public int compare(Object o1, Object o2) {
   X509Certificate c1 = (X509Certificate) o1;
   X509Certificate c2 = (X509Certificate) o2;
   if (c1 == c2) // this deals with case where both are null
   {
     return 0;
   }
   if (c1 == null) // non-null is always bigger than null
   {
     return -1;
   }
   if (c2 == null) {
     return 1;
   }
   if (c1.equals(c2)) {
     return 0;
   }
   Date d1 = c1.getNotAfter();
   Date d2 = c2.getNotAfter();
   int c = d1.compareTo(d2);
   if (c == 0) {
     String s1 = JavaImpl.getSubjectX500(c1);
     String s2 = JavaImpl.getSubjectX500(c2);
     c = s1.compareTo(s2);
     if (c == 0) {
       s1 = JavaImpl.getIssuerX500(c1);
       s2 = JavaImpl.getIssuerX500(c2);
       c = s1.compareTo(s2);
       if (c == 0) {
         BigInteger big1 = c1.getSerialNumber();
         BigInteger big2 = c2.getSerialNumber();
         c = big1.compareTo(big2);
         if (c == 0) {
           try {
             byte[] b1 = c1.getEncoded();
             byte[] b2 = c2.getEncoded();
             int len1 = b1.length;
             int len2 = b2.length;
             int i = 0;
             for (; i < len1 && i < len2; i++) {
               c = ((int) b1[i]) - ((int) b2[i]);
               if (c != 0) {
                 break;
               }
             }
             if (c == 0) {
               c = b1.length - b2.length;
             }
           } catch (CertificateEncodingException cee) {
             // I give up.  They can be equal if they
             // really want to be this badly.
             c = 0;
           }
         }
       }
     }
   }
   return c;
 }
  @Override
  protected HttpURLConnection openConnection(String path, String query) throws IOException {
    query = addDelegationTokenParam(query);
    final URL url = new URL("https", nnAddr.getHostName(), nnAddr.getPort(), path + '?' + query);
    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
    // bypass hostname verification
    try {
      conn.setHostnameVerifier(new DummyHostnameVerifier());
      conn.setRequestMethod("GET");
      conn.connect();
    } catch (IOException ioe) {
      throwIOExceptionFromConnection(conn, ioe);
    }

    // check cert expiration date
    final int warnDays = ExpWarnDays;
    if (warnDays > 0) { // make sure only check once
      ExpWarnDays = 0;
      long expTimeThreshold = warnDays * MM_SECONDS_PER_DAY + System.currentTimeMillis();
      X509Certificate[] clientCerts = (X509Certificate[]) conn.getLocalCertificates();
      if (clientCerts != null) {
        for (X509Certificate cert : clientCerts) {
          long expTime = cert.getNotAfter().getTime();
          if (expTime < expTimeThreshold) {
            StringBuilder sb = new StringBuilder();
            sb.append("\n Client certificate " + cert.getSubjectX500Principal().getName());
            int dayOffSet = (int) ((expTime - System.currentTimeMillis()) / MM_SECONDS_PER_DAY);
            sb.append(" have " + dayOffSet + " days to expire");
            LOG.warn(sb.toString());
          }
        }
      }
    }
    return (HttpURLConnection) conn;
  }
 /** Add a new user and an expire service. Test that the service expires the users password */
 @Test
 public void testExpireCertificateWithCertificateProfiles() throws Exception {
   final String certificateprofilename = "testExpireCertificateWithCertificateProfiles";
   int certificateProfileId =
       certificateProfileSession.addCertificateProfile(
           admin, certificateprofilename, new CertificateProfile());
   try {
     createCertificate(certificateProfileId);
     long seconds = (cert.getNotAfter().getTime() - new Date().getTime()) / 1000l;
     // Create a new UserPasswordExpireService
     ServiceConfiguration config = new ServiceConfiguration();
     config.setActive(true);
     config.setDescription("This is a description");
     // No mailsending for this Junit test service
     config.setActionClassPath(NoAction.class.getName());
     config.setActionProperties(null);
     config.setIntervalClassPath(PeriodicalInterval.class.getName());
     Properties intervalprop = new Properties();
     // Run the service every 3:rd second
     intervalprop.setProperty(PeriodicalInterval.PROP_VALUE, "3");
     intervalprop.setProperty(PeriodicalInterval.PROP_UNIT, PeriodicalInterval.UNIT_SECONDS);
     config.setIntervalProperties(intervalprop);
     config.setWorkerClassPath(CertificateExpirationNotifierWorker.class.getName());
     Properties workerprop = new Properties();
     workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOADMINS, "FALSE");
     workerprop.setProperty(EmailSendingWorkerConstants.PROP_SENDTOENDUSERS, "FALSE");
     workerprop.setProperty(BaseWorker.PROP_CAIDSTOCHECK, String.valueOf(caid));
     workerprop.setProperty(
         BaseWorker.PROP_CERTIFICATE_PROFILE_IDS_TO_CHECK, Integer.toString(certificateProfileId));
     workerprop.setProperty(BaseWorker.PROP_TIMEBEFOREEXPIRING, String.valueOf(seconds - 5));
     workerprop.setProperty(BaseWorker.PROP_TIMEUNIT, BaseWorker.UNIT_SECONDS);
     config.setWorkerProperties(workerprop);
     if (serviceSession.getService(CERTIFICATE_EXPIRATION_SERVICE) == null) {
       serviceSession.addService(admin, 4711, CERTIFICATE_EXPIRATION_SERVICE, config);
     }
     serviceSession.activateServiceTimer(admin, CERTIFICATE_EXPIRATION_SERVICE);
     // The service will run... the cert should still be active after 2
     // seconds..
     Thread.sleep(2000);
     info = certificateStoreSession.getCertificateInfo(fingerprint);
     assertEquals("status does not match.", CertificateConstants.CERT_ACTIVE, info.getStatus());
     // The service will run...We need some tolerance since timers cannot
     // be guaranteed to executed at the exact interval.
     Thread.sleep(10000);
     int tries = 0;
     while (info.getStatus() != CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION && tries < 5) {
       Thread.sleep(1000);
       info = certificateStoreSession.getCertificateInfo(fingerprint);
       tries++;
     }
     info = certificateStoreSession.getCertificateInfo(fingerprint);
     assertEquals(
         "Status does not match.",
         CertificateConstants.CERT_NOTIFIEDABOUTEXPIRATION,
         info.getStatus());
   } finally {
     // Clean the certificate profile
     certificateProfileSession.removeCertificateProfile(admin, certificateprofilename);
   }
 }
示例#4
0
    /** @see de.willuhn.datasource.GenericObject#getAttribute(java.lang.String) */
    public Object getAttribute(String arg0) throws RemoteException {

