本文整理汇总了Java中java.security.cert.CertPath类的典型用法代码示例。如果您正苦于以下问题:Java CertPath类的具体用法?Java CertPath怎么用?Java CertPath使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
CertPath类属于java.security.cert包,在下文中一共展示了CertPath类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateNoCache
import java.security.cert.CertPath; //导入依赖的package包/类
private void validateNoCache(List<? extends X509Certificate> certs)
throws SignatureException {
try {
CertPathValidator validator = CertPathValidator.getInstance(
VALIDATOR_TYPE);
PKIXParameters params = new PKIXParameters(trustRoots);
params.addCertPathChecker(WAVE_OID_CHECKER);
params.setDate(timeSource.now());
// turn off default revocation-checking mechanism
params.setRevocationEnabled(false);
// TODO: add a way for clients to add certificate revocation checks,
// perhaps by letting them pass in PKIXCertPathCheckers. This can also be
// useful to check for Wave-specific certificate extensions.
CertificateFactory certFactory = CertificateFactory.getInstance(
CERTIFICATE_TYPE);
CertPath certPath = certFactory.generateCertPath(certs);
validator.validate(certPath, params);
} catch (GeneralSecurityException e) {
throw new SignatureException("Certificate validation failure", e);
}
}
示例2: CertPathReviewerException
import java.security.cert.CertPath; //导入依赖的package包/类
public CertPathReviewerException(
ErrorBundle errorMessage,
Throwable throwable,
CertPath certPath,
int index)
{
super(errorMessage, throwable);
if (certPath == null || index == -1)
{
throw new IllegalArgumentException();
}
if (index < -1 || (certPath != null && index >= certPath.getCertificates().size()))
{
throw new IndexOutOfBoundsException();
}
this.certPath = certPath;
this.index = index;
}
示例3: processCertF
import java.security.cert.CertPath; //导入依赖的package包/类
protected static void processCertF(
CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree,
int explicitPolicy)
throws CertPathValidatorException
{
//
// (f)
//
if (explicitPolicy <= 0 && validPolicyTree == null)
{
throw new ExtCertPathValidatorException("No valid policy tree found when one expected.", null, certPath,
index);
}
}
示例4: prepareNextCertL
import java.security.cert.CertPath; //导入依赖的package包/类
protected static int prepareNextCertL(
CertPath certPath,
int index,
int maxPathLength)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (l)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
if (maxPathLength <= 0)
{
throw new ExtCertPathValidatorException("Max path length not greater than zero", null, certPath, index);
}
return maxPathLength - 1;
}
return maxPathLength;
}
示例5: prepareNextCertN
import java.security.cert.CertPath; //导入依赖的package包/类
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
示例6: prepareNextCertH1
import java.security.cert.CertPath; //导入依赖的package包/类
protected static int prepareNextCertH1(
CertPath certPath,
int index,
int explicitPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (1)
//
if (explicitPolicy != 0)
{
return explicitPolicy - 1;
}
}
return explicitPolicy;
}
示例7: prepareNextCertH2
import java.security.cert.CertPath; //导入依赖的package包/类
protected static int prepareNextCertH2(
CertPath certPath,
int index,
int policyMapping)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (2)
//
if (policyMapping != 0)
{
return policyMapping - 1;
}
}
return policyMapping;
}
示例8: prepareNextCertH3
import java.security.cert.CertPath; //导入依赖的package包/类
protected static int prepareNextCertH3(
CertPath certPath,
int index,
int inhibitAnyPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
{
return inhibitAnyPolicy - 1;
}
}
return inhibitAnyPolicy;
}
示例9: engineGenerateCertPath
import java.security.cert.CertPath; //导入依赖的package包/类
public CertPath engineGenerateCertPath(
List certificates)
throws CertificateException
{
Iterator iter = certificates.iterator();
Object obj;
while (iter.hasNext())
{
obj = iter.next();
if (obj != null)
{
if (!(obj instanceof X509Certificate))
{
throw new CertificateException("list contains non X509Certificate object while creating CertPath\n" + obj.toString());
}
}
}
return new PKIXCertPath(certificates);
}
示例10: tryParsePKIPathChain
import java.security.cert.CertPath; //导入依赖的package包/类
private Certificate[] tryParsePKIPathChain(File chainFile)
throws IOException, FileNotFoundException, CertificateException {
Certificate[] internalCertificateChain = null;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try (FileInputStream inputStream = new FileInputStream(chainFile)) {
CertPath certPath = cf.generateCertPath(inputStream);
List<? extends Certificate> certList = certPath.getCertificates();
internalCertificateChain = certList.toArray(new Certificate[]{});
} catch (CertificateException e){
LOG.info("Tried and failed to parse file as a PKI :" + chainFile.getName(), e);
}
return internalCertificateChain;
}
示例11: main
import java.security.cert.CertPath; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
// Make the CertPath whose encoded form has already been stored
CertificateFactory certFac = CertificateFactory.getInstance("X509");
final List<Certificate> certs = new ArrayList<>();
certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert1.getBytes())));
certs.add(certFac.generateCertificate(new ByteArrayInputStream(cert2.getBytes())));
CertPath cp = certFac.generateCertPath(certs);
// Get the encoded form of the CertPath we made
byte[] encoded = cp.getEncoded("PKCS7");
// check if it matches the encoded value
if (!Arrays.equals(encoded, Base64.getMimeDecoder().decode(pkcs7path.getBytes()))) {
throw new RuntimeException("PKCS#7 encoding doesn't match stored value");
}
// Generate a CertPath from the encoded value and check if it equals
// the CertPath generated from the certificates
CertPath decodedCP = certFac.generateCertPath(new ByteArrayInputStream(encoded), "PKCS7");
if (!decodedCP.equals(cp)) {
throw new RuntimeException("CertPath decoded from PKCS#7 isn't equal to original");
}
}
示例12: Builder
import java.security.cert.CertPath; //导入依赖的package包/类
/**
* Creates a {@code JarSigner.Builder} object with a private key and
* a certification path.
