web-eid
diff --git a/‎src/main/java/eu/webeid/security/authtoken/WebEidAuthToken.java
Lines changed: 10 additions & 19 deletions b/‎src/main/java/eu/webeid/security/authtoken/WebEidAuthToken.java
Lines changed: 10 additions & 19 deletions
diff --git a/‎src/main/java/eu/webeid/security/certificate/CertificateLoader.java
Lines changed: 2 additions & 0 deletions b/‎src/main/java/eu/webeid/security/certificate/CertificateLoader.java
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGenerator.java
Lines changed: 2 additions & 2 deletions b/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGenerator.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGeneratorBuilder.java
Lines changed: 1 addition & 2 deletions b/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGeneratorBuilder.java
Lines changed: 1 addition & 2 deletions
diff --git a/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGeneratorImpl.java
Lines changed: 4 additions & 3 deletions b/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceGeneratorImpl.java
Lines changed: 4 additions & 3 deletions
diff --git a/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceStore.java
Lines changed: 2 additions & 2 deletions b/‎src/main/java/eu/webeid/security/challenge/ChallengeNonceStore.java
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main/java/eu/webeid/security/exceptions/TokenValidationException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenException.java
Lines changed: 5 additions & 3 deletions b/‎src/main/java/eu/webeid/security/exceptions/TokenValidationException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenException.java
Lines changed: 5 additions & 3 deletions
diff --git a/‎src/main/java/eu/webeid/security/exceptions/TokenParseException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenParseException.java
Lines changed: 3 additions & 3 deletions b/‎src/main/java/eu/webeid/security/exceptions/TokenParseException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenParseException.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎src/main/java/eu/webeid/security/exceptions/TokenSignatureValidationException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenSignatureValidationException.java
Lines changed: 3 additions & 5 deletions b/‎src/main/java/eu/webeid/security/exceptions/TokenSignatureValidationException.java renamed to ‎src/main/java/eu/webeid/security/exceptions/AuthTokenSignatureValidationException.java
Lines changed: 3 additions & 5 deletions
diff --git a/‎src/main/java/eu/webeid/security/exceptions/CertificateDecodingException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/CertificateDecodingException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/CertificateExpiredException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/CertificateExpiredException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/CertificateNotTrustedException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/CertificateNotYetValidException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/CertificateNotYetValidException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/ChallengeNonceExpiredException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/ChallengeNonceExpiredException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/ChallengeNonceNotFoundException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/ChallengeNonceNotFoundException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/ChallengeNullOrEmptyException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/ChallengeNullOrEmptyException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/JceException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/JceException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/OCSPCertificateException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/OCSPCertificateException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/SiteCertificateHashNotConfiguredException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/SiteCertificateHashNotConfiguredException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateDisallowedPolicyException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateDisallowedPolicyException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateMissingPurposeException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateMissingPurposeException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateOCSPCheckFailedException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateOCSPCheckFailedException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateParseException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateParseException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateRevokedException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateRevokedException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/exceptions/UserCertificateWrongPurposeException.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/eu/webeid/security/exceptions/UserCertificateWrongPurposeException.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/eu/webeid/security/util/Sha256Digest.java
Lines changed: 0 additions & 47 deletions b/‎src/main/java/eu/webeid/security/util/Sha256Digest.java
Lines changed: 0 additions & 47 deletions
@@ -27,18 +27,17 @@
 @JsonIgnoreProperties(ignoreUnknown = true)
 public class WebEidAuthToken {
 
-    private String certificate;
+    private String unverifiedCertificate;
     private String signature;
     private String algorithm;
-    private String version;
-    private boolean useOriginCertHash;
+    private String format;
 
-    public String getCertificate() {
-        return certificate;
+    public String getUnverifiedCertificate() {
+        return unverifiedCertificate;
     }
 
-    public void setCertificate(String certificate) {
-        this.certificate = certificate;
+    public void setUnverifiedCertificate(String unverifiedCertificate) {
+        this.unverifiedCertificate = unverifiedCertificate;
     }
 
     public String getSignature() {
@@ -57,20 +56,12 @@ public void setAlgorithm(String algorithm) {
         this.algorithm = algorithm;
     }
 