      if ("name".equals(arg0)) {
        String s = myCert.getSubject().getAttribute(Principal.COMMON_NAME);
        if (s == null || s.length() == 0) {
          s = this.cert.getSubjectDN().getName();
          if (s != null && s.length() > 40) s = s.substring(0, 39) + "...";
          return s;
        }
        return s;
      }
      if ("issuer".equals(arg0)) {
        String s = myCert.getIssuer().getAttribute(Principal.COMMON_NAME);
        if (s == null || s.length() == 0)
          s = myCert.getIssuer().getAttribute(Principal.ORGANIZATION);
        if (s == null || s.length() == 0) {
          s = this.cert.getIssuerDN().getName();
          if (s != null && s.length() > 40) s = s.substring(0, 39) + "...";
        }
        return s;
      }
      if ("serial".equals(arg0)) return cert.getSerialNumber().toString();
      if ("organization".equals(arg0))
        return myCert.getSubject().getAttribute(Principal.ORGANIZATION);
      if ("ou".equals(arg0)) return myCert.getSubject().getAttribute(Principal.ORGANIZATIONAL_UNIT);
      if ("datefrom".equals(arg0)) return cert.getNotBefore();
      if ("dateto".equals(arg0)) return cert.getNotAfter();

      return null;
    }
  private SignatureData getFromXmlDigSigSignature(
      SignatureVerificationRequest signatureVerificationRequest,
      SignatureVerificationResponse response)
      throws ParserConfigurationException, SAXException, IOException, MarshalException,
          SignatureException {
    String signature = new String(Base64.decode(signatureVerificationRequest.getSignature()));

    InputStream is = new ByteArrayInputStream(signature.getBytes());

    Document document = createDocument(is, true);

    XMLSignature xmlSignature =
        XMLSignatureFactory.getInstance().unmarshalXMLSignature(new DOMStructure(document));

    List contentList = xmlSignature.getKeyInfo().getContent();

    for (Object content : contentList) {
      if (content instanceof X509Data) {
        List certificateList = ((X509Data) content).getContent();
        for (Object certificateObject : certificateList) {
          if (certificateObject instanceof X509Certificate) {
            X509Certificate cert = (X509Certificate) certificateObject;
            CertificateInfo ci = new CertificateInfo();
            ci.setSubjectDn(cert.getSubjectDN().getName());
            ci.setValidTo(simpleDateFormat.format(cert.getNotAfter()));
            response.getCertificateInfos().getCertificateInfo().add(ci);
          }
        }
      }
    }

    return createSignatureDataFromXmlDigSig(signature);
  }
示例#6
0
  private void parseCert() {
    try {
      FileInputStream fis = new FileInputStream("e:\\rongyifu.der");
      CertificateFactory cf = CertificateFactory.getInstance("X509");
      X509Certificate c = (X509Certificate) cf.generateCertificate(fis);

      System.out.println("Certficate for " + c.getSubjectDN().getName());
      System.out.println("Generated with " + c.getSigAlgName());
      System.out.println("== " + c.getSubjectDN().toString());
      String publicKey = Base64.encode(c.getPublicKey().getEncoded());
      System.out.println("publicKey=" + publicKey);

      //		      Map<String, String> map = parseSubjectDN(c.getSubjectDN().toString());
      //		      System.out.println("map: "+map);

      //		      String notBefore =c.getNotBefore().toString();//得到开始有效日期
      //		      String notAfter = c.getNotAfter().toString();//得到截止日期
      String serialNumber = c.getSerialNumber().toString(16); // 得到序列号
      String dn = c.getIssuerDN().getName(); // 得到发行者名
      String sigAlgName = c.getSigAlgName(); // 得到签名算法
      String algorithm = c.getPublicKey().getAlgorithm(); // 得到公钥算法

      SimpleDateFormat intSDF = new SimpleDateFormat("yyyyMMdd");
      System.out.println("notBefore=" + intSDF.format(c.getNotBefore()));
      System.out.println("notAfter=" + intSDF.format(c.getNotAfter()));
      System.out.println("serialNumber=" + serialNumber);
      System.out.println("dn=" + dn);
      System.out.println("sigAlgName=" + sigAlgName);
      System.out.println("algorithm=" + algorithm);

      fis.close();
    } catch (Exception ex) {
      ex.printStackTrace();
    }
  }
示例#7
0
  // 颁发证书
  public static MadCertDo issueClientCert(
      long serialNo,
      String alias,
      String cn,
      String email,
      String title,
      Map<String, String> exts,
      char[] pwd)
      throws Exception {

    X500Name subject = X500NameUtil.createClass3EndPrincipal(cn, email, title);

    KeyPair caKeyPair = CaCertLoader.getClass3CaKeyPair();

    KeyPair endKeyPair = KeyPairUtil.generateRSAKeyPair();

    X509Certificate endCert =
        getIns().createClass3EndCert(serialNo, subject, exts, endKeyPair, caKeyPair);

    MadCertDo madCertDo = new MadCertDo();
    madCertDo.setSerialNumber(serialNo);
    madCertDo.setNotBefore(endCert.getNotBefore());
    madCertDo.setNotAfter(endCert.getNotAfter());
    madCertDo.setIssuerDN(endCert.getIssuerDN().toString());
    madCertDo.setSubjectDN(endCert.getSubjectDN().toString());
    madCertDo.setKeyFile(PKCSTransformer.getKeyFileString(endKeyPair.getPrivate(), pwd));
    madCertDo.setKeyPwd(String.valueOf(pwd));

    return madCertDo;
  }
示例#8
0
  public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
      cert.checkValidity();
    } catch (CertificateExpiredException ce) {
      return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
      return "NOT YET VALID: ";
    }

