java.security.cert.CertPath类的使用及代码示例

x33g5p2x  于2022-01-18 转载在 其他  
字(9.9k)|赞(0)|评价(0)|浏览(449)

本文整理了Java中java.security.cert.CertPath类的一些代码示例,展示了CertPath类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。CertPath类的具体详情如下:
包路径:java.security.cert.CertPath
类名称:CertPath

CertPath介绍

[英]An immutable certificate path that can be validated. All certificates in the path are of the same type (i.e., X509).

A CertPath can be represented as a byte array in at least one supported encoding scheme (i.e. PkiPath or PKCS7) when serialized.

When a List of the certificates is obtained it must be immutable.

A CertPath must be thread-safe without requiring coordinated access.
[中]可以验证的不可变证书路径。路径中的所有证书类型相同(即X509)。
在序列化时,CertPath可以表示为至少一种受支持的编码方案(即PkiPath或PKCS7)中的字节数组。
当获得证书列表时,它必须是不可变的。
CertPath必须是线程安全的,无需协调访问。

代码示例

代码示例来源:origin: igniterealtime/Openfire

try
  first.checkValidity();
if ( chain.length == 1 && first.getSubjectX500Principal().equals( first.getIssuerX500Principal() ) )
  for ( Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements(); )
    String alias = aliases.nextElement();
    if ( store.isCertificateEntry( alias ) )
  pathValidator.validate( cp, params );
  return (X509Certificate) cp.getCertificates().get( 0 );

代码示例来源:origin: robovm/robovm

/**
 * Returns an alternate object to be serialized.
 *
 * @return an alternate object to be serialized.
 * @throws ObjectStreamException
 *             if the creation of the alternate object fails.
 */
protected Object writeReplace() throws ObjectStreamException {
  try {
    return new CertPathRep(getType(), getEncoded());
  } catch (CertificateEncodingException e) {
    throw new NotSerializableException("Could not create serialization object: " + e);
  }
}

代码示例来源:origin: robovm/robovm

/**
 * Compares the specified object with this {@code Timestamp} for equality
 * and returns {@code true} if the specified object is equal, {@code false}
 * otherwise. The given object is equal to this {@code Timestamp}, if it is
 * an instance of {@code Timestamp}, the two timestamps have an equal date
 * and time and their certificate paths are equal.
 *
 * @param obj
 *            object to be compared for equality with this {@code
 *            Timestamp}.
 * @return {@code true} if the specified object is equal to this {@code
 *         Timestamp}, otherwise {@code false}.
 * @see #hashCode
 */
@Override
public boolean equals(Object obj) {
  if (obj == this) {
    return true;
  }
  if (obj instanceof Timestamp) {
    Timestamp that = (Timestamp) obj;
    return timestamp.equals(that.timestamp)
        && signerCertPath.equals(that.signerCertPath);
  }
  return false;
}

代码示例来源:origin: robovm/robovm

/**
 * Overrides {@code Object.hashCode()}. The function is defined as follows:
 * <pre>
 * {@code hashCode = 31 * path.getType().hashCode() +
 * path.getCertificates().hashCode();}
 * </pre>
 *
 * @return the hash code for this instance.
 */
public int hashCode() {
  int hash = getType().hashCode();
  hash = hash*31 + getCertificates().hashCode();
  return hash;
}

代码示例来源:origin: poreid/poreid

CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
X509CertSelector select = new X509CertSelector();
select.setSubject(cert.getSubjectX500Principal().getEncoded());
Set trustanchors = new HashSet();
List<Certificate> certList = new ArrayList<>();
certList.add(cert);
Enumeration<String> enumeration = kstore.aliases();
while (enumeration.hasMoreElements()) {
  X509Certificate certificate = (X509Certificate) kstore.getCertificate(enumeration.nextElement());
  if (certificate.getIssuerX500Principal().equals(certificate.getSubjectX500Principal())) {
    if (isCertificateSelfSigned(certificate)) {
      trustanchors.add(new TrustAnchor((X509Certificate) certificate, null));
params.setRevocationEnabled(false);
CertPathBuilderResult cpbr = pathBuilder.build(params);
List<X509Certificate> path = (List<X509Certificate>) cpbr.getCertPath().getCertificates();            
X509Certificate issuer = (path.size()< 2 ? ((TrustAnchor)trustanchors.iterator().next()).getTrustedCert() : path.get(1));            
OCSPClient client = new OCSPClient(issuer, path.get(0));

代码示例来源:origin: org.switchyard/switchyard-security

Set<Credential> credentials = new HashSet<Credential>();
if (source != null) {
  try {
              if (X509PKIPATHV1.equals(valueType)) {
                CertPath path = factory.generateCertPath(certStream);
                for (Certificate certificate : path.getCertificates()) {
                  credentials.add(new CertificateCredential(certificate));

代码示例来源:origin: ibinti/bugvm

throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
  while (policyConstraints.hasMoreElements())
    ASN1TaggedObject constraint = (ASN1TaggedObject)policyConstraints.nextElement();
    switch (constraint.getTagNo())
        try
          tmpInt = DERInteger.getInstance(constraint, false).getValue().intValue();

代码示例来源:origin: ibinti/bugvm

throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
int n = certs.size();
  Set s_idp = new HashSet();
      tmp = new HashSet();
      tmp.add(sd_p);
      m_idp.put(id_p, tmp);
            while (e.hasMoreElements())
                pinfo = PolicyInformation.getInstance(e.nextElement());
                throw new CertPathValidatorException(
                  "Policy information could not be decoded.", ex, certPath, index);
            if (cert.getCriticalExtensionOIDs() != null)
              ci = cert.getCriticalExtensionOIDs().contains(
                RFC3280CertPathUtilities.CERTIFICATE_POLICIES);

