Java 类java.security.cert.CertificateExpiredException 实例源码

/**
 * verify that the given certificate successfully handles and confirms
 * the signature associated with this signer and, if a signingTime
 * attribute is available, that the certificate was valid at the time the
 * signature was generated.
 * @deprecated use verify(ContentVerifierProvider)
 */
public boolean verify(
    X509Certificate cert,
    Provider        sigProvider)
    throws NoSuchAlgorithmException,
        CertificateExpiredException, CertificateNotYetValidException,
        CMSException
{
    Time signingTime = getSigningTime();
    if (signingTime != null)
    {
        cert.checkValidity(signingTime.getDate());
    }

    return doVerify(cert.getPublicKey(), sigProvider); 
}

public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    Objects.requireNonNull(now);
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore != null && notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter != null && notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

@Test
public void sign() {
  final DistinguishedName caName = dn("CN=CA-Test");
  final RootCertificate ca = createSelfSignedCertificate(caName).build();
  final CSR csr = createCsr().generateRequest(dn("CN=test"));
  final X509Certificate cert = ca.signCsr(csr)
      .setRandomSerialNumber()
      .sign()
      .getX509Certificate();

  try {
    cert.checkValidity();
  } catch (CertificateExpiredException | CertificateNotYetValidException e) {
    fail("Invalid certificate: " + e.toString());
  }
  assertEquals("CN=CA-Test", cert.getIssuerX500Principal().getName());
  assertEquals("CN=test", cert.getSubjectX500Principal().getName());
  assertEquals(csr.getPublicKey(), cert.getPublicKey());
}

@Test
public void test_generateSelfSignedX509CertificateV1() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateExpiredException, CertificateNotYetValidException, CertificateException, InvalidKeyException, SignatureException {
    final DistinguishedName issuer = issuer();

    final X500Principal principal = issuer.toX500Principal();

    final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA.name(), BOUNCY_CASTLE);
    final KeyPair keyPair = keyPairGenerator.generateKeyPair();

    final SelfSignedX509V1CertRequest request = new SelfSignedX509V1CertRequest(
            principal,
            BigInteger.ONE,
            Instant.now(),
            Instant.ofEpochMilli(System.currentTimeMillis() + (10 * 1000)),
            keyPair
    );
    log.info(String.format("request : %s", request));

    final X509Certificate cert = certificateService.generateSelfSignedX509CertificateV1(request);
    log.info(String.format("result.getSigAlgName() = %s, result.getVersion() = %s ", cert.getSigAlgName(), cert.getVersion()));
    assertThat(cert.getVersion(), is(1));

    cert.checkValidity();
    assertThat(Arrays.areEqual(principal.getEncoded(), cert.getIssuerX500Principal().getEncoded()), is(true));
    cert.verify(cert.getPublicKey());
}

@Override
public boolean checkCertificateValidity() {
    X509Certificate sigCert = getCertSign();
    X509Certificate encCert = getCertEnc();

    if (null == sigCert || null == encCert) {
        logger.error("Cannot obtain Certificates for validation");
        // treat as invalid
        return false;
    }

    Date now = new Date();
    try {
        sigCert.checkValidity(now);
        encCert.checkValidity(now);
    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
        // certificate not (yet) valid
        return false;
    }

    return true;
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

public VerificationResultCode verifySignature(VerificationContext context) throws KSIException {
    Date validAt = context.getSignature().getAggregationTime();

    SignatureData signatureData = context.getCalendarAuthenticationRecord().getSignatureData();
    Certificate certificate = context.getCertificate(signatureData.getCertificateId());
    if (certificate instanceof X509Certificate) {
        try {
            ((X509Certificate) certificate).checkValidity(validAt);
            return VerificationResultCode.OK;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            LOGGER.info("Certificate id {} was not valid at the aggregation time {}",
                    Base16.encode(signatureData.getCertificateId()), validAt);
        }
    }