-    public String getVersion() {
-        return version;
+    public String getFormat() {
+        return format;
     }
 
-    public void setVersion(String version) {
-        this.version = version;
-    }
-
-    public boolean getUseOriginCertHash() {
-        return useOriginCertHash;
-    }
-
-    public void setUseOriginCertHash(boolean useOriginCertHash) {
-        this.useOriginCertHash = useOriginCertHash;
+    public void setFormat(String format) {
+        this.format = format;
     }
 
 }
@@ -32,6 +32,7 @@
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 
 import static eu.webeid.security.util.Base64Decoder.decodeBase64;
 
@@ -52,6 +53,7 @@ public static X509Certificate[] loadCertificatesFromResources(String... resource
     }
 
     public static X509Certificate decodeCertificateFromBase64(String certificateInBase64) throws CertificateDecodingException {
+        Objects.requireNonNull(certificateInBase64, "certificateInBase64");
         try (final InputStream targetStream = new ByteArrayInputStream(decodeBase64(certificateInBase64))) {
             return (X509Certificate) CertificateFactory
                 .getInstance("X509")
 
@@ -33,7 +33,7 @@ public interface ChallengeNonceGenerator {
      * Generates a cryptographic nonce, a large random number that can be used only once,
      * and stores it in a {@link ChallengeNonceStore}.
      *
-     * @return Base64-encoded nonce
+     * @return a {@link ChallengeNonce} that contains the Base64-encoded nonce and its expiry time
      */
-    String generateAndStoreNonce();
+    ChallengeNonce generateAndStoreNonce();
 }
@@ -23,7 +23,6 @@
 package eu.webeid.security.challenge;
 
 import eu.webeid.security.util.DateAndTime;
-import eu.webeid.security.validator.AuthTokenValidator;
 
 import java.security.SecureRandom;
 import java.time.Duration;
@@ -56,7 +55,7 @@ public ChallengeNonceGeneratorBuilder withNonceTtl(Duration duration) {
     /**
      * Sets the challenge nonce store where the generated challenge nonces will be stored.
      *
-     * @param challengeNonceStore nonce store
+     * @param challengeNonceStore challenge nonce store
      * @return current builder instance
      */
     public ChallengeNonceGeneratorBuilder withChallengeNonceStore(ChallengeNonceStore challengeNonceStore) {
 
@@ -42,13 +42,14 @@ final class ChallengeNonceGeneratorImpl implements ChallengeNonceGenerator {
     }
 
     @Override
-    public String generateAndStoreNonce() {
+    public ChallengeNonce generateAndStoreNonce() {
         final byte[] nonceBytes = new byte[NONCE_LENGTH];
         secureRandom.nextBytes(nonceBytes);
         final ZonedDateTime expirationTime = DateAndTime.utcNow().plus(ttl);
         final String base64Nonce = Base64.getEncoder().encodeToString(nonceBytes);
-        challengeNonceStore.put(new ChallengeNonce(base64Nonce, expirationTime));
-        return base64Nonce;
+        final ChallengeNonce challengeNonce = new ChallengeNonce(base64Nonce, expirationTime);
+        challengeNonceStore.put(challengeNonce);
+        return challengeNonce;
     }
 
 }
@@ -23,7 +23,7 @@
 package eu.webeid.security.challenge;
 
 import eu.webeid.security.exceptions.ChallengeNonceExpiredException;
-import eu.webeid.security.exceptions.TokenValidationException;
+import eu.webeid.security.exceptions.AuthTokenException;
 import eu.webeid.security.exceptions.ChallengeNonceNotFoundException;
 
 import static eu.webeid.security.util.DateAndTime.utcNow;
@@ -35,7 +35,7 @@ public abstract class ChallengeNonceStore {
 
     public abstract void put(ChallengeNonce challengeNonce);
 
