本文整理汇总了Java中java.security.AlgorithmConstraints类的典型用法代码示例。如果您正苦于以下问题:Java AlgorithmConstraints类的具体用法?Java AlgorithmConstraints怎么用?Java AlgorithmConstraints使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
AlgorithmConstraints类属于java.security包,在下文中一共展示了AlgorithmConstraints类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: SSLSocketImpl
import java.security.AlgorithmConstraints; //导入依赖的package包/类
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
CipherSuiteList suites, byte clientAuth,
boolean sessionCreation, ProtocolList protocols,
String identificationProtocol,
AlgorithmConstraints algorithmConstraints,
Collection<SNIMatcher> sniMatchers,
boolean preferLocalCipherSuites) throws IOException {
super();
doClientAuth = clientAuth;
enableSessionCreation = sessionCreation;
this.identificationProtocol = identificationProtocol;
this.algorithmConstraints = algorithmConstraints;
this.sniMatchers = sniMatchers;
this.preferLocalCipherSuites = preferLocalCipherSuites;
init(context, serverMode);
/*
* Override what was picked out for us.
*/
enabledCipherSuites = suites;
enabledProtocols = protocols;
}
示例2: getSupportedAlgorithms
import java.security.AlgorithmConstraints; //导入依赖的package包/类
static Collection<SignatureAndHashAlgorithm>
getSupportedAlgorithms(AlgorithmConstraints constraints) {
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
synchronized (priorityMap) {
for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
constraints.permits(SIGNATURE_PRIMITIVE_SET,
sigAlg.algorithm, null)) {
supported.add(sigAlg);
}
}
}
return supported;
}
示例3: AlgorithmChecker
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Create a new <code>AlgorithmChecker</code> with the
* given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
*
* @throws IllegalArgumentException if the <code>anchor</code> is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
}
示例4: createExtension
import java.security.AlgorithmConstraints; //导入依赖的package包/类
static SupportedEllipticCurvesExtension createExtension(
AlgorithmConstraints constraints) {
ArrayList<Integer> idList = new ArrayList<>(supportedCurveIds.length);
for (int curveId : supportedCurveIds) {
if (constraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
"EC", idToParams.get(curveId))) {
idList.add(curveId);
}
}
if (!idList.isEmpty()) {
int[] ids = new int[idList.size()];
int i = 0;
for (Integer id : idList) {
ids[i++] = id;
}
return new SupportedEllipticCurvesExtension(ids);
}
return null;
}
示例5: AlgorithmChecker
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Create a new <code>AlgorithmChecker</code> with the
* given <code>TrustAnchor</code> and <code>AlgorithmConstraints</code>.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
*
* @throws IllegalArgumentException if the <code>anchor</code> is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
}
示例6: validate
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Validate the given certificate chain.
*
* @param chain the target certificate chain
* @param otherCerts a Collection of additional X509Certificates that
* could be helpful for path building (or null)
* @param responseList a List of zero or more byte arrays, each
* one being a DER-encoded OCSP response (per RFC 6960). Entries
* in the List must match the order of the certificates in the
* chain parameter. It is possible that fewer responses may be
* in the list than are elements in {@code chain} and a missing
* response for a matching element in {@code chain} can be
* represented with a zero-length byte array.
* @param constraints algorithm constraints for certification path
* processing
* @param parameter an additional parameter object to pass specific data.
* This parameter object maybe one of the two below:
* 1) TLS_SERVER variant validators, where it must be non null and
* the name of the TLS key exchange algorithm being used
* (see JSSE X509TrustManager specification).
* 2) {@code Timestamp} object from a signed JAR file.
* @return a non-empty chain that was used to validate the path. The
* end entity cert is at index 0, the trust anchor at index n-1.
*/
public final X509Certificate[] validate(X509Certificate[] chain,
Collection<X509Certificate> otherCerts,
List<byte[]> responseList,
AlgorithmConstraints constraints,
Object parameter) throws CertificateException {
chain = engineValidate(chain, otherCerts, responseList, constraints,
parameter);
// omit EE extension check if EE cert is also trust anchor
if (chain.length > 1) {
// EndEntityChecker does not need to check unresolved critical
// extensions when validating with a TYPE_PKIX Validator.
