From ee95f67b1b918c3791e02e75b8d9bebbb845c299 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 16 Oct 2003 11:12:40 +0000
Subject: Check that certs are valid (i.e. now is within the cert's lifetime)

---
 .../fancydress/type3/mmtp/MMTPTrustManager.java     | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'src')

diff --git a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
index 4748a84..32beb9a 100644
--- a/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
+++ b/src/org/noreply/fancydress/type3/mmtp/MMTPTrustManager.java
@@ -9,6 +9,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchProviderException;
 import java.security.SignatureException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.CertificateExpiredException;
 import java.math.BigInteger;
 import org.bouncycastle.util.encoders.Base64;
 import org.noreply.fancydress.misc.*;
@@ -74,6 +76,25 @@ public class MMTPTrustManager implements X509TrustManager {
 		if (chain.length != 2)
 			throw new CertificateException("Did not get excatly 2 certificates in cert chain.");
 
+		/* Check, if the certs are valid.  Certs are valid if
+		 * ValidAfter already passed and ValidUntil is still in the
+		 * future
+		 */
+		try {
+			chain[0].checkValidity();
+		} catch (CertificateExpiredException e) {
+			throw new CertificateException("Cert 0 not valid.  Caused by CertificateExpiredException.");
+		} catch (CertificateNotYetValidException e) {
+			throw new CertificateException("Cert 0 not valid.  Caused by CertificateNotYetValidException.");
+		}
+		try {
+			chain[1].checkValidity();
+		} catch (CertificateExpiredException e) {
+			throw new CertificateException("Cert 1 not valid.  Caused by CertificateExpiredException.");
+		} catch (CertificateNotYetValidException e) {
+			throw new CertificateException("Cert 1 not valid.  Caused by CertificateNotYetValidException.");
+		}
+
 		/* Verify, that the first cert is signed by the second cert */
 		java.security.interfaces.RSAPublicKey identityCertKey = (java.security.interfaces.RSAPublicKey) chain[1].getPublicKey();
 		try {
-- 
cgit v1.2.3