-    public final ChallengeNonce getAndRemove() throws TokenValidationException {
+    public final ChallengeNonce getAndRemove() throws AuthTokenException {
         final ChallengeNonce challengeNonce = getAndRemoveImpl();
         if (challengeNonce == null) {
             throw new ChallengeNonceNotFoundException();
 
@@ -25,12 +25,14 @@
 /**
  * Base class for all authentication token validation exceptions.
  */
-public abstract class TokenValidationException extends Exception {
-    protected TokenValidationException(String msg) {
+public abstract class AuthTokenException extends Exception {
+
+    protected AuthTokenException(String msg) {
         super(msg);
     }
 
-    protected TokenValidationException(String msg, Throwable cause) {
+    protected AuthTokenException(String msg, Throwable cause) {
         super(msg, cause);
     }
+
 }
@@ -25,13 +25,13 @@
 /**
  * Thrown when authentication token parsing fails.
  */
-public class TokenParseException extends TokenValidationException {
+public class AuthTokenParseException extends AuthTokenException {
 
-    public TokenParseException(String message) {
+    public AuthTokenParseException(String message) {
         super(message);
     }
 
-    public TokenParseException(String message, Throwable cause) {
+    public AuthTokenParseException(String message, Throwable cause) {
         super(message, cause);
     }
 }
@@ -25,12 +25,10 @@
 /**
  * Thrown when authentication token signature validation fails.
  */
-public class TokenSignatureValidationException extends TokenValidationException {
+public class AuthTokenSignatureValidationException extends AuthTokenException {
 
-    public static final String MESSAGE = "Token signature validation has failed";
-
-    public TokenSignatureValidationException() {
-        super(MESSAGE);
+    public AuthTokenSignatureValidationException() {
+        super("Token signature validation has failed");
     }
 
 }
@@ -22,7 +22,7 @@
 
 package eu.webeid.security.exceptions;
 
-public class CertificateDecodingException extends TokenValidationException {
+public class CertificateDecodingException extends AuthTokenException {
     public CertificateDecodingException(Throwable cause) {
         super("Certificate decoding from Base64 or parsing failed", cause);
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the certificate's valid until date is in the past.
  */
-public class CertificateExpiredException extends TokenValidationException {
+public class CertificateExpiredException extends AuthTokenException {
     public CertificateExpiredException(String subject, Throwable cause) {
         super(subject + " certificate has expired", cause);
     }
 
@@ -27,7 +27,7 @@
 /**
  * Thrown when the given certificate is not signed by a trusted CA.
  */
-public class CertificateNotTrustedException extends TokenValidationException {
+public class CertificateNotTrustedException extends AuthTokenException {
 
     public CertificateNotTrustedException(X509Certificate certificate, Throwable e) {
         super("Certificate " + certificate.getSubjectDN() + " is not trusted", e);
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the certificate's valid from date is in the future.
  */
-public class CertificateNotYetValidException extends TokenValidationException {
+public class CertificateNotYetValidException extends AuthTokenException {
     public CertificateNotYetValidException(String subject, Throwable cause) {
         super(subject + " certificate is not yet valid", cause);
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the challenge nonce has expired.
  */
-public class ChallengeNonceExpiredException extends TokenValidationException {
+public class ChallengeNonceExpiredException extends AuthTokenException {
 
     public ChallengeNonceExpiredException() {
         super("Challenge nonce has expired");
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the challenge nonce was not found in the nonce store.
  */
-public class ChallengeNonceNotFoundException extends TokenValidationException {
+public class ChallengeNonceNotFoundException extends AuthTokenException {
 
     public ChallengeNonceNotFoundException() {
         super("Challenge nonce was not found in the nonce store");
 
@@ -22,7 +22,7 @@
 
 package eu.webeid.security.exceptions;
 
-public class ChallengeNullOrEmptyException extends TokenValidationException {
+public class ChallengeNullOrEmptyException extends AuthTokenException {
     public ChallengeNullOrEmptyException() {
         super("Provided challenge is null or empty");
     }
 
@@ -24,7 +24,7 @@
 
 import java.security.GeneralSecurityException;
 
