Validate client certificate dates

This commit is contained in:
Joe Steele 2014-08-27 16:23:26 -04:00
parent c80634d501
commit 348fb4dceb
2 changed files with 11 additions and 1 deletions

View file

@ -1129,6 +1129,7 @@ Please submit bug reports, contribute new features and ask questions at
<string name="account_setup_basics_client_certificate">Use client certificate</string>
<string name="client_certificate_spinner_empty">No client certificate</string>
<string name="client_certificate_spinner_delete">Remove client certificate selection</string>
<string name="client_certificate_retrieval_failure">"Failed to retrieve client certificate for alias <xliff:g id="alias">%s</xliff:g>"</string>
<string name="client_certificate_retrieval_failure">"Failed to retrieve client certificate for alias \"<xliff:g id="alias">%s</xliff:g>\""</string>
<string name="client_certificate_advanced_options">Advanced options</string>
<string name="client_certificate_expired">"Client certificate \"<xliff:g id="certificate_alias">%1$s</xliff:g>\" has expired or is not yet valid (<xliff:g id="exception_message">%2$s</xliff:g>)"</string>
</resources>

View file

@ -4,6 +4,7 @@ package com.fsck.k9.net.ssl;
import java.net.Socket;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
@ -76,6 +77,14 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
if (chain == null || chain.length == 0) {
throw new MessagingException("No certificate chain found for: " + alias);
}
try {
for (X509Certificate certificate : chain) {
certificate.checkValidity();
}
} catch (CertificateException e) {
// Client certificate has expired or is not yet valid
throw new CertificateValidationException(context.getString(R.string.client_certificate_expired, alias, e.toString()));
}
return chain;
}