diff options
Diffstat (limited to 'src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java')
-rw-r--r-- | src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java index 4748a84..32beb9a 100644 --- a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java +++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java @@ -9,6 +9,8 @@ import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import java.security.NoSuchProviderException; import java.security.SignatureException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.CertificateExpiredException; import java.math.BigInteger; import org.bouncycastle.util.encoders.Base64; import org.noreply.fancydress.misc.*; @@ -74,6 +76,25 @@ public class MMTPTrustManager implements X509TrustManager { if (chain.length != 2) throw new CertificateException("Did not get excatly 2 certificates in cert chain."); + /* Check, if the certs are valid. Certs are valid if + * ValidAfter already passed and ValidUntil is still in the + * future + */ + try { + chain[0].checkValidity(); + } catch (CertificateExpiredException e) { + throw new CertificateException("Cert 0 not valid. Caused by CertificateExpiredException."); + } catch (CertificateNotYetValidException e) { + throw new CertificateException("Cert 0 not valid. Caused by CertificateNotYetValidException."); + } + try { + chain[1].checkValidity(); + } catch (CertificateExpiredException e) { + throw new CertificateException("Cert 1 not valid. Caused by CertificateExpiredException."); + } catch (CertificateNotYetValidException e) { + throw new CertificateException("Cert 1 not valid. Caused by CertificateNotYetValidException."); + } + /* Verify, that the first cert is signed by the second cert */ java.security.interfaces.RSAPublicKey identityCertKey = (java.security.interfaces.RSAPublicKey) chain[1].getPublicKey(); try { |