    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms

    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
      long months = getMonthsDifference(now, certNotAfter);
      return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
      long days = timeLeft / (24 * 3600 * 1000);
      return res.getString(R.string.days_left, days);
    } else {
      long hours = timeLeft / (3600 * 1000);

      return res.getString(R.string.hours_left, hours);
    }
  }
 @Override
 public void validate(List<X509Certificate> certificateChain, RevocationData revocationData)
     throws Exception {
   for (X509Certificate certificate : certificateChain) {
     LOG.debug("certificate: " + certificate.getSubjectX500Principal());
     LOG.debug("validity: " + certificate.getNotBefore() + " - " + certificate.getNotAfter());
   }
   this.trustValidator.isTrusted(certificateChain);
 }
 private String getValidity(X509Certificate certificate) {
   SimpleDateFormat dateFormat = new SimpleDateFormat("E, d MMM yyyy HH:mm:ss");
   return new StringBuilder()
       .append("Issued On: ")
       .append(dateFormat.format(certificate.getNotBefore()))
       .append('\n')
       .append("Expires On: ")
       .append(dateFormat.format(certificate.getNotAfter()))
       .toString();
 }
  public X509CertificateShortInfo(String alias, X509Certificate cert) {
    this.alias = alias;

    if (cert.getIssuerDN() != null) issuer = cert.getIssuerDN().getName();
    if (cert.getSubjectDN() != null) subject = cert.getSubjectDN().getName();
    algorithm = cert.getSigAlgName();
    notBeforeDatetime = cert.getNotBefore();
    notAfterDatetime = cert.getNotAfter();

    updateViewStyle();
  }
  /**
   * Retrieves displayable information about the certificate with the specified index in the chain.
   *
   * @param index The index of the certificate to request information on
   * @return A list of lists of {@link CertificateInformationEntry}s.
   */
  public List<List<CertificateInformationEntry>> getCertificateInfo(final int index) {
    final List<List<CertificateInformationEntry>> res =
        new ArrayList<List<CertificateInformationEntry>>();
    final X509Certificate cert = chain[index];
    List<CertificateInformationEntry> group;

    boolean tooOld = false, tooNew = false;

    try {
      cert.checkValidity();
    } catch (CertificateExpiredException ex) {
      tooOld = true;
    } catch (CertificateNotYetValidException ex) {
      tooNew = true;
    }

    group = new ArrayList<CertificateInformationEntry>();
    group.add(
        new CertificateInformationEntry(
            "Valid from", cert.getNotBefore().toString(), tooNew, false));
    group.add(
        new CertificateInformationEntry("Valid to", cert.getNotAfter().toString(), tooOld, false));
    res.add(group);

    final boolean wrongName = index == 0 && !manager.isValidHost(cert);
    final String names = getAlternateNames(cert);
    final Map<String, String> fields = CertificateManager.getDNFieldsFromCert(cert);

    group = new ArrayList<CertificateInformationEntry>();
    addCertField(fields, group, "Common name", "CN", wrongName);

    group.add(
        new CertificateInformationEntry(
            "Alternate names", names == null ? NOTPRESENT : names, wrongName, names == null));

    addCertField(fields, group, "Organisation", "O", false);
    addCertField(fields, group, "Unit", "OU", false);
    addCertField(fields, group, "Locality", "L", false);
    addCertField(fields, group, "State", "ST", false);
    addCertField(fields, group, "Country", "C", false);
    res.add(group);

    group = new ArrayList<CertificateInformationEntry>();
    group.add(
        new CertificateInformationEntry(
            "Serial number", cert.getSerialNumber().toString(), false, false));
    group.add(new CertificateInformationEntry("Algorithm", cert.getSigAlgName(), false, false));
    group.add(
        new CertificateInformationEntry(
            "SSL version", String.valueOf(cert.getVersion()), false, false));
    res.add(group);

    return res;
  }
  /*
   * Initializes the signerInfo and the VerifierInfo from the Certificate Pair
   */
  private void initializeCertificates() {
    X509Certificate certRoot = null;
    X509Certificate certIssuer = null;
    CertificatePair trustedCertificate;
    if (getFoundCertificate() == null) {
      CertificatePair[] certs = getRootCertificates();
      if (certs.length == 0) return;
      trustedCertificate = certs[0];
    } else {
      trustedCertificate = getFoundCertificate();
    }
    certRoot = (X509Certificate) trustedCertificate.getRoot();
    certIssuer = (X509Certificate) trustedCertificate.getIssuer();

