本文整理了Java中java.security.cert.CertPath
类的一些代码示例,展示了CertPath
类的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。CertPath
类的具体详情如下:
包路径:java.security.cert.CertPath
类名称:CertPath
[英]An immutable certificate path that can be validated. All certificates in the path are of the same type (i.e., X509).
A CertPath can be represented as a byte array in at least one supported encoding scheme (i.e. PkiPath or PKCS7) when serialized.
When a List of the certificates is obtained it must be immutable.
A CertPath must be thread-safe without requiring coordinated access.
[中]可以验证的不可变证书路径。路径中的所有证书类型相同(即X509)。
在序列化时,CertPath可以表示为至少一种受支持的编码方案(即PkiPath或PKCS7)中的字节数组。
当获得证书列表时,它必须是不可变的。
CertPath必须是线程安全的,无需协调访问。
代码示例来源:origin: igniterealtime/Openfire
try
first.checkValidity();
if ( chain.length == 1 && first.getSubjectX500Principal().equals( first.getIssuerX500Principal() ) )
for ( Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements(); )
String alias = aliases.nextElement();
if ( store.isCertificateEntry( alias ) )
pathValidator.validate( cp, params );
return (X509Certificate) cp.getCertificates().get( 0 );
代码示例来源:origin: robovm/robovm
/**
* Returns an alternate object to be serialized.
*
* @return an alternate object to be serialized.
* @throws ObjectStreamException
* if the creation of the alternate object fails.
*/
protected Object writeReplace() throws ObjectStreamException {
try {
return new CertPathRep(getType(), getEncoded());
} catch (CertificateEncodingException e) {
throw new NotSerializableException("Could not create serialization object: " + e);
}
}
代码示例来源:origin: robovm/robovm
/**
* Compares the specified object with this {@code Timestamp} for equality
* and returns {@code true} if the specified object is equal, {@code false}
* otherwise. The given object is equal to this {@code Timestamp}, if it is
* an instance of {@code Timestamp}, the two timestamps have an equal date
* and time and their certificate paths are equal.
*
* @param obj
* object to be compared for equality with this {@code
* Timestamp}.
* @return {@code true} if the specified object is equal to this {@code
* Timestamp}, otherwise {@code false}.
* @see #hashCode
*/
@Override
public boolean equals(Object obj) {
if (obj == this) {
return true;
}
if (obj instanceof Timestamp) {
Timestamp that = (Timestamp) obj;
return timestamp.equals(that.timestamp)
&& signerCertPath.equals(that.signerCertPath);
}
return false;
}
代码示例来源:origin: robovm/robovm
/**
* Overrides {@code Object.hashCode()}. The function is defined as follows:
* <pre>
* {@code hashCode = 31 * path.getType().hashCode() +
* path.getCertificates().hashCode();}
* </pre>
*
* @return the hash code for this instance.
*/
public int hashCode() {
int hash = getType().hashCode();
hash = hash*31 + getCertificates().hashCode();
return hash;
}
代码示例来源:origin: poreid/poreid
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
X509CertSelector select = new X509CertSelector();
select.setSubject(cert.getSubjectX500Principal().getEncoded());
Set trustanchors = new HashSet();
List<Certificate> certList = new ArrayList<>();
certList.add(cert);
Enumeration<String> enumeration = kstore.aliases();
while (enumeration.hasMoreElements()) {
X509Certificate certificate = (X509Certificate) kstore.getCertificate(enumeration.nextElement());
if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
if (isCertificateSelfSigned(certificate)) {
trustanchors.add(new TrustAnchor((X509Certificate) certificate, null));
params.setRevocationEnabled(false);
CertPathBuilderResult cpbr = pathBuilder.build(params);
List<X509Certificate> path = (List<X509Certificate>) cpbr.getCertPath().getCertificates();
X509Certificate issuer = (path.size()< 2 ? ((TrustAnchor)trustanchors.iterator().next()).getTrustedCert() : path.get(1));
OCSPClient client = new OCSPClient(issuer, path.get(0));
代码示例来源:origin: org.switchyard/switchyard-security
Set<Credential> credentials = new HashSet<Credential>();
if (source != null) {
try {
if (X509PKIPATHV1.equals(valueType)) {
CertPath path = factory.generateCertPath(certStream);
for (Certificate certificate : path.getCertificates()) {
credentials.add(new CertificateCredential(certificate));
代码示例来源:origin: ibinti/bugvm
throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
while (policyConstraints.hasMoreElements())
ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement();
switch (constraint.getTagNo())
try
tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();
代码示例来源:origin: ibinti/bugvm
throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
int n = certs.size();
Set s_idp = new HashSet();
tmp = new HashSet();
tmp.add(sd_p);
m_idp.put(id_p, tmp);
while (e.hasMoreElements())
pinfo = PolicyInformation.getInstance(e.nextElement());
throw new CertPathValidatorException(
"Policy information could not be decoded.", ex, certPath, index);
if (cert.getCriticalExtensionOIDs() != null)
ci = cert.getCriticalExtensionOIDs().contains(
RFC3280CertPathUtilities.CERTIFICATE_POLICIES);
代码示例来源:origin: ibinti/bugvm
if (signingCert.equals(defaultCRLSignCert))
List certs = builder.build(params).getCertPath().getCertificates();
validCerts.add(signingCert);
validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
Set checkKeys = new HashSet();
boolean[] keyusage = signCert.getKeyUsage();
代码示例来源:origin: GluuFederation/oxAuth
Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>();
Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();
for (X509Certificate additionalCert : additionalCerts) {
if (isSelfSigned(additionalCert)) {
List<? extends Certificate> certList = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
log.error("Target certificate is not an EE certificate!");
代码示例来源:origin: ibinti/bugvm
throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
int _inhibitAnyPolicy = iap.getValue().intValue();
代码示例来源:origin: org.opensaml/xmltooling
/**
* Log information from the constructed cert path at level debug.