    LOGGER.info("Unable to check certificate validity, id = {}", Base16.encode(signatureData.getCertificateId()));
    return VerificationResultCode.FAIL;
}

private boolean isValidSigningCertificateChain(X509Certificate[] signingCertificateChain) {
    // Verify issuing chain
    if (signingCertificateChain.length > 1) {
        X500Principal expectedPrincipal = signingCertificateChain[0].getIssuerX500Principal();
        for (int i = 1; i < signingCertificateChain.length; ++i) { // start at the direct issuer
            X500Principal subject = signingCertificateChain[i].getSubjectX500Principal();
            if (!subject.equals(expectedPrincipal)) {
                LOG.error("Expecting: " + expectedPrincipal + " But found: " + subject);
                return false;
            }
            expectedPrincipal = signingCertificateChain[i].getIssuerX500Principal();
        }
    }

    // Check validity of the signing certificate;
    try {
        signingCertificateChain[0].checkValidity();
    } catch (CertificateExpiredException | CertificateNotYetValidException e) {
        LOG.error("Signing certificate was invalid!");
        return false;
    }

    // All good
    return true;
}

/**
 * @see java.security.cert.X509Certificate#checkValidity()
 * method documentation for more information.
 */
public void checkValidity() throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = System.currentTimeMillis();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity(Date)
 * method documentation for more information.
 */
public void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = date.getTime();
    if (time < notBefore) {
        // BEGIN android-changed
        throw new CertificateNotYetValidException("current time: " + date
            + ", validation time: " + new Date(notBefore));
        // END android-changed
    }
    if (time > notAfter) {
        // BEGIN android-changed
        throw new CertificateExpiredException("current time: " + date
            + ", expiration time: " + new Date(notAfter));
        // END android-changed
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity()
 * method documentation for more information.
 */
public void checkValidity() throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = System.currentTimeMillis();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity(Date)
 * method documentation for more information.
 */
public void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = date.getTime();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

private void checkCertificatesValidity(KeyStore keyStore) throws KeyStoreException {
    if (ROOT_LOGGER.isEnabled(Logger.Level.WARN)) {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate certificate = keyStore.getCertificate(alias);
            if (certificate != null && certificate instanceof X509Certificate) {
                try {
                    ((X509Certificate) certificate).checkValidity();
                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                    ROOT_LOGGER.certificateNotValid(alias, e);
                }
            }
        }
    }
}

/**
 * Gets a keystore manager for a given hostname
 * Creates one/key if it does not already exist
 * @param hostname
 * @return
 * @throws Exception
 */
public static KeyStoreManager getKeyStoreManager(String hostname) throws Exception {
    File root = getKeyStoreRoot(hostname);

    // create entry
    KeyStoreManager keyStoreManager = new KeyStoreManager(root);

    // under the hood this will generate the cert if it doesn't exist
    keyStoreManager.getCertificateByHostname(hostname);

    // use this since getCertificateByHostname always returns null, but hostname == alias for our purpose
    X509Certificate cert = keyStoreManager.getCertificateByAlias(hostname);
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException cee) {
        // if the cert is expired we should destroy it and recursively call this function
        keyStoreManager = null;
        FileUtils.deleteDirectory(root);

        return getKeyStoreManager(hostname);
    }

    return keyStoreManager;
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * @see X509Certificate#checkValidity()
 * method documentation for more information.
 */
public void checkValidity() throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = System.currentTimeMillis();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see X509Certificate#checkValidity(Date)
 * method documentation for more information.
 */
public void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = date.getTime();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity()
 * method documentation for more information.
 */
public void checkValidity() throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = System.currentTimeMillis();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity(Date)
 * method documentation for more information.
 */
public void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = date.getTime();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity()
 * method documentation for more information.
 */
public void checkValidity() throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = System.currentTimeMillis();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * @see java.security.cert.X509Certificate#checkValidity(Date)
 * method documentation for more information.
 */
public void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException {
    if (notBefore == -1) {
        // retrieve and cache the value of validity period
        notBefore = tbsCert.getValidity().getNotBefore().getTime();
        notAfter = tbsCert.getValidity().getNotAfter().getTime();
    }
    long time = date.getTime();
    if (time < notBefore) {
        throw new CertificateNotYetValidException();
    }
    if (time > notAfter) {
        throw new CertificateExpiredException();
    }
}

