List of usage examples for java.security.cert X509Certificate getNotBefore
public abstract Date getNotBefore();
From source file:com.thoughtworks.go.security.SelfSignedCertificateX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *//*from w ww.j av a 2s . c om*/ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isDebugEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } try { if ((certificates != null) && (certificates.length == 1) && !truststore.containsAlias(CRUISE_SERVER)) { certificates[0].checkValidity(); updateKeystore(CRUISE_SERVER, certificates[0]); } else { defaultTrustManager.checkServerTrusted(certificates, authType); } } catch (KeyStoreException ke) { throw new RuntimeException("Couldn't access keystore while checking server's certificate", ke); } }
From source file:com.mgmtp.perfload.core.client.web.ssl.LtSSLSocketFactory.java
private void logCertificate(final X509Certificate cert) { log.debug(" Subject DN: {}", cert.getSubjectDN()); log.debug(" Signature algorithm name: {}", cert.getSigAlgName()); log.debug(" Valid from: {}", cert.getNotBefore()); log.debug(" Valid until: {}", cert.getNotAfter()); log.debug(" Issuer DN: {}", cert.getIssuerDN()); }
From source file:org.globus.gsi.stores.ResourceSigningPolicyStoreTest.java
private X509Certificate readCertificate(String certPath) { try {//w w w. ja va 2 s . c o m FileInputStream fr = new FileInputStream(certPath); CertificateFactory cf = CertificateFactory.getInstance("X509"); X509Certificate crt = (X509Certificate) cf.generateCertificate(fr); logger.info("Read certificate:"); logger.info("\tCertificate for: " + crt.getSubjectDN()); logger.info("\tCertificate issued by: " + crt.getIssuerDN()); logger.info("\tCertificate is valid from " + crt.getNotBefore() + " to " + crt.getNotAfter()); logger.info("\tCertificate SN# " + crt.getSerialNumber()); logger.info("\tGenerated with " + crt.getSigAlgName()); return crt; } catch (Exception e) { e.printStackTrace(); } return null; }
From source file:br.gov.serpro.cert.AuthSSLX509TrustManager.java
/** * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType) *//*from w ww.j av a2 s . c om*/ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } // TODO: Implementar uma caixa de dilogo que pergunta para o usurio se ele quer aceitar o certificado do site // Implementado com try/catch usando JOptionPanel try { defaultTrustManager.checkServerTrusted(certificates, authType); } catch (CertificateException e) { //Object[] options = {"Aceitar Certificado", "Aceitar Permanentemente", "Cancelar"}; Object[] options = { "Aceitar Certificado", "Cancelar" }; switch (JOptionPane.showOptionDialog(null, "Falha na validao do seguinte certificado:\n" + certificates[0].getSubjectX500Principal().getName(), "\nO que voc quer fazer?", JOptionPane.YES_NO_CANCEL_OPTION, JOptionPane.WARNING_MESSAGE, null, options, options[0])) { case 2: // Rejeita certificado! throw e; case 1: // Aceita certificado permanentemente // TODO: Adicionar cdigo para inserir o certificado como um certificado confivel break; // Aceita certificado para esta sesso } } }
From source file:net.solarnetwork.node.setup.web.NodeCertificatesController.java
/** * View the main certs page./*from ww w . j av a2 s.c o m*/ * * @param model * the view model * @return */ @RequestMapping public String home(Model model) { X509Certificate nodeCert = pkiService.getNodeCertificate(); final Date now = new Date(); final boolean expired = (nodeCert != null && now.after(nodeCert.getNotAfter())); final boolean valid = (nodeCert != null && (!nodeCert.getIssuerDN().equals(nodeCert.getSubjectDN()) && !now.before(nodeCert.getNotBefore()) && !expired)); model.addAttribute("nodeCert", nodeCert); model.addAttribute("nodeCertExpired", expired); model.addAttribute("nodeCertValid", valid); return "certs/home"; }
From source file:test.unit.be.fedict.eid.tsl.FingerprintTest.java
@Test public void testNewCertipostCAs() throws Exception { X509Certificate caQS_VG = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - VG root signed.cer"); assertNotNull(caQS_VG);// w ww . j a v a 2s . c o m LOG.debug("CA subject: " + caQS_VG.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_VG.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_VG.getNotBefore()); LOG.debug("CA not after: " + caQS_VG.getNotAfter()); X509Certificate caQS_BCT = TrustTestUtils.loadCertificateFromResource( "eu/be/certipost/Certipost Public CA for Qualified Signatures - BCT root signed.cer"); assertNotNull(caQS_BCT); LOG.debug("CA subject: " + caQS_BCT.getSubjectX500Principal()); LOG.debug("CA issuer: " + caQS_BCT.getIssuerX500Principal()); LOG.debug("CA not before: " + caQS_BCT.getNotBefore()); LOG.debug("CA not after: " + caQS_BCT.getNotAfter()); }
