trace(" Valid until: " + cert.getNotAfter()); LOGGER.trace(" Issuer: " + cert.getIssuerDN()); } } } keyManagerFactory.init(customKeystore, password.toCharArray()); KeyManager[] customX509KeyManagers = keyManagerFactory.getKeyManagers(); if (customX509KeyManagers != null && customX509KeyManagers.length > 0) { for (int i = 0; i < customX509KeyManagers.length; i++) { if (customX509KeyManagers[i] instanceof X509KeyManager) { return (X509KeyManager) customX509KeyManagers[i]; } } } return null; }