diff options
author | Parménides GV <parmegv@sdf.org> | 2014-12-01 20:01:49 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2014-12-01 20:01:49 +0100 |
commit | b4d6003265e49e537ec3fae16740de7885864520 (patch) | |
tree | fa4728712320ba459760906390851a09930f7712 /app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java | |
parent | 48cd0f2fa3094b5a6b7b07d6413d77bdbc9bbc20 (diff) | |
parent | a59f2e0083b05fd94e2d0d2c1fcfeaa42b851531 (diff) |
Merge branch 'bug/EIP-class-is-too-big-#6350' into develop
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java')
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java new file mode 100644 index 00000000..6487f6c1 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -0,0 +1,60 @@ +/** + * Copyright (c) 2013 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.eip; + +import android.util.Log; + +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.Calendar; + +import se.leap.bitmaskclient.ConfigHelper; + +public class VpnCertificateValidator { + public final static String TAG = VpnCertificateValidator.class.getSimpleName(); + + public boolean isValid(String certificate) { + if(!certificate.isEmpty()) { + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); + return isValid(certificate_x509); + } else return true; + } + + private boolean isValid(X509Certificate certificate) { + Calendar offset_date = calculateOffsetCertificateValidity(certificate); + try { + Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); + certificate.checkValidity(offset_date.getTime()); + return true; + } catch(CertificateExpiredException e) { + return false; + } catch(CertificateNotYetValidException e) { + return false; + } + } + + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); + long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2; + long current_date_millis = Calendar.getInstance().getTimeInMillis(); + + Calendar limit_date = Calendar.getInstance(); + limit_date.setTimeInMillis(current_date_millis + preventive_time); + return limit_date; + } +} |