    StringBuffer strb = new StringBuffer();
    strb.append(issuerString(certIssuer.getSubjectDN()));
    strb.append("\r\n"); // $NON-NLS-1$
    strb.append(
        NLS.bind(
            Messages.JarVerificationResult_ValidBetween,
            (new String[] {
              dateString(certIssuer.getNotBefore()), dateString(certIssuer.getNotAfter())
            })));
    strb.append(checkValidity(certIssuer));
    signerInfo = strb.toString();
    if (certIssuer != null && !certIssuer.equals(certRoot)) {
      strb = new StringBuffer();
      strb.append(issuerString(certIssuer.getIssuerDN()));
      strb.append("\r\n"); // $NON-NLS-1$
      strb.append(
          NLS.bind(
              Messages.JarVerificationResult_ValidBetween,
              (new String[] {
                dateString(certRoot.getNotBefore()), dateString(certRoot.getNotAfter())
              })));
      strb.append(checkValidity(certRoot));
      verifierInfo = strb.toString();
    }
  }
示例#14
0
 public static String prettyPrint(X509Certificate x509) {
   if (x509 == null) throw new IllegalArgumentException("x509 cannot be null");
   return String.format(
       FORMAT,
       x509.getVersion(),
       x509.getSerialNumber(),
       x509.getSigAlgName(),
       x509.getIssuerX500Principal().getName(),
       x509.getNotBefore(),
       x509.getNotAfter(),
       x509.getSubjectX500Principal().getName(),
       x509.getPublicKey().getAlgorithm(),
       x509.getBasicConstraints(),
       x509.getSigAlgName());
 }
 private void certDetails(StringBuffer si, X509Certificate c) {
   SimpleDateFormat validityDateFormater = new SimpleDateFormat("yyyy-MM-dd");
   si.append("\n");
   si.append(c.getSubjectDN().toString());
   si.append("\n");
   si.append(validityDateFormater.format(c.getNotBefore()));
   si.append(" - ");
   si.append(validityDateFormater.format(c.getNotAfter()));
   si.append("\nSHA-256: ");
   si.append(certHash(c, "SHA-256"));
   si.append("\nSHA-1: ");
   si.append(certHash(c, "SHA-1"));
   si.append("\nSigned by: ");
   si.append(c.getIssuerDN().toString());
   si.append("\n");
 }
  private X509Certificate readCertificate(String certPath) {
    try {
      FileInputStream fr = new FileInputStream(certPath);
      CertificateFactory cf = CertificateFactory.getInstance("X509");
      X509Certificate crt = (X509Certificate) cf.generateCertificate(fr);
      logger.info("Read certificate:");
      logger.info("\tCertificate for: " + crt.getSubjectDN());
      logger.info("\tCertificate issued by: " + crt.getIssuerDN());
      logger.info("\tCertificate is valid from " + crt.getNotBefore() + " to " + crt.getNotAfter());
      logger.info("\tCertificate SN# " + crt.getSerialNumber());
      logger.info("\tGenerated with " + crt.getSigAlgName());

      return crt;
    } catch (Exception e) {
      e.printStackTrace();
    }

    return null;
  }
 /*     */ private boolean isWorthTrying(
     X509Certificate paramX509Certificate1, X509Certificate paramX509Certificate2)
       /*     */ {
   /* 220 */ boolean bool = false;
   /*     */
   /* 222 */ if (debug != null) {
     /* 223 */ debug.println(
         "PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ...");
     /*     */ }
   /*     */
   /* 227 */ if (paramX509Certificate2 == null) {
     /* 228 */ return true;
     /*     */ }
   /*     */
   /* 231 */ AdaptableX509CertSelector localAdaptableX509CertSelector =
       new AdaptableX509CertSelector();
   /*     */
   /* 235 */ localAdaptableX509CertSelector.setSubject(
       paramX509Certificate2.getIssuerX500Principal());
   /*     */
   /* 238 */ localAdaptableX509CertSelector.setValidityPeriod(
       paramX509Certificate2.getNotBefore(), paramX509Certificate2.getNotAfter());
   /*     */ try
   /*     */ {
     /* 246 */ X509CertImpl localX509CertImpl = X509CertImpl.toImpl(paramX509Certificate2);
     /* 247 */ localAdaptableX509CertSelector.parseAuthorityKeyIdentifierExtension(
         localX509CertImpl.getAuthorityKeyIdentifierExtension());
     /*     */
     /* 250 */ bool = localAdaptableX509CertSelector.match(paramX509Certificate1);
     /*     */ }
   /*     */ catch (Exception localException)
   /*     */ {
     /*     */ }
   /* 255 */ if (debug != null) {
     /* 256 */ if (bool) /* 257 */ debug.println("YES - try this trustedCert");
     /*     */ else {
       /* 259 */ debug.println("NO - don't try this trustedCert");
       /*     */ }
     /*     */ }
   /*     */
   /* 263 */ return bool;
   /*     */ }
示例#18
0
 /**
  * Load an X509 Cert from a file and add it to the trusted set of certificates in the key store
  *
  * @return success
  * @since 0.8.2, moved from SSLEepGet in 0.9.9
  */
 public static boolean addCert(File file, String alias, KeyStore ks) {
   InputStream fis = null;
   try {
     fis = new FileInputStream(file);
     CertificateFactory cf = CertificateFactory.getInstance("X.509");
     X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
     info(
         "Read X509 Certificate from "
             + file.getAbsolutePath()
             + " Issuer: "
             + cert.getIssuerX500Principal()
             + "; Valid From: "
             + cert.getNotBefore()
             + " To: "
             + cert.getNotAfter());
     try {
       cert.checkValidity();
     } catch (CertificateExpiredException cee) {
       error("Rejecting expired X509 Certificate: " + file.getAbsolutePath(), cee);
       return false;
     } catch (CertificateNotYetValidException cnyve) {
       error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
       return false;
     }
     ks.setCertificateEntry(alias, cert);
     info("Now trusting X509 Certificate, Issuer: " + cert.getIssuerX500Principal());
   } catch (GeneralSecurityException gse) {
     error("Error reading X509 Certificate: " + file.getAbsolutePath(), gse);
     return false;
   } catch (IOException ioe) {
     error("Error reading X509 Certificate: " + file.getAbsolutePath(), ioe);
     return false;
   } finally {
     try {
       if (fis != null) fis.close();
     } catch (IOException foo) {
     }
   }
   return true;
 }
  public Set findCRLs(
      X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
      throws AnnotatedException {
    Set initialSet = new HashSet();

    // get complete CRL(s)
    try {
      initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
      initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
      initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
    } catch (AnnotatedException e) {
      throw new AnnotatedException("Exception obtaining complete CRLs.", e);
    }

    Set finalSet = new HashSet();
    Date validityDate = currentDate;

    if (paramsPKIX.getDate() != null) {
      validityDate = paramsPKIX.getDate();
    }

