本文整理汇总了Java中com.yahoo.athenz.auth.util.Crypto类的典型用法代码示例。如果您正苦于以下问题:Java Crypto类的具体用法?Java Crypto怎么用?Java Crypto使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
Crypto类属于com.yahoo.athenz.auth.util包,在下文中一共展示了Crypto类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getRoleCertificate
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) {
return getOrThrow(() -> {
log.log(LogLevel.DEBUG,
String.format("postRoleCertificateRequest(service=%s, roleDomain=%s, roleName=%s)",
service.getFullName(), roleDomain.getName(), roleName));
RoleCertificateRequest req =
ZTSClient.generateRoleCertificateRequest(
service.getDomain().getName(),
service.getName(),
roleDomain.getName(),
roleName,
privateKey,
certificateDnsDomain,
(int)certExpiry.getSeconds());
X509Certificate roleCertificate = Crypto.loadX509Certificate(
ztsClient.postRoleCertificateRequest(roleDomain.getName(), roleName, req)
.getToken());
return new AthenzRoleCertificate(roleCertificate, privateKey);
});
}
示例2: compareDnsNames
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
/**
* Compare dns Names specified in this CSR and given X509 Certificate
* to make sure they match.
* @param cert X509 Certificate to compare against
* @return true if both CSR and X509 Cert contain identical dns names
*/
public boolean compareDnsNames(X509Certificate cert) {
List<String> certDnsNames = Crypto.extractX509CertDnsNames(cert);
if (certDnsNames.size() != dnsNames.size()) {
LOGGER.error("compareDnsNames - Mismatch of dnsNames in certificate ({}) and CSR ({})",
certDnsNames.size(), dnsNames.size());
return false;
}
for (String dnsName : dnsNames) {
if (!certDnsNames.contains(dnsName)) {
LOGGER.error("compareDnsNames - Unknown dnsName in certificate {}", dnsName);
return false;
}
}
return true;
}
示例3: getPublicKeyEntry
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public PublicKeyEntry getPublicKeyEntry(String domainName, String serviceName,
String keyId) {
PublicKeyEntry keyEntry = null;
if ("2".equals(keyId)) {
keyEntry = new PublicKeyEntry();
Path path = Paths.get("./src/test/resources/zts_public_k1.pem");
keyEntry.setId(keyId);
try {
keyEntry.setKey(Crypto.ybase64(Files.readAllBytes(path)));
} catch (IOException e) {
}
}
if (keyEntry == null) {
throw new ZTSClientException(404, "Unknown ZTS Public Key");
} else {
return keyEntry;
}
}
示例4: loadPublicKeys
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
void loadPublicKeys(ArrayList<PublicKeyEntry> publicKeys, Map<String, PublicKey> keyMap) {
if (publicKeys == null) {
return;
}
for (PublicKeyEntry publicKey : publicKeys) {
String id = publicKey.getId();
String key = publicKey.getKey();
if (key == null || id == null) {
continue;
}
PublicKey pubKey = null;
try {
pubKey = Crypto.loadPublicKey(Crypto.ybase64DecodeString(key));
} catch (Exception e) {
LOG.error("Invalid ZTS public key for id: " + id + " - " + e.getMessage());
continue;
}
keyMap.put(id, pubKey);
}
}
示例5: verify
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Override
public boolean verify(String hostname, SSLSession session) {
Certificate[] certs = null;
try {
certs = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException e) {
}
if (certs == null) {
return false;
}
for (Certificate cert : certs) {
final X509Certificate x509Cert = (X509Certificate) cert;
if (serviceName.equals(Crypto.extractX509CertCommonName(x509Cert))) {
return true;
}
}
return false;
}
示例6: testValidateCertReqDNSNamesNoDNS
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testValidateCertReqDNSNamesNoDNS() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String csr = new String(Files.readAllBytes(path));
// no dns names so all are valid
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
boolean result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz", "production");
assertTrue(result);
result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz2", "production");
assertTrue(result);
result = ZTSUtils.validateCertReqDNSNames(certReq, "athenz2", "productio2");
assertTrue(result);
}
示例7: validate
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean validate(String pubKey, int allowedOffset, boolean allowNoExpiry,
StringBuilder errMsg) {
errMsg = errMsg == null ? new StringBuilder(512) : errMsg;
if (pubKey == null) {
errMsg.append("Token:validate: token=").append(unsignedToken).
append(" : No public key provided");
LOG.error(errMsg.toString());
return false;
}
PublicKey publicKey = null;
try {
publicKey = Crypto.loadPublicKey(pubKey);
} catch (Exception e) {
errMsg.append("Token:validate: token=").append(unsignedToken).
