Validate client certificate dates
This commit is contained in:
parent
c80634d501
commit
348fb4dceb
2 changed files with 11 additions and 1 deletions
|
@ -1129,6 +1129,7 @@ Please submit bug reports, contribute new features and ask questions at
|
||||||
<string name="account_setup_basics_client_certificate">Use client certificate</string>
|
<string name="account_setup_basics_client_certificate">Use client certificate</string>
|
||||||
<string name="client_certificate_spinner_empty">No client certificate</string>
|
<string name="client_certificate_spinner_empty">No client certificate</string>
|
||||||
<string name="client_certificate_spinner_delete">Remove client certificate selection</string>
|
<string name="client_certificate_spinner_delete">Remove client certificate selection</string>
|
||||||
<string name="client_certificate_retrieval_failure">"Failed to retrieve client certificate for alias <xliff:g id="alias">%s</xliff:g>"</string>
|
<string name="client_certificate_retrieval_failure">"Failed to retrieve client certificate for alias \"<xliff:g id="alias">%s</xliff:g>\""</string>
|
||||||
<string name="client_certificate_advanced_options">Advanced options</string>
|
<string name="client_certificate_advanced_options">Advanced options</string>
|
||||||
|
<string name="client_certificate_expired">"Client certificate \"<xliff:g id="certificate_alias">%1$s</xliff:g>\" has expired or is not yet valid (<xliff:g id="exception_message">%2$s</xliff:g>)"</string>
|
||||||
</resources>
|
</resources>
|
||||||
|
|
|
@ -4,6 +4,7 @@ package com.fsck.k9.net.ssl;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -76,6 +77,14 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
|
||||||
if (chain == null || chain.length == 0) {
|
if (chain == null || chain.length == 0) {
|
||||||
throw new MessagingException("No certificate chain found for: " + alias);
|
throw new MessagingException("No certificate chain found for: " + alias);
|
||||||
}
|
}
|
||||||
|
try {
|
||||||
|
for (X509Certificate certificate : chain) {
|
||||||
|
certificate.checkValidity();
|
||||||
|
}
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
// Client certificate has expired or is not yet valid
|
||||||
|
throw new CertificateValidationException(context.getString(R.string.client_certificate_expired, alias, e.toString()));
|
||||||
|
}
|
||||||
|
|
||||||
return chain;
|
return chain;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue