diff options
| author | Peter Palfrader <peter@palfrader.org> | 2003-10-16 11:12:40 +0000 |
|---|---|---|
| committer | Peter Palfrader <peter@palfrader.org> | 2003-10-16 11:12:40 +0000 |
| commit | ee95f67b1b918c3791e02e75b8d9bebbb845c299 (patch) | |
| tree | b17c8a65926eec2fd311c25f62003745be6ec7c4 /src | |
| parent | 8058582ad39c597e89f0c3b41afd098f29b2316a (diff) | |
Check that certs are valid (i.e. now is within the cert's lifetime)
Diffstat (limited to 'src')
| -rw-r--r-- | src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java index 4748a84..32beb9a 100644 --- a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -9,6 +9,8 @@ import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import java.security.NoSuchProviderException; import java.security.SignatureException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateExpiredException; import java.math.BigInteger; import org.bouncycastle.util.encoders.Base64; import org.noreply.fancydress.misc.*; @@ -74,6 +76,25 @@ public class MMTPTrustManager implements X509TrustManager { if (chain.length != 2) throw new CertificateException("Did not get excatly 2 certificates in cert chain."); + /* Check, if the certs are valid. Certs are valid if + * ValidAfter already passed and ValidUntil is still in the + * future + */ + try { + chain[0].checkValidity(); + } catch (CertificateExpiredException e) { + throw new CertificateException("Cert 0 not valid. Caused by CertificateExpiredException."); + } catch (CertificateNotYetValidException e) { + throw new CertificateException("Cert 0 not valid. Caused by CertificateNotYetValidException."); + } + try { + chain[1].checkValidity(); + } catch (CertificateExpiredException e) { + throw new CertificateException("Cert 1 not valid. Caused by CertificateExpiredException."); + } catch (CertificateNotYetValidException e) { + throw new CertificateException("Cert 1 not valid. Caused by CertificateNotYetValidException."); + } + /* Verify, that the first cert is signed by the second cert */ java.security.interfaces.RSAPublicKey identityCertKey = (java.security.interfaces.RSAPublicKey) chain[1].getPublicKey(); try { |