append(" : unable to load public key due to Exception=").
append(e.getMessage());
LOG.error(errMsg.toString());
return false;
}
return validate(publicKey, allowedOffset, allowNoExpiry, errMsg);
}
示例8: retrieveKeyFromResource
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
String retrieveKeyFromResource(String resourceName) {
String key = null;
try (InputStream is = getClass().getResourceAsStream(resourceName)) {
String resourceData = getString(is);
if (resourceData != null) {
key = Crypto.ybase64(resourceData.getBytes("UTF-8"));
}
} catch (IOException e) {
if (LOG.isDebugEnabled()) {
LOG.debug("FilePrivateKeyStore: Unable to read key from resource: " + resourceName);
}
}
return key;
}
示例9: testGetX509CertRecordNoConnection
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testGetX509CertRecordNoConnection() throws IOException {
InstanceCertManager instance = new InstanceCertManager(null, null);
Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
Mockito.when(certStore.getConnection()).thenReturn(null);
instance.setCertStore(certStore);
X509CertRecord certRecord = instance.getX509CertRecord("ostk", cert);
assertNull(certRecord);
}
示例10: testCompareDnsNames
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testCompareDnsNames() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String csr = new String(Files.readAllBytes(path));
StringBuilder errorMsg = new StringBuilder(256);
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
certReq.parseCertRequest(errorMsg);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
assertTrue(certReq.compareDnsNames(cert));
}
示例11: testGenerateX509CertificateReqPrivateKey
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test
public void testGenerateX509CertificateReqPrivateKey() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String certStr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);
X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
caCertificate, 600, false);
assertNotNull(cert);
assertEquals(cert.getIssuerX500Principal().getName(),
"CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
示例12: testX509CSRrequestWithPrivateKeyOnly
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
@Test(dataProvider = "x500Principal")
public void testX509CSRrequestWithPrivateKeyOnly(String x500Principal, boolean badRequest) throws Exception {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[]{otherName1, otherName2};
try {
certRequest = Crypto.generateX509CSR(privateKey, x500Principal, sanArray);
} catch (Exception e){
if (!badRequest){
fail("Should not have failed to create csr");
}
}
if (!badRequest){
//Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
示例13: compareCommonName
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean compareCommonName(String reqCommonName) {
try {
cn = Crypto.extractX509CSRCommonName(certReq);
} catch (Exception ex) {
// we want to catch all the exceptions here as we want to
// handle all the errors and not let container to return
// standard server error
LOGGER.error("compareCommonName: unable to extract csr cn: {}", ex.getMessage());
return false;
}
if (!reqCommonName.equalsIgnoreCase(cn)) {
LOGGER.error("compareCommonName - cn mismatch: {} vs. {}", reqCommonName, cn);
return false;
}
return true;
}
示例14: verifyInstanceDocument
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
public boolean verifyInstanceDocument(OSTKInstanceInformation info, String publicKey) {
// for now we're only validating the document signature
boolean verified = false;
try {
final PublicKey pub = Crypto.loadPublicKey(publicKey);
verified = Crypto.verify(info.getDocument(), pub, info.getSignature());
if (!verified) {
LOGGER.error("verifyInstanceDocument: OSTK document signature did not match");
} else if (LOGGER.isDebugEnabled()) {
LOGGER.debug("verifyInstanceDocument: OSTK document signature matched");
}
} catch (Exception ex) {
LOGGER.error("verifyInstanceDocument: Unable to verify signature: {}",
ex.getMessage());
}
return verified;
}
示例15: validateSignedDomain
import com.yahoo.athenz.auth.util.Crypto; //导入依赖的package包/类
boolean validateSignedDomain(SignedDomain signedDomain) {
DomainData domainData = signedDomain.getDomain();
String keyId = signedDomain.getKeyId();
String signature = signedDomain.getSignature();
PublicKey zmsKey = zmsPublicKeyCache.getIfPresent(keyId == null ? "0" : keyId);
if (zmsKey == null) {
LOGGER.error("validateSignedDomain: ZMS Public Key id={} not available", keyId);
return false;
}
boolean result = Crypto.verify(SignUtils.asCanonicalString(domainData), zmsKey, signature);
if (!result) {
LOGGER.error("validateSignedDomain: Domain={} signature validation failed", domainData.getName());
LOGGER.error("validateSignedDomain: Signed Domain Data: {}", SignUtils.asCanonicalString(domainData));
}
return result;
}