    // based on RFC 5280 6.3.3
    for (Iterator it = initialSet.iterator(); it.hasNext(); ) {
      X509CRL crl = (X509CRL) it.next();

      if (crl.getNextUpdate().after(validityDate)) {
        X509Certificate cert = crlselect.getCertificateChecking();

        if (cert != null) {
          if (crl.getThisUpdate().before(cert.getNotAfter())) {
            finalSet.add(crl);
          }
        } else {
          finalSet.add(crl);
        }
      }
    }

    return finalSet;
  }
示例#20
0
 private void logKeyStore(KeyStore store) throws KeyStoreException {
   LOG.trace("Certificates count: " + store.size());
   Enumeration aliases = store.aliases();
   while (aliases.hasMoreElements()) {
     String alias = (String) aliases.nextElement();
     Certificate[] certs = store.getCertificateChain(alias);
     if (certs != null) {
       LOG.debug("Certificate chain '" + alias + "':");
       for (int c = 0; c < certs.length; c++) {
         if (certs[c] instanceof X509Certificate) {
           X509Certificate cert = (X509Certificate) certs[c];
           LOG.trace(" Certificate " + (c + 1) + ":");
           LOG.trace("  Subject DN: " + cert.getSubjectDN());
           LOG.trace("  Signature Algorithm: " + cert.getSigAlgName());
           LOG.trace("  Valid from: " + cert.getNotBefore());
           LOG.trace("  Valid until: " + cert.getNotAfter());
           LOG.trace("  Issuer: " + cert.getIssuerDN());
         }
       }
     }
   }
 }
  @RequestMapping(value = "/pos-info", method = RequestMethod.GET)
  public String listReport(ModelMap modelMap) throws Exception {
    ClassPathResource resource = new ClassPathResource("server-configuration.properties");

    Properties properties = PropertiesLoaderUtils.loadProperties(resource);
    modelMap.addAttribute("modoIntegracion", properties.getProperty("pos.server.modo"));

    String puntoEmision = properties.getProperty("pos.server.punto_emision");
    modelMap.addAttribute("puntoEmision", puntoEmision);

    String MAC = macService.getCachedMAC();
    modelMap.addAttribute("MAC", MAC);

    String transferencia = properties.getProperty("pos.server.transferencia");
    modelMap.addAttribute("transferenciaHabilitada", transferencia.equals("1"));

    String limpieza = properties.getProperty("pos.server.limpieza");
    modelMap.addAttribute("limpiezaHabilitada", limpieza.equals("1"));

    String storePath = properties.getProperty("pos.server.almacenfirma.archivo");
    String storePassword = properties.getProperty("pos.server.almacenfirma.password");
    String certAlias = properties.getProperty("pos.server.certificado.alias");

    Init.init();
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(getClass().getResourceAsStream(storePath), storePassword.toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate(certAlias);
    DateTime expireCertDate = new DateTime(certificate.getNotAfter());
    DateTime now = DateTime.now();
    int difference = Days.daysBetween(expireCertDate, now).getDays();

    modelMap.addAttribute("certificadoExpirado", (difference > 0));
    modelMap.addAttribute("fechaExpiracion", expireCertDate);

    return "/page";
  }
 public static String toString(X509Certificate cert, boolean htmlStyle) {
   String cn = getCN(cert);
   String startStart = DF.format(cert.getNotBefore());
   String endDate = DF.format(cert.getNotAfter());
   String subject = JavaImpl.getSubjectX500(cert);
   String issuer = JavaImpl.getIssuerX500(cert);
   Iterator crls = getCRLs(cert).iterator();
   if (subject.equals(issuer)) {
     issuer = "self-signed";
   }
   StringBuffer buf = new StringBuffer(128);
   if (htmlStyle) {
     buf.append("<strong class=\"cn\">");
   }
   buf.append(cn);
   if (htmlStyle) {
     buf.append("</strong>");
   }
   buf.append(LINE_ENDING);
   buf.append("Valid: ");
   buf.append(startStart);
   buf.append(" - ");
   buf.append(endDate);
   buf.append(LINE_ENDING);
   buf.append("s: ");
   buf.append(subject);
   buf.append(LINE_ENDING);
   buf.append("i: ");
   buf.append(issuer);
   while (crls.hasNext()) {
     buf.append(LINE_ENDING);
     buf.append("CRL: ");
     buf.append((String) crls.next());
   }
   buf.append(LINE_ENDING);
   return buf.toString();
 }
示例#23
0
 /** @return Date -> Validate ends date */
 public Date getAfterDate() {
   return certificate.getNotAfter();
 }
示例#24
0
文件: CA.java 项目: NCIP/cagrid
 public X509CRL updateCRL(CRLEntry[] entries) throws Exception {
   crl = CertUtil.createCRL(cert, key, entries, cert.getNotAfter());
   return crl;
 }
示例#25
0
文件: CA.java 项目: NCIP/cagrid
 public X509CRL updateCRL(CRLEntry entry) throws Exception {
   CRLEntry[] entries = new CRLEntry[1];
   entries[0] = entry;
   crl = CertUtil.createCRL(cert, key, entries, cert.getNotAfter());
   return crl;
 }
  /**
   * Appends an HTML representation of the given X509Certificate.
   *
   * @param sb StringBuilder to append to
   * @param certificate to print
   */
  private void renderX509(StringBuilder sb, X509Certificate certificate) {
    X500Principal issuer = certificate.getIssuerX500Principal();
    X500Principal subject = certificate.getSubjectX500Principal();

    sb.append("<table cellspacing='1' cellpadding='1'>\n");

    // subject
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_TO"));
    try {
      for (Rdn name : new LdapName(subject.getName()).getRdns()) {
        String nameType = name.getType();
        String lblKey = "service.gui.CERT_INFO_" + nameType;
        String lbl = R.getI18NString(lblKey);

        if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;

        final String value;
        Object nameValue = name.getValue();

        if (nameValue instanceof byte[]) {
          byte[] nameValueAsByteArray = (byte[]) nameValue;

          value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
        } else value = nameValue.toString();

        addField(sb, lbl, value);
      }
    } catch (InvalidNameException ine) {
      addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), subject.getName());
    }

    // issuer
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_ISSUED_BY"));
    try {
      for (Rdn name : new LdapName(issuer.getName()).getRdns()) {
        String nameType = name.getType();
        String lblKey = "service.gui.CERT_INFO_" + nameType;
        String lbl = R.getI18NString(lblKey);

        if ((lbl == null) || ("!" + lblKey + "!").equals(lbl)) lbl = nameType;

        final String value;
        Object nameValue = name.getValue();

        if (nameValue instanceof byte[]) {
          byte[] nameValueAsByteArray = (byte[]) nameValue;

          value = getHex(nameValueAsByteArray) + " (" + new String(nameValueAsByteArray) + ")";
        } else value = nameValue.toString();

        addField(sb, lbl, value);
      }
    } catch (InvalidNameException ine) {
      addField(sb, R.getI18NString("service.gui.CERT_INFO_CN"), issuer.getName());
    }