// A TYPE_PKIX Validator will already have run checks on all
// certs' extensions, including checks by any PKIXCertPathCheckers
// included in the PKIXParameters, so the extra checks would be
// redundant.
boolean checkUnresolvedCritExts =
(type == TYPE_PKIX) ? false : true;
endEntityChecker.check(chain[0], parameter,
checkUnresolvedCritExts);
}
return chain;
}
示例7: SSLSocketImpl
import java.security.AlgorithmConstraints; //导入依赖的package包/类
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
CipherSuiteList suites, ClientAuthType clientAuth,
boolean sessionCreation, ProtocolList protocols,
String identificationProtocol,
AlgorithmConstraints algorithmConstraints,
Collection<SNIMatcher> sniMatchers,
boolean preferLocalCipherSuites,
String[] applicationProtocols) throws IOException {
super();
doClientAuth = clientAuth;
enableSessionCreation = sessionCreation;
this.identificationProtocol = identificationProtocol;
this.algorithmConstraints = algorithmConstraints;
this.sniMatchers = sniMatchers;
this.preferLocalCipherSuites = preferLocalCipherSuites;
this.applicationProtocols = applicationProtocols;
init(context, serverMode);
/*
* Override what was picked out for us.
*/
enabledCipherSuites = suites;
enabledProtocols = protocols;
}
示例8: getPreferredGroup
import java.security.AlgorithmConstraints; //导入依赖的package包/类
NamedGroup getPreferredGroup(
AlgorithmConstraints constraints, NamedGroupType type) {
for (int groupId : requestedNamedGroupIds) {
NamedGroup namedGroup = NamedGroup.valueOf(groupId);
if ((namedGroup != null) && (namedGroup.type == type) &&
SupportedGroupsExtension.supports(namedGroup) &&
constraints.permits(EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
namedGroup.algorithm, namedGroupParams.get(namedGroup))) {
return namedGroup;
}
}
return null;
}
示例9: validate
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Validate the given certificate chain.
*
* @param chain the target certificate chain
* @param otherCerts a Collection of additional X509Certificates that
* could be helpful for path building (or null)
* @param responseList a List of zero or more byte arrays, each
* one being a DER-encoded OCSP response (per RFC 6960). Entries
* in the List must match the order of the certificates in the
* chain parameter. It is possible that fewer responses may be
* in the list than are elements in {@code chain} and a missing
* response for a matching element in {@code chain} can be
* represented with a zero-length byte array.
* @param constraints algorithm constraints for certification path
* processing
* @param parameter an additional parameter with variant specific meaning.
* Currently, it is only defined for TLS_SERVER variant validators,
* where it must be non null and the name of the TLS key exchange
* algorithm being used (see JSSE X509TrustManager specification).
* In the future, it could be used to pass in a PKCS#7 object for
* code signing to check time stamps.
* @return a non-empty chain that was used to validate the path. The
* end entity cert is at index 0, the trust anchor at index n-1.
*/
public final X509Certificate[] validate(X509Certificate[] chain,
Collection<X509Certificate> otherCerts,
List<byte[]> responseList,
AlgorithmConstraints constraints,
Object parameter) throws CertificateException {
chain = engineValidate(chain, otherCerts, responseList, constraints,
parameter);
// omit EE extension check if EE cert is also trust anchor
if (chain.length > 1) {
// EndEntityChecker does not need to check unresolved critical
// extensions when validating with a TYPE_PKIX Validator.