*
* @param privateKey the private key of the signer.
* @param certPath the certification path of the signer.
* @throws IllegalArgumentException if {@code certPath} is empty, or
* the {@code privateKey} algorithm does not match the algorithm
* of the {@code PublicKey} in the end entity certificate
* (the first certificate in {@code certPath}).
*/
public Builder(PrivateKey privateKey, CertPath certPath) {
List<? extends Certificate> certs = certPath.getCertificates();
if (certs.isEmpty()) {
throw new IllegalArgumentException("certPath cannot be empty");
}
if (!privateKey.getAlgorithm().equals
(certs.get(0).getPublicKey().getAlgorithm())) {
throw new IllegalArgumentException
("private key algorithm does not match " +
"algorithm of public key in end entity " +
"certificate (the 1st in certPath)");
}
this.privateKey = privateKey;
try {
this.certChain = certs.toArray(new X509Certificate[certs.size()]);
} catch (ArrayStoreException ase) {
// Wrong type, not X509Certificate.
throw new IllegalArgumentException(
"Entry does not contain X509Certificate");
}
}
示例13: runTest
import java.security.cert.CertPath; //导入依赖的package包/类
private static void runTest(CertificateFactory cf,
List<X509Certificate> certList, TrustAnchor anchor)
throws Exception {
CertPath path = cf.generateCertPath(certList);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
System.out.println(anchor);
// Attach the OCSP responses to a PKIXParameters object
PKIXRevocationChecker pkrev =
(PKIXRevocationChecker)validator.getRevocationChecker();
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
pkrev.setOcspResponses(responseMap);
PKIXParameters params =
new PKIXParameters(Collections.singleton(anchor));
params.addCertPathChecker(pkrev);
params.setDate(EVAL_DATE);
validator.validate(path, params);
}
示例14: buildSignedMultiReleaseJar
import java.security.cert.CertPath; //导入依赖的package包/类
public void buildSignedMultiReleaseJar() throws Exception {
String testsrc = System.getProperty("test.src",".");
String testdir = findTestDir(testsrc);
String keystore = testdir + "/sun/security/tools/jarsigner/JarSigning.keystore";
// jarsigner -keystore keystore -storepass "bbbbbb"
// -signedJar signed-multi-release.jar multi-release.jar b
char[] password = "bbbbbb".toCharArray();
KeyStore ks = KeyStore.getInstance(new File(keystore), password);
PrivateKey pkb = (PrivateKey)ks.getKey("b", password);
CertPath cp = CertificateFactory.getInstance("X.509")
.generateCertPath(Arrays.asList(ks.getCertificateChain("b")));
JarSigner js = new JarSigner.Builder(pkb, cp).build();
try (ZipFile in = new ZipFile("multi-release.jar");
FileOutputStream os = new FileOutputStream("signed-multi-release.jar"))
{
js.sign(in, os);
}
}
示例15: getX509Certificates
import java.security.cert.CertPath; //导入依赖的package包/类
@Override
/**
* @see org.apache.ws.security.components.crypto.Crypto#getX509Certificates(byte[], boolean)
*/
public X509Certificate[] getX509Certificates(byte[] data, boolean reverse)
throws WSSecurityException {
InputStream in = new ByteArrayInputStream(data);
CertPath path;
try {
path = getCertificateFactory().generateCertPath(in);
} catch (CertificateException e) {
throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
"parseError");
}
List l = path.getCertificates();
X509Certificate[] certs = new X509Certificate[l.size()];
Iterator iterator = l.iterator();
for (int i = 0; i < l.size(); i++) {
certs[reverse ? (l.size() - 1 - i) : i] = (X509Certificate) iterator.next();
}
return certs;
}