    // validity
    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_VALIDITY"));
    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_ISSUED_ON"),
        certificate.getNotBefore().toString());
    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_EXPIRES_ON"),
        certificate.getNotAfter().toString());

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_FINGERPRINTS"));
    try {
      String sha1String = getThumbprint(certificate, "SHA1");
      String md5String = getThumbprint(certificate, "MD5");

      addField(sb, "SHA1:", sha1String);
      addField(sb, "MD5:", md5String);
    } catch (CertificateException e) {
      // do nothing as we cannot show this value
    }

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_CERT_DETAILS"));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SER_NUM"),
        certificate.getSerialNumber().toString());

    addField(
        sb, R.getI18NString("service.gui.CERT_INFO_VER"), String.valueOf(certificate.getVersion()));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SIGN_ALG"),
        String.valueOf(certificate.getSigAlgName()));

    addTitle(sb, R.getI18NString("service.gui.CERT_INFO_PUB_KEY_INFO"));

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_ALG"),
        certificate.getPublicKey().getAlgorithm());

    if (certificate.getPublicKey().getAlgorithm().equals("RSA")) {
      RSAPublicKey key = (RSAPublicKey) certificate.getPublicKey();

      addField(
          sb,
          R.getI18NString("service.gui.CERT_INFO_PUB_KEY"),
          R.getI18NString(
              "service.gui.CERT_INFO_KEY_BYTES_PRINT",
              new String[] {
                String.valueOf(key.getModulus().toByteArray().length - 1),
                key.getModulus().toString(16)
              }));

      addField(
          sb, R.getI18NString("service.gui.CERT_INFO_EXP"), key.getPublicExponent().toString());

      addField(
          sb,
          R.getI18NString("service.gui.CERT_INFO_KEY_SIZE"),
          R.getI18NString(
              "service.gui.CERT_INFO_KEY_BITS_PRINT",
              new String[] {String.valueOf(key.getModulus().bitLength())}));
    } else if (certificate.getPublicKey().getAlgorithm().equals("DSA")) {
      DSAPublicKey key = (DSAPublicKey) certificate.getPublicKey();

      addField(sb, "Y:", key.getY().toString(16));
    }

    addField(
        sb,
        R.getI18NString("service.gui.CERT_INFO_SIGN"),
        R.getI18NString(
            "service.gui.CERT_INFO_KEY_BYTES_PRINT",
            new String[] {
              String.valueOf(certificate.getSignature().length), getHex(certificate.getSignature())
            }));

    sb.append("</table>\n");
  }
  // controlla che il certificato del firmatario sia affidabile controllando la sua catena di
  // certificati
  // valida il certificato X509 del firmatario usando il built-in PKIX support messo a disposizione
  // da java
  // caricando il keystore contenente i certificati degli enti certificatori autorizzati dallo stato
  // italiano
  private PKIXCertPathBuilderResult isTrustedSigner(SignerInformation signer)
      throws FirmapiuException {
    // genera la lista di certificati da controllare  per generare la catena dei certificati del
    // firmatario
    // TODO quali certificati carica esattamente?
    Collection<?> certCollection = certStore.getMatches(signer.getSID());
    Iterator<?> certIt = certCollection.iterator();
    X509CertificateHolder cert = (X509CertificateHolder) certIt.next();
    List<X509Certificate> chain = new LinkedList<X509Certificate>();
    JcaX509CertificateConverter certConverter =
        new JcaX509CertificateConverter().setProvider(this.bcProvName);
    try {
      X509Certificate x509cert = certConverter.getCertificate(cert);
      chain.add(x509cert);
      while (certIt.hasNext()) {
        x509cert = certConverter.getCertificate((X509CertificateHolder) certIt.next());
        chain.add(x509cert);
      }
    } catch (CertificateException e) {
      new FirmapiuException(CERT_DEFAULT_ERROR, e);
    }

    // carica i certificati presenti nel token crittografico passato come parametro
    KeyStore anchors = this.token.loadKeyStore(null);
    X509CertSelector target = new X509CertSelector();
    target.setCertificate(chain.get(0));
    PKIXBuilderParameters params;
    CertPathBuilder builder;
    try {
      params = new PKIXBuilderParameters(anchors, target);
      // disabilita il controllo delle CRL
      params.setRevocationEnabled(false);
      // se il certificato è scaduto cerca di generare lo stesso la catena dei certificati
      try {
        X509Certificate x509cert = certConverter.getCertificate(cert);
        // long before=x509cert.getNotBefore().getTime();
        long after = x509cert.getNotAfter().getTime();
        after -= 10;
        params.setDate(new Date(after));
      } catch (CertificateException e) {
        throw new FirmapiuException(CERT_KEYSTORE_DEFAULT_ERROR, e);
      }
      CertStoreParameters intermediates = new CollectionCertStoreParameters(chain);
      params.addCertStore(CertStore.getInstance("Collection", intermediates));
      params.setSigProvider(this.bcProvName);
      builder = CertPathBuilder.getInstance("PKIX", this.bcProvName);
    } catch (KeyStoreException | InvalidAlgorithmParameterException e) {
      throw new FirmapiuException(CERT_KEYSTORE_DEFAULT_ERROR, e);
    } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
      throw new FirmapiuException(DEFAULT_ERROR, e);
    }
    /*
     * If build() returns successfully, the certificate is valid. More details
     * about the valid path can be obtained through the PKIXBuilderResult.
     * If no valid path can be found, a CertPathBuilderException is thrown.
     */
    try {
      return (PKIXCertPathBuilderResult) builder.build(params);
    } catch (CertPathBuilderException e) {
      throw new FirmapiuException(VERIFY_SIGNER_CERTPATH_ERROR, e);
    } catch (InvalidAlgorithmParameterException e) {
      throw new FirmapiuException(DEFAULT_ERROR, e);
    }
  } // fine metodo
示例#28
0
  private AlfrescoRuntimeException signFile(
      final NodeRef nodeRefToSign,
      final DigitalSigningDTO signingDTO,
      final File alfTempDir,
      final String alias,
      final KeyStore ks,
      final PrivateKey key,
      final Certificate[] chain) {
    final String fileNameToSign = fileFolderService.getFileInfo(nodeRefToSign).getName();

