1 files changed, 21 insertions, 0 deletions

diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
index 4748a84..32beb9a 100644
--- a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
@@ -9,6 +9,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchProviderException;
 import java.security.SignatureException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateExpiredException;
 import java.math.BigInteger;
 import org.bouncycastle.util.encoders.Base64;
 import org.noreply.fancydress.misc.*;
@@ -74,6 +76,25 @@ public class MMTPTrustManager implements X509TrustManager {
 		if (chain.length != 2)
 			throw new CertificateException("Did not get excatly 2 certificates in cert chain.");
 
+		/* Check, if the certs are valid.  Certs are valid if
+		 * ValidAfter already passed and ValidUntil is still in the
+		 * future
+		 */
+		try {
+			chain[0].checkValidity();
+		} catch (CertificateExpiredException e) {
+			throw new CertificateException("Cert 0 not valid.  Caused by CertificateExpiredException.");
+		} catch (CertificateNotYetValidException e) {
+			throw new CertificateException("Cert 0 not valid.  Caused by CertificateNotYetValidException.");
+		}
+		try {
+			chain[1].checkValidity();
+		} catch (CertificateExpiredException e) {
+			throw new CertificateException("Cert 1 not valid.  Caused by CertificateExpiredException.");
+		} catch (CertificateNotYetValidException e) {
+			throw new CertificateException("Cert 1 not valid.  Caused by CertificateNotYetValidException.");
+		}
+
 		/* Verify, that the first cert is signed by the second cert */
 		java.security.interfaces.RSAPublicKey identityCertKey = (java.security.interfaces.RSAPublicKey) chain[1].getPublicKey();
 		try {