当前位置: 首页>>代码示例>>Java>>正文


Java Crypto类代码示例

本文整理汇总了Java中com.yahoo.athenz.auth.util.Crypto的典型用法代码示例。如果您正苦于以下问题:Java Crypto类的具体用法?Java Crypto怎么用?Java Crypto使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


Crypto类属于com.yahoo.athenz.auth.util包,在下文中一共展示了Crypto类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getRoleCertificate

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) {
    return getOrThrow(() -> {
        log.log(LogLevel.DEBUG,
                String.format("postRoleCertificateRequest(service=%s, roleDomain=%s, roleName=%s)",
                              service.getFullName(), roleDomain.getName(), roleName));
        RoleCertificateRequest req =
                ZTSClient.generateRoleCertificateRequest(
                        service.getDomain().getName(),
                        service.getName(),
                        roleDomain.getName(),
                        roleName,
                        privateKey,
                        certificateDnsDomain,
                        (int)certExpiry.getSeconds());
        X509Certificate roleCertificate = Crypto.loadX509Certificate(
                ztsClient.postRoleCertificateRequest(roleDomain.getName(), roleName, req)
                        .getToken());
        return new AthenzRoleCertificate(roleCertificate, privateKey);
    });
}
 
开发者ID:vespa-engine,项目名称:vespa,代码行数:22,代码来源:ZtsClientImpl.java

示例2: compareDnsNames

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
/**
 * Compare dns Names specified in this CSR and given X509 Certificate
 * to make sure they match.
 * @param cert X509 Certificate to compare against
 * @return true if both CSR and X509 Cert contain identical dns names
 */
public boolean compareDnsNames(X509Certificate cert) {

    List<String> certDnsNames = Crypto.extractX509CertDnsNames(cert);
    if (certDnsNames.size() != dnsNames.size()) {
        LOGGER.error("compareDnsNames - Mismatch of dnsNames in certificate ({}) and CSR ({})",
                certDnsNames.size(), dnsNames.size());
        return false;
    }
    
    for (String dnsName : dnsNames) {
        if (!certDnsNames.contains(dnsName)) {
            LOGGER.error("compareDnsNames - Unknown dnsName in certificate {}", dnsName);
            return false;
        }
    }
    
    return true;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:25,代码来源:X509CertRequest.java

示例3: getPublicKeyEntry

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public PublicKeyEntry getPublicKeyEntry(String domainName, String serviceName,
        String keyId) {
    PublicKeyEntry keyEntry = null;
    if ("2".equals(keyId)) {
        keyEntry = new PublicKeyEntry();
        Path path = Paths.get("./src/test/resources/zts_public_k1.pem");
        keyEntry.setId(keyId);
        try {
            keyEntry.setKey(Crypto.ybase64(Files.readAllBytes(path)));
        } catch (IOException e) {
        }
    }
    if (keyEntry == null) {
        throw new ZTSClientException(404, "Unknown ZTS Public Key");
    } else {
        return keyEntry;
    }
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:20,代码来源:ZTSMock.java

示例4: loadPublicKeys

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
void loadPublicKeys(ArrayList<PublicKeyEntry> publicKeys, Map<String, PublicKey> keyMap) {
    
    if (publicKeys == null) {
        return;
    }
    
    for (PublicKeyEntry publicKey : publicKeys) { 
        String id = publicKey.getId();
        String key = publicKey.getKey();
        if (key == null || id == null) {
            continue;
        }
        PublicKey pubKey = null;
        try {
            pubKey = Crypto.loadPublicKey(Crypto.ybase64DecodeString(key));
        } catch (Exception e) {
            LOG.error("Invalid ZTS public key for id: " + id + " - " + e.getMessage());
            continue;
        }
        keyMap.put(id, pubKey);
    }
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:23,代码来源:FilePublicKeyStore.java

示例5: verify

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public boolean verify(String hostname, SSLSession session) {

    Certificate[] certs = null;
    try {
        certs = session.getPeerCertificates();
    } catch (SSLPeerUnverifiedException e) {
    }
    if (certs == null) {
        return false;
    }
    
    for (Certificate cert : certs) {
        final X509Certificate x509Cert = (X509Certificate) cert;
        if (serviceName.equals(Crypto.extractX509CertCommonName(x509Cert))) {
            return true;
        }
    }
    return false;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:21,代码来源:ProviderHostnameVerifier.java

示例6: testValidateCertReqDNSNamesNoDNS

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testValidateCertReqDNSNamesNoDNS() throws IOException {
    Path path = Paths.get("src/test/resources/valid.csr");
    String csr = new String(Files.readAllBytes(path));
    
    // no dns names so all are valid
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
    boolean result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz", "production");
    assertTrue(result);
    
    result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz2", "production");
    assertTrue(result);
    
    result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz2", "productio2");
    assertTrue(result);
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:18,代码来源:ZTSUtilsTest.java

示例7: validate

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean validate(String pubKey, int allowedOffset, boolean allowNoExpiry,
        StringBuilder errMsg) {

    errMsg = errMsg == null ? new StringBuilder(512) : errMsg;
    if (pubKey == null) {
        errMsg.append("Token:validate: token=").append(unsignedToken).
               append(" : No public key provided");
        LOG.error(errMsg.toString());
        return false;
    }

