Fix | Validate Certificate expiry date when creating encrypted connec…

…tion (#1394)
microsoft · Jul 29, 2020 · 3ba5e89 · 3ba5e89
1 parent 0db30ad
commit 3ba5e89
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 7 deletions.
diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java b/src/main/java/com/microsoft/sqlserver/jdbc/IOBuffer.java
@@ -1486,12 +1486,20 @@ public void checkClientTrusted(X509Certificate[] chain, String authType) throws
             if (logger.isLoggable(Level.FINEST))
                 logger.finest(logContext + " Forwarding ClientTrusted.");
             defaultTrustManager.checkClientTrusted(chain, authType);
+            // Explicitly validate the expiry dates
+            for (X509Certificate cert : chain) {
+                cert.checkValidity();
+            }
         }
 
         public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             if (logger.isLoggable(Level.FINEST))
                 logger.finest(logContext + " Forwarding Trusting server certificate");
             defaultTrustManager.checkServerTrusted(chain, authType);
+            // Explicitly validate the expiry dates
+            for (X509Certificate cert : chain) {
+                cert.checkValidity();
+            }
             if (logger.isLoggable(Level.FINEST))
                 logger.finest(logContext + " default serverTrusted succeeded proceeding with server name validation");
 

diff --git a/src/main/java/com/microsoft/sqlserver/jdbc/KeyStoreProviderCommon.java b/src/main/java/com/microsoft/sqlserver/jdbc/KeyStoreProviderCommon.java
@@ -12,8 +12,6 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.Signature;
 import java.security.SignatureException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509Certificate;
 import java.text.MessageFormat;
 
@@ -34,11 +32,6 @@ class CertificateDetails {
 
     CertificateDetails(X509Certificate certificate, Key privateKey) throws SQLServerException {
         this.certificate = certificate;
-        try {
-            certificate.checkValidity();
-        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
-            SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "", false);
-        }
         this.privateKey = privateKey;
     }
 }