本文整理汇总了Java中java.security.cert.Certificate类的典型用法代码示例。如果您正苦于以下问题:Java Certificate类的具体用法?Java Certificate怎么用?Java Certificate使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Certificate类属于java.security.cert包,在下文中一共展示了Certificate类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: signWithJarSignerAPI
import java.security.cert.Certificate; //导入依赖的package包/类
private static void signWithJarSignerAPI(String jarName)
throws Throwable {
// Get JarSigner
try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, STOREPASS.toCharArray());
PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray());
Certificate cert = ks.getCertificate(ALIAS);
JarSigner signer = new JarSigner.Builder(pk,
CertificateFactory.getInstance("X.509").generateCertPath(
Collections.singletonList(cert)))
.build();
// Sign jar
try (ZipFile src = new JarFile(jarName);
FileOutputStream out = new FileOutputStream(SIGNED_JAR)) {
signer.sign(src,out);
}
}
}
示例2: engineSetKeyEntry
import java.security.cert.Certificate; //导入依赖的package包/类
/**
* Assigns the given key (that has already been protected) to the given
* alias.
*
* <p>If the protected key is of type
* <code>java.security.PrivateKey</code>,
* it must be accompanied by a certificate chain certifying the
* corresponding public key.
*
* <p>If the given alias already exists, the keystore information
* associated with it is overridden by the given key (and possibly
* certificate chain).
*
* @param alias the alias name
* @param key the key (in protected format) to be associated with the alias
* @param chain the certificate chain for the corresponding public
* key (only useful if the protected key is of type
* <code>java.security.PrivateKey</code>).
*
* @exception KeyStoreException if this operation fails.
*/
public void engineSetKeyEntry(String alias, byte[] key,
Certificate[] chain)
throws KeyStoreException
{
synchronized(entries) {
// We assume it's a private key, because there is no standard
// (ASN.1) encoding format for wrapped secret keys
PrivateKeyEntry entry = new PrivateKeyEntry();
entry.date = new Date();
entry.protectedKey = key.clone();
if ((chain != null) &&
(chain.length != 0)) {
entry.chain = chain.clone();
} else {
entry.chain = null;
}
entries.put(alias.toLowerCase(Locale.ENGLISH), entry);
}
}
示例3: tryParsePKIPathChain
import java.security.cert.Certificate; //导入依赖的package包/类
private Certificate[] tryParsePKIPathChain(File chainFile)
throws IOException, FileNotFoundException, CertificateException {
Certificate[] internalCertificateChain = null;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try (FileInputStream inputStream = new FileInputStream(chainFile)) {
CertPath certPath = cf.generateCertPath(inputStream);
List<? extends Certificate> certList = certPath.getCertificates();
internalCertificateChain = certList.toArray(new Certificate[]{});
} catch (CertificateException e){
LOG.info("Tried and failed to parse file as a PKI :" + chainFile.getName(), e);
}
return internalCertificateChain;
}
示例4: readCertificateList
import java.security.cert.Certificate; //导入依赖的package包/类
private List<Certificate> readCertificateList(BufferedSource source) throws IOException {
int length = readInt(source);
if (length == -1) return Collections.emptyList(); // OkHttp v1.2 used -1 to indicate null.