代码示例来源:origin: ibinti/bugvm

if (signingCert.equals(defaultCRLSignCert))
    List certs = builder.build(params).getCertPath().getCertificates();
    validCerts.add(signingCert);
    validKeys.add(CertPathValidatorUtilities.getNextWorkingKey(certs, 0));
Set checkKeys = new HashSet();
  boolean[] keyusage = signCert.getKeyUsage();

代码示例来源:origin: GluuFederation/oxAuth

Set<X509Certificate> trustedRootCerts = new HashSet<X509Certificate>();
Set<X509Certificate> intermediateCerts = new HashSet<X509Certificate>();
for (X509Certificate additionalCert : additionalCerts) {
  if (isSelfSigned(additionalCert)) {
List<? extends Certificate> certList = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
  log.error("Target certificate is not an EE certificate!");

代码示例来源:origin: ibinti/bugvm

throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
  int _inhibitAnyPolicy = iap.getValue().intValue();

代码示例来源:origin: org.opensaml/xmltooling

/**
 * Log information from the constructed cert path at level debug.
 * 
 * @param buildResult the PKIX cert path builder result containing the cert path and trust anchor
 * @param targetCert the cert untrusted certificate that was being evaluated
 */
private void logCertPathDebug(PKIXCertPathBuilderResult buildResult, X509Certificate targetCert) {
  log.debug("Built valid PKIX cert path");
  log.debug("Target certificate: {}", x500DNHandler.getName(targetCert.getSubjectX500Principal()));
  for (Certificate cert : buildResult.getCertPath().getCertificates()) {
    log.debug("CertPath certificate: {}", x500DNHandler.getName(((X509Certificate) cert)
        .getSubjectX500Principal()));
  }
  TrustAnchor ta = buildResult.getTrustAnchor();
  if (ta.getTrustedCert() != null) {
    log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getTrustedCert().getSubjectX500Principal()));
  } else if (ta.getCA() != null) {
    log.debug("TrustAnchor: {}", x500DNHandler.getName(ta.getCA()));
  } else {
    log.debug("TrustAnchor: {}", ta.getCAName());
  }
}

代码示例来源:origin: net.jxta/jxta-jxse

/**
 * {@inheritDoc}
 */
public Object getSubject() {
  return ((X509Certificate) certs.getCertificates().get(0)).getSubjectDN();
}

代码示例来源:origin: ibinti/bugvm

protected static void prepareNextCertN(
  CertPath certPath,
  int index)
  throws CertPathValidatorException
{
  List certs = certPath.getCertificates();
  X509Certificate cert = (X509Certificate)certs.get(index);
  //
  // (n)
  //
  boolean[] _usage = cert.getKeyUsage();
  if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
  {
    throw new ExtCertPathValidatorException(
      "Issuer certificate keyusage extension is critical and does not permit key signing.", null,
      certPath, index);
  }
}

代码示例来源:origin: net.jxta/jxta-jxse

/**
 * {@inheritDoc}
 * <p/>
 * A PSE Credential is valid as long as the associated certificate is
 * valid.
 */
public boolean isExpired() {
  try {
    ((X509Certificate) certs.getCertificates().get(0)).checkValidity();
    return false;
  } catch (CertificateExpiredException expired) {
    return true;
  } catch (CertificateNotYetValidException notyet) {
    return true;
  }
}

代码示例来源:origin: org.bouncycastle/bcprov-debug-jdk15on

throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
    throw new CertPathValidatorException(e.getMessage(), e.getCause(), certPath, index);

代码示例来源:origin: au.net.zeus.jgdms/jgdms-rmi-tls

/**
 * Returns the latest time for which all of the X.509 certificates in the
 * certificate chain are valid.
 */
static long certificatesValidUntil(CertPath chain) {
long result = Long.MAX_VALUE;
List<? extends Certificate> certs = chain.getCertificates();
for (int i = certs.size(); --i >= 0;) {
  X509Certificate cert = (X509Certificate) certs.get(i);
  long until = cert.getNotAfter().getTime();
  if (until < result) {
  result = until;
  }
}
return result;
}

代码示例来源:origin: ibinti/bugvm

throws CertPathValidatorException
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
    throw new CertPathValidatorException("Not a CA certificate");
  throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");

代码示例来源:origin: igniterealtime/Openfire

OCSPChecker(CertPath certPath, PKIXParameters pkixParams)
    throws CertPathValidatorException {
  this.cp = certPath;
  this.pkixParams = pkixParams;
  List<? extends Certificate> tmp = cp.getCertificates();
  certs =
      (X509Certificate[]) tmp.toArray(new X509Certificate[tmp.size()]);
  init(false);
}

代码示例来源:origin: GluuFederation/oxAuth

private X509Certificate verifyPath(CertPathValidator cpv, CertPath certPath, PKIXParameters params) {
  try {
    cpv.validate(certPath, params);
    return (X509Certificate) certPath.getCertificates().get(0);
  } catch (CertPathValidatorException ex) {
    if (ex.getReason() == CertPathValidatorException.BasicReason.UNDETERMINED_REVOCATION_STATUS) {
      log.info("Cert not validated against the root {}", ex.getMessage());
      return null;
    } else {
      log.warn("Cert not validated against the root {}", ex.getMessage());
      throw new Fido2RPRuntimeException("Problem with certificate " + ex.getMessage());
    }
  } catch (InvalidAlgorithmParameterException e) {
    log.warn("Cert verification problem {}", e.getMessage(), e);
    throw new Fido2RPRuntimeException("Problem with certificate");
  }
}

内容来源于网络,如有侵权,请联系作者删除!

CertPath

相关文章

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新文章

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com