    File fileConverted = null;
    File tempDir = null;
    try {
      ContentReader fileToSignContentReader = getReader(nodeRefToSign);

      if (fileToSignContentReader != null) {
        String newName = null;

        // Check if document is PDF or transform it
        if (!MimetypeMap.MIMETYPE_PDF.equals(fileToSignContentReader.getMimetype())) {
          // Transform document in PDF document
          final ContentTransformer tranformer =
              contentTransformerRegistry.getTransformer(
                  fileToSignContentReader.getMimetype(),
                  fileToSignContentReader.getSize(),
                  MimetypeMap.MIMETYPE_PDF,
                  new TransformationOptions());

          if (tranformer != null) {

            tempDir = new File(alfTempDir.getPath() + File.separatorChar + nodeRefToSign.getId());
            if (tempDir != null) {
              tempDir.mkdir();
              fileConverted =
                  new File(tempDir, fileNameToSign + "_" + System.currentTimeMillis() + ".pdf");
              if (fileConverted != null) {
                final ContentWriter newDoc = new FileContentWriter(fileConverted);
                if (newDoc != null) {
                  newDoc.setMimetype(MimetypeMap.MIMETYPE_PDF);
                  tranformer.transform(fileToSignContentReader, newDoc);
                  fileToSignContentReader = new FileContentReader(fileConverted);

                  final String originalName =
                      (String) nodeService.getProperty(nodeRefToSign, ContentModel.PROP_NAME);

                  newName = originalName.substring(0, originalName.lastIndexOf(".")) + ".pdf";
                }
              }
            }
          } else {
            log.error(
                "["
                    + fileNameToSign
                    + "] No suitable converter found to convert the document in PDF.");
            return new AlfrescoRuntimeException(
                "["
                    + fileNameToSign
                    + "] No suitable converter found to convert the document in PDF.");
          }
        }

        // Convert PDF in PDF/A format
        final File pdfAFile = convertPdfToPdfA(fileToSignContentReader.getContentInputStream());

        final PdfReader reader = new PdfReader(new FileInputStream(pdfAFile));

        if (nodeRefToSign != null) {
          tempDir = new File(alfTempDir.getPath() + File.separatorChar + nodeRefToSign.getId());
          if (tempDir != null) {
            tempDir.mkdir();
            final File file = new File(tempDir, fileNameToSign);

            if (file != null) {
              final FileOutputStream fout = new FileOutputStream(file);
              final PdfStamper stp = PdfStamper.createSignature(reader, fout, '\0');

              if (stp != null) {
                final PdfSignatureAppearance sap = stp.getSignatureAppearance();
                if (sap != null) {
                  sap.setCrypto(key, chain, null, PdfSignatureAppearance.WINCER_SIGNED);
                  sap.setReason(signingDTO.getSignReason());
                  sap.setLocation(signingDTO.getSignLocation());
                  sap.setContact(signingDTO.getSignContact());
                  sap.setCertificationLevel(PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED);
                  sap.setImageScale(1);

                  // digital signature
                  if (signingDTO.getSigningField() != null
                      && !signingDTO.getSigningField().trim().equalsIgnoreCase("")) {
                    Image img = null;
                    if (signingDTO.getImage() != null) {
                      final ContentReader imageContentReader = getReader(signingDTO.getImage());
                      final AcroFields af = reader.getAcroFields();
                      if (af != null) {
                        final List<FieldPosition> positions =
                            af.getFieldPositions(signingDTO.getSigningField());
                        if (positions != null
                            && positions.size() > 0
                            && positions.get(0) != null
                            && positions.get(0).position != null) {
                          final BufferedImage newImg =
                              scaleImage(
                                  ImageIO.read(imageContentReader.getContentInputStream()),
                                  BufferedImage.TYPE_INT_RGB,
                                  Float.valueOf(positions.get(0).position.getWidth()).intValue(),
                                  Float.valueOf(positions.get(0).position.getHeight()).intValue());
                          img = Image.getInstance(newImg, null);
                        } else {
                          log.error(
                              "["
                                  + fileNameToSign
                                  + "] The field '"
                                  + signingDTO.getSigningField()
                                  + "' doesn't exist in the document.");
                          return new AlfrescoRuntimeException(
                              "["
                                  + fileNameToSign
                                  + "] The field '"
                                  + signingDTO.getSigningField()
                                  + "' doesn't exist in the document.");
                        }
                      }
                      if (img == null) {
                        img =
                            Image.getInstance(
                                ImageIO.read(imageContentReader.getContentInputStream()), null);
                      }
                      sap.setImage(img);
                    }
                    sap.setVisibleSignature(signingDTO.getSigningField());
                  } else {
                    int pageToSign = 1;
                    if (DigitalSigningDTO.PAGE_LAST.equalsIgnoreCase(
                        signingDTO.getPages().trim())) {
                      pageToSign = reader.getNumberOfPages();
                    } else if (DigitalSigningDTO.PAGE_SPECIFIC.equalsIgnoreCase(
                        signingDTO.getPages().trim())) {
                      if (signingDTO.getPageNumber() > 0
                          && signingDTO.getPageNumber() <= reader.getNumberOfPages()) {
                        pageToSign = signingDTO.getPageNumber();
                      } else {
                        throw new AlfrescoRuntimeException("Page number is out of bound.");
                      }
                    }
                    if (signingDTO.getImage() != null) {
                      final ContentReader imageContentReader = getReader(signingDTO.getImage());
                      // Resize image
                      final BufferedImage newImg =
                          scaleImage(
                              ImageIO.read(imageContentReader.getContentInputStream()),
                              BufferedImage.TYPE_INT_RGB,
                              signingDTO.getSignWidth(),
                              signingDTO.getSignHeight());
                      final Image img = Image.getInstance(newImg, null);
                      sap.setImage(img);
                    }
                    if (signingDTO.getPosition() != null
                        && !DigitalSigningDTO.POSITION_CUSTOM.equalsIgnoreCase(
                            signingDTO.getPosition().trim())) {
                      final Rectangle pageRect = reader.getPageSizeWithRotation(1);
                      sap.setVisibleSignature(
                          positionSignature(
                              signingDTO.getPosition(),
                              pageRect,
                              signingDTO.getSignWidth(),
                              signingDTO.getSignHeight(),
                              signingDTO.getxMargin(),
                              signingDTO.getyMargin()),
                          pageToSign,
                          null);
                    } else {
                      sap.setVisibleSignature(
                          new Rectangle(
                              signingDTO.getLocationX(),
                              signingDTO.getLocationY(),
                              signingDTO.getLocationX() + signingDTO.getSignWidth(),
                              signingDTO.getLocationY() - signingDTO.getSignHeight()),
                          pageToSign,
                          null);
                    }
                  }
                  stp.close();