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
List<Certificate> result = new ArrayList<>(length);
for (int i = 0; i < length; i++) {
String line = source.readUtf8LineStrict();
Buffer bytes = new Buffer();
bytes.write(ByteString.decodeBase64(line));
result.add(certificateFactory.generateCertificate(bytes.inputStream()));
}
return result;
} catch (CertificateException e) {
throw new IOException(e.getMessage());
}
}
示例5: checkServerTrusted
import java.security.cert.Certificate; //导入依赖的package包/类
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
final boolean trusted = this.trustManagers.stream().anyMatch(trustManager -> {
try {
trustManager.checkServerTrusted(chain, authType);
return true;
} catch (final CertificateException e) {
final String msg = "Unable to trust the server certificates [%s] for auth type [%s]: [%s]";
LOGGER.debug(String.format(msg, Arrays.stream(chain).map(Certificate::toString).collect(Collectors.toSet()),
authType, e.getMessage()), e);
return false;
}
});
if (!trusted) {
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
}
示例6: get
import java.security.cert.Certificate; //导入依赖的package包/类
public static Handshake get(SSLSession session) {
String cipherSuiteString = session.getCipherSuite();
if (cipherSuiteString == null) throw new IllegalStateException("cipherSuite == null");
CipherSuite cipherSuite = CipherSuite.forJavaName(cipherSuiteString);
String tlsVersionString = session.getProtocol();
if (tlsVersionString == null) throw new IllegalStateException("tlsVersion == null");
TlsVersion tlsVersion = TlsVersion.forJavaName(tlsVersionString);
Certificate[] peerCertificates;
try {
peerCertificates = session.getPeerCertificates();
} catch (SSLPeerUnverifiedException ignored) {
peerCertificates = null;
}
List<Certificate> peerCertificatesList = peerCertificates != null
? Util.immutableList(peerCertificates)
: Collections.<Certificate>emptyList();
Certificate[] localCertificates = session.getLocalCertificates();
List<Certificate> localCertificatesList = localCertificates != null
? Util.immutableList(localCertificates)
: Collections.<Certificate>emptyList();
return new Handshake(tlsVersion, cipherSuite, peerCertificatesList, localCertificatesList);
}
示例7: sign
import java.security.cert.Certificate; //导入依赖的package包/类
@Override
public byte[] sign(final byte[] data,
final String algorithm,
final PrivateKey key,
final Certificate[] certChain,
final Properties xParams) throws AOException {
return triPhaseOperation(
this.signFormat,
CRYPTO_OPERATION_SIGN,
data,
algorithm,
key,
certChain,
xParams
);
}
示例8: engineGetCertificate
import java.security.cert.Certificate; //导入依赖的package包/类
/**
* Returns the certificate associated with the given alias.
*
* <p>If the given alias name identifies a
* <i>trusted certificate entry</i>, the certificate associated with that
* entry is returned. If the given alias name identifies a
* <i>key entry</i>, the first element of the certificate chain of that
* entry is returned, or null if that entry does not have a certificate
* chain.
*
* @param alias the alias name
*
* @return the certificate, or null if the given alias does not exist or
* does not contain a certificate.
*/
public Certificate engineGetCertificate(String alias) {
Object entry = entries.get(convertAlias(alias));
if (entry != null) {
if (entry instanceof TrustedCertEntry) {
return ((TrustedCertEntry)entry).cert;
} else {
if (((KeyEntry)entry).chain == null) {
return null;
} else {
return ((KeyEntry)entry).chain[0];
}
}
} else {
return null;
}
}
示例9: testCertOnly
import java.security.cert.Certificate; //导入依赖的package包/类
@Test
public void testCertOnly() throws Exception {
InputStream in = new FileInputStream("src/test/resources/pem/cert.pem");
PemCertKey t = new PemCertKey(in);
Certificate cert = t.getCertificate();
assertThat(cert).isNotNull();
assertThat(cert.getType()).isEqualTo("X.509");
assertThat(t.hasCertificate()).isTrue();
assertThat(t.getCertificateChain()).hasSize(1);
assertThat(t.getCertificateChain()[0]).isEqualTo(cert);
assertThat(t.matchesCertificate(cert)).isTrue();
assertThat(t.matchesCertificate(null)).isFalse();
assertThat(t.hasKey()).isFalse();
assertThat(t.getPrivateKey()).isNull();
assertThat(t.getCreationDate()).isCloseTo(new Date(), 5000);
}
示例10: getTsaCert
import java.security.cert.Certificate; //导入依赖的package包/类
X509Certificate getTsaCert(String alias) {
java.security.cert.Certificate cs = null;
try {
cs = store.getCertificate(alias);
} catch (KeyStoreException kse) {
// this never happens, because keystore has been loaded
}
if (cs == null || (!(cs instanceof X509Certificate))) {
MessageFormat form = new MessageFormat(rb.getString
("Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the"));
Object[] source = {alias, alias};
error(form.format(source));
}
return (X509Certificate) cs;
}
示例11: getLocalPrincipal
import java.security.cert.Certificate; //导入依赖的package包/类
/**
* Returns the principal that was sent to the peer during handshaking.
*
* @return the principal sent to the peer. Returns an X500Principal
* of the end-entity certificate for X509-based cipher suites, and
* KerberosPrincipal for Kerberos cipher suites. If no principal was
* sent, then null is returned.