// A TYPE_PKIX Validator will already have run checks on all
// certs' extensions, including checks by any PKIXCertPathCheckers
// included in the PKIXParameters, so the extra checks would be
// redundant.
boolean checkUnresolvedCritExts =
(type == TYPE_PKIX) ? false : true;
endEntityChecker.check(chain[0], parameter,
checkUnresolvedCritExts);
}
return chain;
}
示例10: SSLSocketImpl
import java.security.AlgorithmConstraints; //导入依赖的package包/类
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
CipherSuiteList suites, ClientAuthType clientAuth,
boolean sessionCreation, ProtocolList protocols,
String identificationProtocol,
AlgorithmConstraints algorithmConstraints,
Collection<SNIMatcher> sniMatchers,
boolean preferLocalCipherSuites) throws IOException {
super();
doClientAuth = clientAuth;
enableSessionCreation = sessionCreation;
this.identificationProtocol = identificationProtocol;
this.algorithmConstraints = algorithmConstraints;
this.sniMatchers = sniMatchers;
this.preferLocalCipherSuites = preferLocalCipherSuites;
init(context, serverMode);
/*
* Override what was picked out for us.
*/
enabledCipherSuites = suites;
enabledProtocols = protocols;
}
示例11: AlgorithmChecker
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Create a new {@code AlgorithmChecker} with the
* given {@code TrustAnchor} and {@code AlgorithmConstraints}.
*
* @param anchor the trust anchor selected to validate the target
* certificate
* @param constraints the algorithm constraints (or null)
* @param pkixdate Date the constraints are checked against. The value is
* either the PKIXParameter date or null for the current date.
*
* @throws IllegalArgumentException if the {@code anchor} is null
*/
public AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints,
Date pkixdate) {
if (anchor == null) {
throw new IllegalArgumentException(
"The trust anchor cannot be null");
}
if (anchor.getTrustedCert() != null) {
this.trustedPubKey = anchor.getTrustedCert().getPublicKey();
// Check for anchor certificate restrictions
trustedMatch = checkFingerprint(anchor.getTrustedCert());
if (trustedMatch && debug != null) {
debug.println("trustedMatch = true");
}
} else {
this.trustedPubKey = anchor.getCAPublicKey();
}
this.prevPubKey = trustedPubKey;
this.constraints = constraints;
this.pkixdate = pkixdate;
}
示例12: SSLSocketImpl
import java.security.AlgorithmConstraints; //导入依赖的package包/类
SSLSocketImpl(SSLContextImpl context, boolean serverMode,
CipherSuiteList suites, byte clientAuth,
boolean sessionCreation, ProtocolList protocols,
String identificationProtocol,
AlgorithmConstraints algorithmConstraints) throws IOException {
super();
doClientAuth = clientAuth;
enableSessionCreation = sessionCreation;
this.identificationProtocol = identificationProtocol;
this.algorithmConstraints = algorithmConstraints;
init(context, serverMode);
/*
* Override what was picked out for us.
*/
enabledCipherSuites = suites;
enabledProtocols = protocols;
}
示例13: setAlgorithmConstraints
import java.security.AlgorithmConstraints; //导入依赖的package包/类
/**
* Set the algorithm constraints. Called from the constructor or
* SSLSocketImpl/SSLEngineImpl.setAlgorithmConstraints() (if the
* handshake is not yet in progress).
*/
void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints) {
activeCipherSuites = null;
activeProtocols = null;
this.algorithmConstraints =
new SSLAlgorithmConstraints(algorithmConstraints);
this.localSupportedSignAlgs = null;
}
示例14: getPreferredCurve
import java.security.AlgorithmConstraints; //导入依赖的package包/类
private static int getPreferredCurve(int[] curves,
AlgorithmConstraints constraints) {
for (int curveId : curves) {
if (isSupported(curveId) && constraints.permits(
EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
"EC", idToParams.get(curveId))) {
return curveId;
}
}
return -1;
}
示例15: getSupportedAlgorithms
import java.security.AlgorithmConstraints; //导入依赖的package包/类
static Collection<SignatureAndHashAlgorithm>
getSupportedAlgorithms(AlgorithmConstraints constraints) {
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
for (SignatureAndHashAlgorithm sigAlg : priorityMap.values()) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
constraints.permits(SIGNATURE_PRIMITIVE_SET,
sigAlg.algorithm, null)) {
supported.add(sigAlg);
}
}
return supported;
}