    PublicKey publicKey = null;
    try {
        publicKey = Crypto.loadPublicKey(pubKey);
    } catch (Exception e) {
        errMsg.append("Token:validate: token=").append(unsignedToken).
               append(" : unable to load public key due to Exception=").
               append(e.getMessage());
        LOG.error(errMsg.toString());
        return false;
    }
    
    return validate(publicKey, allowedOffset, allowNoExpiry, errMsg);
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:25,代码来源:Token.java

示例8: retrieveKeyFromResource

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
String retrieveKeyFromResource(String resourceName) {
    
    String key = null;
    try (InputStream is = getClass().getResourceAsStream(resourceName)) {
        String resourceData = getString(is);
        if (resourceData != null) {
            key = Crypto.ybase64(resourceData.getBytes("UTF-8"));
        }
    } catch (IOException e) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("FilePrivateKeyStore: Unable to read key from resource: " + resourceName);
        }
    }
    
    return key;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:17,代码来源:FilePrivateKeyStore.java

示例9: testGetX509CertRecordNoConnection

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testGetX509CertRecordNoConnection() throws IOException {
    
    InstanceCertManager instance = new InstanceCertManager(null, null);

    Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    
    CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
    Mockito.when(certStore.getConnection()).thenReturn(null);
    instance.setCertStore(certStore);

    X509CertRecord certRecord = instance.getX509CertRecord("ostk", cert);
    assertNull(certRecord);
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:17,代码来源:InstanceCertManagerTest.java

示例10: testCompareDnsNames

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testCompareDnsNames() throws IOException {
    
    Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String csr = new String(Files.readAllBytes(path));
    
    StringBuilder errorMsg = new StringBuilder(256);
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    certReq.parseCertRequest(errorMsg);
    
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    
    assertTrue(certReq.compareDnsNames(cert));
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:18,代码来源:X509CertRequestTest.java

示例11: testGenerateX509CertificateReqPrivateKey

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testGenerateX509CertificateReqPrivateKey() throws IOException {
    
    Path path = Paths.get("src/test/resources/valid.csr");
    String certStr = new String(Files.readAllBytes(path));
    
    PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
    X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);

    X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
            caCertificate, 600, false);
    assertNotNull(cert);
    assertEquals(cert.getIssuerX500Principal().getName(),
            "CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:17,代码来源:CryptoTest.java

示例12: testX509CSRrequestWithPrivateKeyOnly

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test(dataProvider = "x500Principal")
public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) throws Exception {
    PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
    String certRequest = null;
    GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
    GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
    GeneralName[] sanArray = new GeneralName[]{otherName1, otherName2};
    try {
        certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray);
    } catch (Exception e){
        if (!badRequest){
            fail("Should not have failed to create csr");
        }
    }
    if (!badRequest){
        //Now validate the csr
        Crypto.getPKCS10CertRequest(certRequest);
    }
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:20,代码来源:CryptoTest.java

示例13: compareCommonName

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean compareCommonName(String reqCommonName) {
    
    try {
        cn = Crypto.extractX509CSRCommonName(certReq);
    } catch (Exception ex) {
        
        // we want to catch all the exceptions here as we want to
        // handle all the errors and not let container to return
        // standard server error
        
        LOGGER.error("compareCommonName: unable to extract csr cn: {}", ex.getMessage());
        return false;
    }
    
    if (!reqCommonName.equalsIgnoreCase(cn)) {
        LOGGER.error("compareCommonName - cn mismatch: {} vs. {}", reqCommonName, cn);
        return false;
    }

    return true;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:22,代码来源:X509CertRequest.java

示例14: verifyInstanceDocument

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean verifyInstanceDocument(OSTKInstanceInformation info, String publicKey) {

        // for now we're only validating the document signature

        boolean verified = false;
        try {
            final PublicKey pub = Crypto.loadPublicKey(publicKey);
            verified = Crypto.verify(info.getDocument(), pub, info.getSignature());
            if (!verified) {
                LOGGER.error("verifyInstanceDocument: OSTK document signature did not match");
        } else if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("verifyInstanceDocument: OSTK document signature matched");
        }
        } catch (Exception ex) {
            LOGGER.error("verifyInstanceDocument: Unable to verify signature: {}",
                    ex.getMessage());
        }
        return verified;
    }
 
开发者ID:yahoo,项目名称:athenz,代码行数:20,代码来源:CloudStore.java

示例15: validateSignedDomain

import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
boolean validateSignedDomain(SignedDomain signedDomain) {
    
    DomainData domainData = signedDomain.getDomain();
    String keyId = signedDomain.getKeyId();
    String signature = signedDomain.getSignature();
    
    PublicKey zmsKey = zmsPublicKeyCache.getIfPresent(keyId == null ? "0" : keyId);
    if (zmsKey == null) {
        LOGGER.error("validateSignedDomain: ZMS Public Key id={} not available", keyId);
        return false;
    }

    boolean result = Crypto.verify(SignUtils.asCanonicalString(domainData), zmsKey, signature);
    
    if (!result) {
        LOGGER.error("validateSignedDomain: Domain={} signature validation failed", domainData.getName());
        LOGGER.error("validateSignedDomain: Signed Domain Data: {}", SignUtils.asCanonicalString(domainData));
    }
    
    return result;
}
 
开发者ID:yahoo,项目名称:athenz,代码行数:22,代码来源:DataStore.java


注:本文中的com.yahoo.athenz.auth.util.Crypto类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。