*
* @see #getLocalCertificates()
* @see #getPeerPrincipal()
*
* @since 1.5
*/
public Principal getLocalPrincipal()
{
Principal principal;
try {
principal = session.getLocalPrincipal();
} catch (AbstractMethodError e) {
principal = null;
// if the provider does not support it, fallback to local certs.
// return the X500Principal of the end-entity cert.
Certificate[] certs = getLocalCertificates();
if (certs != null) {
principal =
((X509Certificate)certs[0]).getSubjectX500Principal();
}
}
return principal;
}
示例12: compareKeyEntry
import java.security.cert.Certificate; //导入依赖的package包/类
private void compareKeyEntry(KeyStore a, KeyStore b, String aPass,
String bPass, String alias) throws KeyStoreException,
UnrecoverableKeyException, NoSuchAlgorithmException {
Certificate[] certsA = a.getCertificateChain(alias);
Certificate[] certsB = b.getCertificateChain(alias);
if (!Arrays.equals(certsA, certsB)) {
throw new RuntimeException("Certs don't match for alias:" + alias);
}
Key keyA = a.getKey(alias, aPass.toCharArray());
Key keyB = b.getKey(alias, bPass.toCharArray());
if (!keyA.equals(keyB)) {
throw new RuntimeException(
"Key don't match for alias:" + alias);
}
}
示例13: engineGetCertificateAlias
import java.security.cert.Certificate; //导入依赖的package包/类
/**
* Returns the (alias) name of the first keystore entry whose certificate
* matches the given certificate.
*
* <p>This method attempts to match the given certificate with each
* keystore entry. If the entry being considered
* is a <i>trusted certificate entry</i>, the given certificate is
* compared to that entry's certificate. If the entry being considered is
* a <i>key entry</i>, the given certificate is compared to the first
* element of that entry's certificate chain (if a chain exists).
*
* @param cert the certificate to match with.
*
* @return the (alias) name of the first entry with matching certificate,
* or null if no such entry exists in this keystore.
*/
public String engineGetCertificateAlias(Certificate cert) {
Certificate certElem;
for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
String alias = e.nextElement();
Object entry = entries.get(alias);
if (entry instanceof TrustedCertEntry) {
certElem = ((TrustedCertEntry)entry).cert;
} else if (((KeyEntry)entry).chain != null) {
certElem = ((KeyEntry)entry).chain[0];
} else {
continue;
}
if (certElem.equals(cert)) {
return alias;
}
}
return null;
}
示例14: matchingPinnedCertificate
import java.security.cert.Certificate; //导入依赖的package包/类
@Test public void matchingPinnedCertificate() throws Exception {
enableTls();
server.enqueue(new MockResponse());
server.enqueue(new MockResponse());
// Make a first request without certificate pinning. Use it to collect certificates to pin.
Request request1 = new Request.Builder().url(server.url("/")).build();
Response response1 = client.newCall(request1).execute();
CertificatePinner.Builder certificatePinnerBuilder = new CertificatePinner.Builder();
for (Certificate certificate : response1.handshake().peerCertificates()) {
certificatePinnerBuilder.add(server.getHostName(), CertificatePinner.pin(certificate));
}
response1.body().close();
// Make another request with certificate pinning. It should complete normally.
client = client.newBuilder()
.certificatePinner(certificatePinnerBuilder.build())
.build();
Request request2 = new Request.Builder().url(server.url("/")).build();
Response response2 = client.newCall(request2).execute();
assertNotSame(response2.handshake(), response1.handshake());
response2.body().close();
}
示例15: engineGetCertificateAlias
import java.security.cert.Certificate; //导入依赖的package包/类
/**
* Returns the (alias) name of the first keystore entry whose certificate
* matches the given certificate.
*
* <p>This method attempts to match the given certificate with each
* keystore entry. If the entry being considered
* is a <i>trusted certificate entry</i>, the given certificate is
* compared to that entry's certificate. If the entry being considered is
* a <i>key entry</i>, the given certificate is compared to the first
* element of that entry's certificate chain (if a chain exists).
*
* @param cert the certificate to match with.
*
* @return the (alias) name of the first entry with matching certificate,
* or null if no such entry exists in this keystore.
*/
public String engineGetCertificateAlias(Certificate cert) {
try {
String alias = null;
for (KeyStore keystore : keystores.values()) {
if ((alias = keystore.getCertificateAlias(cert)) != null) {
break;
}
}
return alias;
} catch (KeyStoreException e) {
throw new IllegalStateException(e);
}
}