From source file:de.betterform.connector.http.ssl.BetterFORMKeyStoreManager.java
private X509KeyManager getCustomX509KeyManager(final URL url, final String password) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException { KeyManagerFactory keyManagerFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); if (url == null) { throw new IllegalArgumentException("BetterFORMKeyStoreManager: Keystore url may not be null"); }// ww w . j a va2 s .com LOGGER.debug("BetterFORMKeyStoreManager: initializing custom key store"); KeyStore customKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream is = null; try { is = url.openStream(); customKeystore.load(is, password != null ? password.toCharArray() : null); } finally { if (is != null) is.close(); } if (LOGGER.isTraceEnabled()) { Enumeration aliases = customKeystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOGGER.trace("Trusted certificate '" + alias + "':"); Certificate trustedcert = customKeystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOGGER.trace(" Subject DN: " + cert.getSubjectDN()); LOGGER.trace(" Signature Algorithm: " + cert.getSigAlgName()); LOGGER.trace(" Valid from: " + cert.getNotBefore()); LOGGER.trace(" Valid until: " + cert.getNotAfter()); LOGGER.trace(" Issuer: " + cert.getIssuerDN()); } } } keyManagerFactory.init(customKeystore, password.toCharArray()); KeyManager[] customX509KeyManagers = keyManagerFactory.getKeyManagers(); if (customX509KeyManagers != null && customX509KeyManagers.length > 0) { for (int i = 0; i < customX509KeyManagers.length; i++) { if (customX509KeyManagers[i] instanceof X509KeyManager) { return (X509KeyManager) customX509KeyManagers[i]; } } } return null; }
From source file:com.cordys.coe.util.cgc.ssl.AuthSSLX509TrustManager.java
/** * This method checks if the certificate can be trusted. If you do not want to accept the * certificate you need to throw an exception. * * @param certificates The certificates to check. * @param sAuthType The authentication type. * * @throws CertificateException In case the certificate should not be accepted. *//*from w w w .j av a2s . com*/ public void checkClientTrusted(X509Certificate[] certificates, String sAuthType) throws CertificateException { if (m_xtmDefault != null) { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; if (LOG.isInfoEnabled()) { LOG.info(" Client certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } try { cert.checkValidity(); } catch (CertificateExpiredException e) { LOG.fatal("Client certificate " + cert.getSubjectDN() + " is expired."); } catch (CertificateNotYetValidException e) { LOG.fatal("Client certificate " + cert.getSubjectDN() + " is not yet valid."); } } } // Call the super to do the actual checking. m_xtmDefault.checkClientTrusted(certificates, sAuthType); } }
From source file:com.cordys.coe.util.cgc.ssl.AuthSSLX509TrustManager.java
/** * This method checks if the server certificate is trusted. * * @param certificates The list of certificates. * @param sAuthType The authentication type. * * @throws CertificateException DOCUMENTME *///from ww w . j ava2 s . co m public void checkServerTrusted(X509Certificate[] certificates, String sAuthType) throws CertificateException { if (m_xtmDefault != null) { if (certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; if (LOG.isInfoEnabled()) { LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore()); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } try { cert.checkValidity(); } catch (CertificateExpiredException e) { LOG.fatal("Server certificate " + cert.getSubjectDN() + " is expired."); } catch (CertificateNotYetValidException e) { LOG.fatal("Server certificate " + cert.getSubjectDN() + " is not yet valid."); } } } // Call the super to do the actual checking. m_xtmDefault.checkServerTrusted(certificates, sAuthType); } }
From source file:org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil.java
/** * @param cert/*from w w w.j a v a2 s . c o m*/ * @param formatter * @return * @throws CertificateEncodingException */ private static CertData fillCertData(X509Certificate cert, Format formatter) throws CertificateEncodingException { CertData certData = new CertData(); certData.setSubjectDN(cert.getSubjectDN().getName()); certData.setIssuerDN(cert.getIssuerDN().getName()); certData.setSerialNumber(cert.getSerialNumber()); certData.setVersion(cert.getVersion()); certData.setNotAfter(formatter.format(cert.getNotAfter())); certData.setNotBefore(formatter.format(cert.getNotBefore())); certData.setPublicKey(Base64.encode(cert.getPublicKey().getEncoded())); return certData; }