The following section of code in the verifyXMLSignature method of the
SignatureProcessor that checks the validity of the certificate by calling
checkValidity(), I believe should wrap the exceptions differently rather
then having the same exception be thrown in cases that you want to handle
CertificateExpiredException different then CertificateNotYetValidException.
if (certs != null) {
try {
certs[0].checkValidity();
} catch (CertificateExpiredException e) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK,
"invalidCert");
} catch (CertificateNotYetValidException e) {
throw new WSSecurityException(
WSSecurityException.FAILED_CHECK,
"invalidCert");
}
}
Thanks,
Chad
