mirror of
https://github.com/moparisthebest/SSLDroid
synced 2024-11-23 17:32:15 -05:00
Implement check if the client-side certificate is expired
Signed-off-by: Balint Kovacs <blint@blint.hu>
This commit is contained in:
parent
6010416325
commit
d474bb6682
@ -10,6 +10,10 @@ import java.security.KeyStoreException;
|
|||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
|
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import javax.security.cert.CertificateExpiredException;
|
||||||
|
import javax.security.cert.X509Certificate;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Enumeration;
|
import java.util.Enumeration;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
@ -297,8 +301,14 @@ public class SSLDroidTunnelDetails extends Activity {
|
|||||||
if (myStore.isKeyEntry(strAlias)) {
|
if (myStore.isKeyEntry(strAlias)) {
|
||||||
// try to retrieve the private key part from PKCS12 certificate
|
// try to retrieve the private key part from PKCS12 certificate
|
||||||
myStore.getKey(strAlias, passw.toCharArray());
|
myStore.getKey(strAlias, passw.toCharArray());
|
||||||
// try to retrieve the certificate part from PKCS12 certificate
|
Certificate mycrt = myStore.getCertificate(strAlias);
|
||||||
myStore.getCertificate(strAlias);
|
X509Certificate mycert = X509Certificate.getInstance(mycrt.getEncoded());
|
||||||
|
try {
|
||||||
|
mycert.checkValidity();
|
||||||
|
} catch (CertificateExpiredException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), Toast.LENGTH_LONG).show();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user