*
* @param buildResult the PKIX cert path builder result containing the cert path and trust anchor
* @param targetCert the cert untrusted certificate that was being evaluated
*/
private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) {
log.debug("Built valid PKIX cert path");
log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal()));
for (Certificate cert : buildResult.getCertPath().getCertificates()) {
log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert)
.getSubjectX500Principal()));
}
TrustAnchor ta = buildResult.getTrustAnchor();
if (ta.getTrustedCert() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal()));
} else if (ta.getCA() != null) {
log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA()));
} else {
log.debug("TrustAnchor: {}", ta.getCAName());
}
}
代码示例来源:origin: net.jxta/jxta-jxse
/**
* {@inheritDoc}
*/
public Object getSubject() {
return ((X509Certificate) certs.getCertificates().get(0)).getSubjectDN();
}
代码示例来源:origin: ibinti/bugvm
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
代码示例来源:origin: net.jxta/jxta-jxse
/**
* {@inheritDoc}
* <p/>
* A PSE Credential is valid as long as the associated certificate is
* valid.
*/
public boolean isExpired() {
try {
((X509Certificate) certs.getCertificates().get(0)).checkValidity();
return false;
} catch (CertificateExpiredException expired) {
return true;
} catch (CertificateNotYetValidException notyet) {
return true;
}
}
代码示例来源:origin: org.bouncycastle/bcprov-debug-jdk15on
throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);
代码示例来源:origin: au.net.zeus.jgdms/jgdms-rmi-tls
/**
* Returns the latest time for which all of the X.509 certificates in the
* certificate chain are valid.
*/
static long certificatesValidUntil(CertPath chain) {
long result = Long.MAX_VALUE;
List<? extends Certificate> certs = chain.getCertificates();
for (int i = certs.size(); --i >= 0;) {
X509Certificate cert = (X509Certificate) certs.get(i);
long until = cert.getNotAfter().getTime();
if (until < result) {
result = until;
}
}
return result;
}
代码示例来源:origin: ibinti/bugvm
throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
throw new CertPathValidatorException("Not a CA certificate");
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
代码示例来源:origin: igniterealtime/Openfire
OCSPChecker(CertPath certPath, PKIXParameters pkixParams)
throws CertPathValidatorException {
this.cp = certPath;
this.pkixParams = pkixParams;
List<? extends Certificate> tmp = cp.getCertificates();
certs =
(X509Certificate[]) tmp.toArray(new X509Certificate[tmp.size()]);
init(false);
}
代码示例来源:origin: GluuFederation/oxAuth
private X509Certificate verifyPath(CertPathValidator cpv, CertPath certPath, PKIXParameters params) {
try {
cpv.validate(certPath, params);
return (X509Certificate) certPath.getCertificates().get(0);
} catch (CertPathValidatorException ex) {
if (ex.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) {
log.info("Cert not validated against the root {}", ex.getMessage());
return null;
} else {
log.warn("Cert not validated against the root {}", ex.getMessage());
throw new Fido2RPRuntimeException("Problem with certificate " + ex.getMessage());
}
} catch (InvalidAlgorithmParameterException e) {
log.warn("Cert verification problem {}", e.getMessage(), e);
throw new Fido2RPRuntimeException("Problem with certificate");
}
}
内容来源于网络,如有侵权,请联系作者删除!