本文整理汇总了Java中java.security.cert.X509CertSelector类的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector类的具体用法?Java X509CertSelector怎么用?Java X509CertSelector使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
X509CertSelector类属于java.security.cert包,在下文中一共展示了X509CertSelector类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getInstance
import java.security.cert.X509CertSelector; //导入依赖的package包/类
/**
* Returns an instance of <code>ExtendedPKIXParameters</code> which can be
* safely casted to <code>ExtendedPKIXBuilderParameters</code>.
* <p>
* This method can be used to get a copy from other
* <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
* and <code>ExtendedPKIXParameters</code> instances.
*
* @param pkixParams The PKIX parameters to create a copy of.
* @return An <code>ExtendedPKIXBuilderParameters</code> instance.
*/
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
{
ExtendedPKIXBuilderParameters params;
try
{
params = new ExtendedPKIXBuilderParameters(pkixParams
.getTrustAnchors(), X509CertStoreSelector
.getInstance((X509CertSelector) pkixParams
.getTargetCertConstraints()));
}
catch (Exception e)
{
// cannot happen
throw new RuntimeException(e.getMessage());
}
params.setParams(pkixParams);
return params;
}
示例2: getCertificateHolderSelector
import java.security.cert.X509CertSelector; //导入依赖的package包/类
public X509CertificateHolderSelector getCertificateHolderSelector(X509CertSelector certSelector)
{
try
{
if (certSelector.getSubjectKeyIdentifier() != null)
{
return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
}
else
{
return new X509CertificateHolderSelector(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
}
}
catch (IOException e)
{
throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
}
}
示例3: getCACertificates
import java.security.cert.X509CertSelector; //导入依赖的package包/类
private Set getCACertificates(X509CertSelector xselector)
throws CertStoreException
{
String[] attrs = {params.getCACertificateAttribute()};
String attrName = params.getLdapCACertificateAttributeName();
String subjectAttributeName = params
.getCACertificateSubjectAttributeName();
Set set = certSubjectSerialSearch(xselector, attrs, attrName,
subjectAttributeName);
if (set.isEmpty())
{
set.addAll(search(null, "*", attrs));
}
return set;
}
示例4: getCrossCertificates
import java.security.cert.X509CertSelector; //导入依赖的package包/类
private Set getCrossCertificates(X509CertSelector xselector)
throws CertStoreException
{
String[] attrs = {params.getCrossCertificateAttribute()};
String attrName = params.getLdapCrossCertificateAttributeName();
String subjectAttributeName = params
.getCrossCertificateSubjectAttributeName();
Set set = certSubjectSerialSearch(xselector, attrs, attrName,
subjectAttributeName);
if (set.isEmpty())
{
set.addAll(search(null, "*", attrs));
}
return set;
}
示例5: getSignerId
import java.security.cert.X509CertSelector; //导入依赖的package包/类
public SignerId getSignerId(X509CertSelector certSelector)
{
try
{
if (certSelector.getSubjectKeyIdentifier() != null)
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
}
else
{
return new SignerId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
}
}
catch (IOException e)
{
throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
}
}
示例6: getKeyTransRecipientId
import java.security.cert.X509CertSelector; //导入依赖的package包/类
public KeyTransRecipientId getKeyTransRecipientId(X509CertSelector certSelector)
{
try
{
if (certSelector.getSubjectKeyIdentifier() != null)
{
return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber(), ASN1OctetString.getInstance(certSelector.getSubjectKeyIdentifier()).getOctets());
}
else
{
return new KeyTransRecipientId(X500Name.getInstance(certSelector.getIssuerAsBytes()), certSelector.getSerialNumber());
}
}
catch (IOException e)
{
throw new IllegalArgumentException("unable to convert issuer: " + e.getMessage());
}
}
示例7: getParameters
import java.security.cert.X509CertSelector; //导入依赖的package包/类
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
示例8: getSelector
import java.security.cert.X509CertSelector; //导入依赖的package包/类
/**
* Returns an X509CertSelector for matching on the authority key
* identifier, or null if not applicable.