-public class JceException extends TokenValidationException {
+public class JceException extends AuthTokenException {
     public JceException(GeneralSecurityException e) {
         super("Java Cryptography Extension loading or configuration failed", e);
     }
 
@@ -22,7 +22,7 @@
 
 package eu.webeid.security.exceptions;
 
-public class OCSPCertificateException extends TokenValidationException {
+public class OCSPCertificateException extends AuthTokenException {
 
     public OCSPCertificateException(String message) {
         super(message);
 
@@ -26,7 +26,7 @@
  * Thrown when the token signature was calculated with the origin HTTPS certificate hash,
  * but it is not provided in the configuration.
  */
-public class SiteCertificateHashNotConfiguredException extends TokenValidationException {
+public class SiteCertificateHashNotConfiguredException extends AuthTokenException {
     public SiteCertificateHashNotConfiguredException() {
         super("Authentication token signature was calculated with the origin certificate hash, " +
             "but site certificate hash is not configured. Please provide it via " +
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when any of the configured disallowed policies is present in the user certificate.
  */
-public class UserCertificateDisallowedPolicyException extends TokenValidationException {
+public class UserCertificateDisallowedPolicyException extends AuthTokenException {
     public UserCertificateDisallowedPolicyException() {
         super("Disallowed user certificate policy");
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the user certificate purpose field is missing or empty.
  */
-public class UserCertificateMissingPurposeException extends TokenValidationException {
+public class UserCertificateMissingPurposeException extends AuthTokenException {
     public UserCertificateMissingPurposeException() {
         super("User certificate purpose is missing");
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when user certificate revocation check with OCSP fails.
  */
-public class UserCertificateOCSPCheckFailedException extends TokenValidationException {
+public class UserCertificateOCSPCheckFailedException extends AuthTokenException {
     public UserCertificateOCSPCheckFailedException(Throwable cause) {
         super("User certificate revocation check has failed", cause);
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when user certificate parsing fails.
  */
-public class UserCertificateParseException extends TokenValidationException {
+public class UserCertificateParseException extends AuthTokenException {
     public UserCertificateParseException(Throwable cause) {
         super("Error parsing certificate", cause);
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the user certificate has been revoked.
  */
-public class UserCertificateRevokedException extends TokenValidationException {
+public class UserCertificateRevokedException extends AuthTokenException {
     public UserCertificateRevokedException() {
         super("User certificate has been revoked");
     }
 
