From d474bb66828f6495f57e19e296096434f8014f25 Mon Sep 17 00:00:00 2001
From: Balint Kovacs <blint@blint.hu>
Date: Mon, 5 Sep 2011 15:44:20 +0200
Subject: [PATCH] Implement check if the client-side certificate is expired

Signed-off-by: Balint Kovacs <blint@blint.hu>
---
 src/hu/blint/ssldroid/SSLDroidTunnelDetails.java | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/hu/blint/ssldroid/SSLDroidTunnelDetails.java b/src/hu/blint/ssldroid/SSLDroidTunnelDetails.java
index 481a2ea..fd1ced1 100644
--- a/src/hu/blint/ssldroid/SSLDroidTunnelDetails.java
+++ b/src/hu/blint/ssldroid/SSLDroidTunnelDetails.java
@@ -10,6 +10,10 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateException;
+
+import java.security.cert.Certificate;
+import javax.security.cert.CertificateExpiredException;
+import javax.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.LinkedList;
@@ -297,8 +301,14 @@ public class SSLDroidTunnelDetails extends Activity {
                 if (myStore.isKeyEntry(strAlias)) {
                     // try to retrieve the private key part from PKCS12 certificate
                     myStore.getKey(strAlias, passw.toCharArray());
-                    // try to retrieve the certificate part from PKCS12 certificate
-                    myStore.getCertificate(strAlias);
+                    Certificate mycrt = myStore.getCertificate(strAlias);
+                    X509Certificate mycert = X509Certificate.getInstance(mycrt.getEncoded());
+                    try {
+                	mycert.checkValidity();
+                    } catch (CertificateExpiredException e) {
+                        Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), Toast.LENGTH_LONG).show();
+                        return false;                	
+                    }
                 }
             }