*/
private X509CertSelector getSelector(X509CertImpl previousCert)
throws IOException {
if (previousCert != null) {
AuthorityKeyIdentifierExtension akidExt =
previousCert.getAuthorityKeyIdentifierExtension();
if (akidExt != null) {
byte[] skid = akidExt.getEncodedKeyIdentifier();
if (skid != null) {
X509CertSelector selector = new X509CertSelector();
selector.setSubjectKeyIdentifier(skid);
return selector;
}
}
}
return null;
}
示例9: testPrivateKeyValid
import java.security.cert.X509CertSelector; //导入依赖的package包/类
private void testPrivateKeyValid() throws IOException, CertificateException {
System.out.println("X.509 Certificate Match on privateKeyValid");
// bad match
X509CertSelector selector = new X509CertSelector();
Calendar cal = Calendar.getInstance();
cal.set(1968, 12, 31);
selector.setPrivateKeyValid(cal.getTime());
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.16"));
byte[] encoded = in.getOctetString();
PrivateKeyUsageExtension ext = new PrivateKeyUsageExtension(false, encoded);
Date validDate = (Date) ext.get(PrivateKeyUsageExtension.NOT_BEFORE);
selector.setPrivateKeyValid(validDate);
checkMatch(selector, cert, true);
}
示例10: testPolicy
import java.security.cert.X509CertSelector; //导入依赖的package包/类
private void testPolicy() throws IOException {
System.out.println("X.509 Certificate Match on certificatePolicies");
// test encoding of CertificatePoliciesExtension because we wrote the
// code
// bad match
X509CertSelector selector = new X509CertSelector();
Set<String> s = new HashSet<>();
s.add(new String("1.2.5.7.68"));
selector.setPolicy(s);
checkMatch(selector, cert, false);
// good match
DerInputStream in = new DerInputStream(cert.getExtensionValue("2.5.29.32"));
CertificatePoliciesExtension ext = new CertificatePoliciesExtension(false, in.getOctetString());
List<PolicyInformation> policies = ext.get(CertificatePoliciesExtension.POLICIES);
// match on the first policy id
PolicyInformation policyInfo = (PolicyInformation) policies.get(0);
s.clear();
s.add(policyInfo.getPolicyIdentifier().getIdentifier().toString());
selector.setPolicy(s);
checkMatch(selector, cert, true);
}
示例11: createPath
import java.security.cert.X509CertSelector; //导入依赖的package包/类
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
示例12: getParameters
import java.security.cert.X509CertSelector; //导入依赖的package包/类
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
示例13: testValidateMy
import java.security.cert.X509CertSelector; //导入依赖的package包/类
@Test
public void testValidateMy() throws Exception
{
System.out.println("validateMy");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
ks.load(fis, "mystorepass".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 3);
}
示例14: testValidateNist
import java.security.cert.X509CertSelector; //导入依赖的package包/类
@Test
public void testValidateNist() throws Exception
{
System.out.println("validateNist");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
ks.load(fis, "password".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 4);
assertEquals(result.getCrls().size(), 3);
}
示例15: testPKIXBuilderParametersSetCertSelector01
import java.security.cert.X509CertSelector; //导入依赖的package包/类
/**
* Test #1 for <code>PKIXBuilderParameters(Set, CertSelector)</code>
* constructor<br>
* Assertion: creates an instance of <code>PKIXBuilderParameters</code>
* @throws InvalidAlgorithmParameterException
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies positive case.",
method = "PKIXBuilderParameters",
args = {java.util.Set.class, java.security.cert.CertSelector.class}
)
public final void testPKIXBuilderParametersSetCertSelector01()
throws InvalidAlgorithmParameterException {
Set<TrustAnchor> taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
// both parameters are valid and non-null
PKIXParameters p =
new PKIXBuilderParameters(taSet, new X509CertSelector());
assertTrue("instanceOf", p instanceof PKIXBuilderParameters);
assertNotNull("certSelector", p.getTargetCertConstraints());
}