1
0
mirror of https://github.com/moparisthebest/SSLDroid synced 2024-11-23 17:32:15 -05:00

Implement check if the client-side certificate is expired

Signed-off-by: Balint Kovacs <blint@blint.hu>
This commit is contained in:
Balint Kovacs 2011-09-05 15:44:20 +02:00
parent 6010416325
commit d474bb6682

View File

@ -10,6 +10,10 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.Certificate;
import javax.security.cert.CertificateExpiredException;
import javax.security.cert.X509Certificate;
import java.util.Collections; import java.util.Collections;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.LinkedList; import java.util.LinkedList;
@ -297,8 +301,14 @@ public class SSLDroidTunnelDetails extends Activity {
if (myStore.isKeyEntry(strAlias)) { if (myStore.isKeyEntry(strAlias)) {
// try to retrieve the private key part from PKCS12 certificate // try to retrieve the private key part from PKCS12 certificate
myStore.getKey(strAlias, passw.toCharArray()); myStore.getKey(strAlias, passw.toCharArray());
// try to retrieve the certificate part from PKCS12 certificate Certificate mycrt = myStore.getCertificate(strAlias);
myStore.getCertificate(strAlias); X509Certificate mycert = X509Certificate.getInstance(mycrt.getEncoded());
try {
mycert.checkValidity();
} catch (CertificateExpiredException e) {
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), Toast.LENGTH_LONG).show();
return false;
}
} }
} }