/**
 * Verify that that the passed time is within the validity period.
 *
 * @exception CertificateExpiredException if the certificate has expired
 * with respect to the <code>Date</code> supplied.
 * @exception CertificateNotYetValidException if the certificate is not
 * yet valid with respect to the <code>Date</code> supplied.
 *
 */
public void valid(Date now)
throws CertificateNotYetValidException, CertificateExpiredException {
    /*
     * we use the internal Dates rather than the passed in Date
     * because someone could override the Date methods after()
     * and before() to do something entirely different.
     */
    if (notBefore.after(now)) {
        throw new CertificateNotYetValidException("NotBefore: " +
                                                  notBefore.toString());
    }
    if (notAfter.before(now)) {
        throw new CertificateExpiredException("NotAfter: " +
                                              notAfter.toString());
    }
}

/**
 * verify that the given certificate successfully handles and confirms
 * the signature associated with this signer and, if a signingTime
 * attribute is available, that the certificate was valid at the time the
 * signature was generated.
 * @deprecated use verify(ContentVerifierProvider)
 */
public boolean verify(
    X509Certificate cert,
    Provider        sigProvider)
    throws NoSuchAlgorithmException,
        CertificateExpiredException, CertificateNotYetValidException,
        CMSException
{
    Time signingTime = getSigningTime();
    if (signingTime != null)
    {
        cert.checkValidity(signingTime.getDate());
    }

    return doVerify(cert.getPublicKey(), sigProvider); 
}

/**
 * verify that the given certificate successfully handles and confirms
 * the signature associated with this signer and, if a signingTime
 * attribute is available, that the certificate was valid at the time the
 * signature was generated.
 * @deprecated use verify(ContentVerifierProvider)
 */
public boolean verify(
    X509Certificate cert,
    Provider        sigProvider)
    throws NoSuchAlgorithmException,
        CertificateExpiredException, CertificateNotYetValidException,
        CMSException
{
    Time signingTime = getSigningTime();
    if (signingTime != null)
    {
        cert.checkValidity(signingTime.getDate());
    }

    return doVerify(cert.getPublicKey(), sigProvider); 
}

public void checkServerTrusted(X509Certificate[] certificates,
        String authType) throws CertificateException {
    try {
        if ((certificates != null) && (certificates.length == 1)) {
            certificates[0].checkValidity();
        } else {
            mStandardTrustManager
                    .checkServerTrusted(certificates, authType);
        }
    } catch (CertificateException e) {
        if (e.getCause() instanceof CertPathValidatorException
                || e instanceof CertificateExpiredException) {
            return;
        }
        throw e;
    }
}

/**
 * verify that the given certificate successfully handles and confirms
 * the signature associated with this signer and, if a signingTime
 * attribute is available, that the certificate was valid at the time the
 * signature was generated.
 * @deprecated use verify(ContentVerifierProvider)
 */
public boolean verify(
    X509Certificate cert,
    Provider        sigProvider)
    throws NoSuchAlgorithmException,
        CertificateExpiredException, CertificateNotYetValidException,
        CMSException
{
    Time signingTime = getSigningTime();
    if (signingTime != null)
    {
        cert.checkValidity(signingTime.getDate());
    }

    return doVerify(cert.getPublicKey(), sigProvider); 
}

public void checkServerTrusted(X509Certificate[] certificates,
        String authType) throws CertificateException {
    try {
        if ((certificates != null) && (certificates.length == 1)) {
            certificates[0].checkValidity();
        } else {
            mStandardTrustManager
                    .checkServerTrusted(certificates, authType);
        }
    } catch (CertificateException e) {
        if (e.getCause() instanceof CertPathValidatorException
                || e instanceof CertificateExpiredException) {
            return;
        }
        throw e;
    }
}

@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}

@Override
public void checkValidity(final Date arg0)
        throws CertificateExpiredException, CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}

@Override
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
    if (!this.valid) {
        throw new CertificateExpiredException();
    }
}