当前位置: 首页>>代码示例>>Java>>正文

Java PKIXReason.NOT_CA_CERT属性代码示例

本文整理汇总了Java中java.security.cert.PKIXReason.NOT_CA_CERT属性的典型用法代码示例。如果您正苦于以下问题:Java PKIXReason.NOT_CA_CERT属性的具体用法?Java PKIXReason.NOT_CA_CERT怎么用?Java PKIXReason.NOT_CA_CERT使用的例子?那么, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在java.security.cert.PKIXReason的用法示例。


在下文中一共展示了PKIXReason.NOT_CA_CERT属性的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: checkBasicConstraints

/**
 * Internal method to check that a given cert meets basic constraints.
 */
private void checkBasicConstraints(X509Certificate currCert)
    throws CertPathValidatorException
{
    String msg = "basic constraints";
    if (debug != null) {
        debug.println("---checking " + msg + "...");
        debug.println("i = " + i);
        debug.println("maxPathLength = " + maxPathLength);
    }

    /* check if intermediate cert */
    if (i < certPathLength) {
        // RFC5280: If certificate i is a version 3 certificate, verify
        // that the basicConstraints extension is present and that cA is
        // set to TRUE.  (If certificate i is a version 1 or version 2
        // certificate, then the application MUST either verify that
        // certificate i is a CA certificate through out-of-band means
        // or reject the certificate.  Conforming implementations may
        // choose to reject all version 1 and version 2 intermediate
        // certificates.)
        //
        // We choose to reject all version 1 and version 2 intermediate
        // certificates except that it is self issued by the trust
        // anchor in order to support key rollover or changes in
        // certificate policies.
        int pathLenConstraint = -1;
        if (currCert.getVersion() < 3) {    // version 1 or version 2
            if (i == 1) {                   // issued by a trust anchor
                if (X509CertImpl.isSelfIssued(currCert)) {
                    pathLenConstraint = Integer.MAX_VALUE;
                }
            }
        } else {
            pathLenConstraint = currCert.getBasicConstraints();
        }

        if (pathLenConstraint == -1) {
            throw new CertPathValidatorException
                (msg + " check failed: this is not a CA certificate",
                 null, null, -1, PKIXReason.NOT_CA_CERT);
        }

        if (!X509CertImpl.isSelfIssued(currCert)) {
            if (maxPathLength <= 0) {
               throw new CertPathValidatorException
                    (msg + " check failed: pathLenConstraint violated - "
                     + "this cert must be the last cert in the "
                     + "certification path", null, null, -1,
                     PKIXReason.PATH_TOO_LONG);
            }
            maxPathLength--;
        }
        if (pathLenConstraint < maxPathLength)
            maxPathLength = pathLenConstraint;
    }

    if (debug != null) {
        debug.println("after processing, maxPathLength = " + maxPathLength);
        debug.println(msg + " verified.");
    }
}
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:64,代码来源:ConstraintsChecker.java

示例2: checkBasicConstraints

/**
 * Internal method to check that a given cert meets basic constraints.
 */
private void checkBasicConstraints(X509Certificate currCert)
    throws CertPathValidatorException
{
    String msg = "basic constraints";
    if (debug != null) {
        debug.println("---checking " + msg + "...");
        debug.println("i = " + i +
                    ", maxPathLength = " + maxPathLength);
    }

    /* check if intermediate cert */
    if (i < certPathLength) {
        // RFC5280: If certificate i is a version 3 certificate, verify
        // that the basicConstraints extension is present and that cA is
        // set to TRUE.  (If certificate i is a version 1 or version 2
        // certificate, then the application MUST either verify that
        // certificate i is a CA certificate through out-of-band means
        // or reject the certificate.  Conforming implementations may
        // choose to reject all version 1 and version 2 intermediate
        // certificates.)
        //
        // We choose to reject all version 1 and version 2 intermediate
        // certificates except that it is self issued by the trust
        // anchor in order to support key rollover or changes in
        // certificate policies.
        int pathLenConstraint = -1;
        if (currCert.getVersion() < 3) {    // version 1 or version 2
            if (i == 1) {                   // issued by a trust anchor
                if (X509CertImpl.isSelfIssued(currCert)) {
                    pathLenConstraint = Integer.MAX_VALUE;
                }
            }
        } else {
            pathLenConstraint = currCert.getBasicConstraints();
        }

        if (pathLenConstraint == -1) {
            throw new CertPathValidatorException
                (msg + " check failed: this is not a CA certificate",
                 null, null, -1, PKIXReason.NOT_CA_CERT);
        }

        if (!X509CertImpl.isSelfIssued(currCert)) {
            if (maxPathLength <= 0) {
               throw new CertPathValidatorException
                    (msg + " check failed: pathLenConstraint violated - "
                     + "this cert must be the last cert in the "
                     + "certification path", null, null, -1,
                     PKIXReason.PATH_TOO_LONG);
            }
            maxPathLength--;
        }
        if (pathLenConstraint < maxPathLength)
            maxPathLength = pathLenConstraint;
    }

    if (debug != null) {
        debug.println("after processing, maxPathLength = " + maxPathLength);
        debug.println(msg + " verified.");
    }
}
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:64,代码来源:ConstraintsChecker.java


注:本文中的java.security.cert.PKIXReason.NOT_CA_CERT属性示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。