@@ -25,7 +25,7 @@
 /**
  * Thrown when the user certificate purpose is not client authentication.
  */
-public class UserCertificateWrongPurposeException extends TokenValidationException {
+public class UserCertificateWrongPurposeException extends AuthTokenException {
     public UserCertificateWrongPurposeException() {
         super("User certificate is not meant to be used as an authentication certificate");
     }
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public interface ChallengeNonceGenerator {`
`33`	`33`	`* Generates a cryptographic nonce, a large random number that can be used only once,`
`34`	`34`	`* and stores it in a {@link ChallengeNonceStore}.`
`35`	`35`	`*`
`36`		`- * @return Base64-encoded nonce`
	`36`	`+ * @return a {@link ChallengeNonce} that contains the Base64-encoded nonce and its expiry time`
`37`	`37`	`*/`
`38`		`- String generateAndStoreNonce();`
	`38`	`+ ChallengeNonce generateAndStoreNonce();`
`39`	`39`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,13 +42,14 @@ final class ChallengeNonceGeneratorImpl implements ChallengeNonceGenerator {`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`@Override`
`45`		`- public String generateAndStoreNonce() {`
	`45`	`+ public ChallengeNonce generateAndStoreNonce() {`
`46`	`46`	`final byte[] nonceBytes = new byte[NONCE_LENGTH];`
`47`	`47`	`secureRandom.nextBytes(nonceBytes);`
`48`	`48`	`final ZonedDateTime expirationTime = DateAndTime.utcNow().plus(ttl);`
`49`	`49`	`final String base64Nonce = Base64.getEncoder().encodeToString(nonceBytes);`
`50`		`- challengeNonceStore.put(new ChallengeNonce(base64Nonce, expirationTime));`
`51`		`- return base64Nonce;`
	`50`	`+ final ChallengeNonce challengeNonce = new ChallengeNonce(base64Nonce, expirationTime);`
	`51`	`+ challengeNonceStore.put(challengeNonce);`
	`52`	`+ return challengeNonce;`
`52`	`53`	`}`
`53`	`54`
`54`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,12 +25,14 @@`
`25`	`25`	`/**`
`26`	`26`	`* Base class for all authentication token validation exceptions.`
`27`	`27`	`*/`
`28`		`-public abstract class TokenValidationException extends Exception {`
`29`		`- protected TokenValidationException(String msg) {`
	`28`	`+public abstract class AuthTokenException extends Exception {`
	`29`	`+`
	`30`	`+ protected AuthTokenException(String msg) {`
`30`	`31`	`super(msg);`
`31`	`32`	`}`
`32`	`33`
`33`		`- protected TokenValidationException(String msg, Throwable cause) {`
	`34`	`+ protected AuthTokenException(String msg, Throwable cause) {`
`34`	`35`	`super(msg, cause);`
`35`	`36`	`}`
	`37`	`+`
`36`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,13 +25,13 @@`
`25`	`25`	`/**`
`26`	`26`	`* Thrown when authentication token parsing fails.`
`27`	`27`	`*/`
`28`		`-public class TokenParseException extends TokenValidationException {`
	`28`	`+public class AuthTokenParseException extends AuthTokenException {`
`29`	`29`
`30`		`- public TokenParseException(String message) {`
	`30`	`+ public AuthTokenParseException(String message) {`
`31`	`31`	`super(message);`
`32`	`32`	`}`
`33`	`33`
`34`		`- public TokenParseException(String message, Throwable cause) {`
	`34`	`+ public AuthTokenParseException(String message, Throwable cause) {`
`35`	`35`	`super(message, cause);`
`36`	`36`	`}`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,12 +25,10 @@`
`25`	`25`	`/**`
`26`	`26`	`* Thrown when authentication token signature validation fails.`
`27`	`27`	`*/`
`28`		`-public class TokenSignatureValidationException extends TokenValidationException {`
	`28`	`+public class AuthTokenSignatureValidationException extends AuthTokenException {`
`29`	`29`
`30`		`- public static final String MESSAGE = "Token signature validation has failed";`
`31`		`-`
`32`		`- public TokenSignatureValidationException() {`
`33`		`- super(MESSAGE);`
	`30`	`+ public AuthTokenSignatureValidationException() {`
	`31`	`+ super("Token signature validation has failed");`
`34`	`32`	`}`
`35`	`33`
`36`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@`
`22`	`22`
`23`	`23`	`package eu.webeid.security.exceptions;`
`24`	`24`
`25`		`-public class CertificateDecodingException extends TokenValidationException {`
	`25`	`+public class CertificateDecodingException extends AuthTokenException {`
`26`	`26`	`public CertificateDecodingException(Throwable cause) {`
`27`	`27`	`super("Certificate decoding from Base64 or parsing failed", cause);`
`28`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@`
`25`	`25`	`/**`
`26`	`26`	`* Thrown when the certificate's valid until date is in the past.`
`27`	`27`	`*/`
`28`		`-public class CertificateExpiredException extends TokenValidationException {`
	`28`	`+public class CertificateExpiredException extends AuthTokenException {`
`29`	`29`	`public CertificateExpiredException(String subject, Throwable cause) {`
`30`	`30`	`super(subject + " certificate has expired", cause);`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@`
`24`	`24`
`25`	`25`	`import java.security.GeneralSecurityException;`
`26`	`26`
`27`		`-public class JceException extends TokenValidationException {`
	`27`	`+public class JceException extends AuthTokenException {`
`28`	`28`	`public JceException(GeneralSecurityException e) {`
`29`	`29`	`super("Java Cryptography Extension loading or configuration failed", e);`
`30`	`30`	`}`