                  NodeRef destinationNode = null;
                  NodeRef originalDoc = null;
                  boolean addAsNewVersion = false;
                  if (signingDTO.getDestinationFolder() == null) {
                    destinationNode = nodeRefToSign;
                    nodeService.addAspect(destinationNode, ContentModel.ASPECT_VERSIONABLE, null);
                    addAsNewVersion = true;
                  } else {
                    originalDoc = nodeRefToSign;
                    destinationNode =
                        createDestinationNode(
                            file.getName(), signingDTO.getDestinationFolder(), nodeRefToSign);
                  }

                  if (destinationNode != null) {

                    final ContentWriter writer =
                        contentService.getWriter(destinationNode, ContentModel.PROP_CONTENT, true);
                    if (writer != null) {
                      writer.setEncoding(fileToSignContentReader.getEncoding());
                      writer.setMimetype("application/pdf");
                      writer.putContent(file);
                      file.delete();

                      if (fileConverted != null) {
                        fileConverted.delete();
                      }

                      nodeService.addAspect(
                          destinationNode,
                          SigningModel.ASPECT_SIGNED,
                          new HashMap<QName, Serializable>());
                      nodeService.setProperty(
                          destinationNode, SigningModel.PROP_REASON, signingDTO.getSignReason());
                      nodeService.setProperty(
                          destinationNode,
                          SigningModel.PROP_LOCATION,
                          signingDTO.getSignLocation());
                      nodeService.setProperty(
                          destinationNode, SigningModel.PROP_SIGNATUREDATE, new java.util.Date());
                      nodeService.setProperty(
                          destinationNode,
                          SigningModel.PROP_SIGNEDBY,
                          AuthenticationUtil.getRunAsUser());

                      if (newName != null) {
                        nodeService.setProperty(destinationNode, ContentModel.PROP_NAME, newName);
                      }

                      final X509Certificate c = (X509Certificate) ks.getCertificate(alias);
                      nodeService.setProperty(
                          destinationNode, SigningModel.PROP_VALIDITY, c.getNotAfter());
                      nodeService.setProperty(
                          destinationNode, SigningModel.PROP_ORIGINAL_DOC, originalDoc);

                      if (!addAsNewVersion) {
                        if (!nodeService.hasAspect(originalDoc, SigningModel.ASPECT_ORIGINAL_DOC)) {
                          nodeService.addAspect(
                              originalDoc,
                              SigningModel.ASPECT_ORIGINAL_DOC,
                              new HashMap<QName, Serializable>());
                        }
                        nodeService.createAssociation(
                            originalDoc, destinationNode, SigningModel.PROP_RELATED_DOC);
                      }
                    }
                  } else {
                    log.error("[" + fileNameToSign + "] Destination node is not a valid NodeRef.");
                    return new AlfrescoRuntimeException(
                        "[" + fileNameToSign + "] Destination node is not a valid NodeRef.");
                  }
                } else {
                  log.error("[" + fileNameToSign + "] Unable to get PDF appearance signature.");
                  return new AlfrescoRuntimeException(
                      "[" + fileNameToSign + "] Unable to get PDF appearance signature.");
                }
              } else {
                log.error("[" + fileNameToSign + "] Unable to create PDF signature.");
                return new AlfrescoRuntimeException(
                    "[" + fileNameToSign + "] Unable to create PDF signature.");
              }
            }
          }
        } else {
          log.error("[" + fileNameToSign + "] Unable to get document to sign content.");
          return new AlfrescoRuntimeException(
              "[" + fileNameToSign + "] Unable to get document to sign content.");
        }

        if (pdfAFile != null) {
          pdfAFile.delete();
        }

        return null;

      } else {
        log.error("[" + fileNameToSign + "] The document has no content.");
        return new AlfrescoRuntimeException(
            "[" + fileNameToSign + "] The document has no content.");
      }
    } catch (KeyStoreException e) {
      log.error("[" + fileNameToSign + "] " + e);
      return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
    } catch (ContentIOException e) {
      log.error("[" + fileNameToSign + "] " + e);
      return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
    } catch (IOException e) {
      log.error("[" + fileNameToSign + "] " + e);
      return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
    } catch (DocumentException e) {
      log.error("[" + fileNameToSign + "] " + e);
      return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + e.getMessage(), e);
    } finally {
      if (tempDir != null) {
        try {
          tempDir.delete();
        } catch (Exception ex) {
          log.error("[" + fileNameToSign + "] " + ex);
          return new AlfrescoRuntimeException("[" + fileNameToSign + "] " + ex.getMessage(), ex);
        }
      }
    }
  }
示例#29
0
 /**
  * Recupera la fecha de expiraci&oacute;n del certificado en formato "yyyy-MM-dd".
  *
  * @param cert Certificado.
  * @return Fecha de caducidad.
  */
 private static String getExpiredDate(final X509Certificate cert) {
   return new SimpleDateFormat("yyyy-MM-dd").format(cert.getNotAfter()); // $NON-NLS-1$
 }
示例#30
0
 public TimeTool getValidUntil() {
   Date val = cert.getNotAfter();
   TimeTool ret = new TimeTool(val.getTime());
   return ret;
 }