Java CertUtils类代码示例

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
 * Gets the distribution points.
 *
 * @param cert the cert
 * @return the url distribution points
 */
private URI[] getDistributionPoints(final X509Certificate cert) {
    final DistributionPointList points;
    try {
        points = new ExtensionReader(cert).readCRLDistributionPoints();
    } catch (final Exception e) {
        logger.error("Error reading CRLDistributionPoints extension field on {}", CertUtils.toString(cert), e);
        return new URI[0];
    }

    final List<URI> urls = new ArrayList<>();
    for (final DistributionPoint point : points.getItems()) {
        final Object location = point.getDistributionPoint();
        if (location instanceof String) {
            addURL(urls, (String) location);
        } else if (location instanceof GeneralNameList) {
            for (final GeneralName gn : ((GeneralNameList) location).getItems()) {
                addURL(urls, gn.getName());
            }
        } else {
            logger.warn("{} not supported. String or GeneralNameList expected.", location);
        }
    }

    return urls.toArray(new URI[urls.size()]);
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
 * {@inheritDoc}
 * The CRL next update time is compared against the current time with the threshold
 * applied and rejected if and only if the next update time is in the past.
 *
 * @param crl CRL instance to evaluate.
 *
 * @throws GeneralSecurityException On expired CRL data. Check the exception type for exact details
 *
 * @see org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy#apply(java.lang.Object)
 */
@Override
public void apply(final X509CRL crl) throws GeneralSecurityException {
    final Calendar cutoff = Calendar.getInstance();
    if (CertUtils.isExpired(crl, cutoff.getTime())) {
        cutoff.add(Calendar.SECOND, -this.threshold);
        if (CertUtils.isExpired(crl, cutoff.getTime())) {
            throw new ExpiredCRLException(crl.toString(), cutoff.getTime(), this.threshold);
        }
        logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.",
                    crl.getNextUpdate(), this.threshold));
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
private URL[] getDistributionPoints(final X509Certificate cert) {
    final DistributionPointList points;
    try {
        points = new ExtensionReader(cert).readCRLDistributionPoints();
    } catch (final Exception e) {
        logger.error(
                "Error reading CRLDistributionPoints extension field on " + CertUtils.toString(cert), e);
        return new URL[0];
    }

    final List<URL> urls = new ArrayList<URL>();
    for (DistributionPoint point : points.getItems()) {
        final Object location = point.getDistributionPoint();
        if (location instanceof String) {
            addURL(urls, (String) location);
        } else if (location instanceof GeneralNameList) {
            for (GeneralName gn : ((GeneralNameList) location).getItems()) {
                addURL(urls, gn.getName());
            }
        } else {
            logger.warn("{} not supported. String or GeneralNameList expected.", location);
        }
    }

    return urls.toArray(new URL[urls.size()]);
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
    if (cert == null) {
        throw new IllegalArgumentException("Certificate cannot be null.");
    }
    logger.debug("Evaluating certificate revocation status for {}", CertUtils.toString(cert));
    final X509CRL crl = getCRL(cert);
    if (crl == null) {
        logger.warn("CRL data is not available for {}", CertUtils.toString(cert));
        this.unavailableCRLPolicy.apply(null);
        return;
    }
    if (CertUtils.isExpired(crl)) {
        logger.warn("CRL data expired on ", crl.getNextUpdate());
        this.expiredCRLPolicy.apply(crl);
    }
    final X509CRLEntry entry = crl.getRevokedCertificate(cert);
    if (entry != null) {
        throw new RevokedCertificateException(entry);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
 * Gets the first fetched CRL for the given certificate.
 *
 * @param cert Certificate for which the CRL of the issuing CA should be retrieved.
 *
 * @return CRL for given cert, or null
 */
public final X509CRL getCRL(final X509Certificate cert) {
    final Collection<X509CRL> list = getCRLs(cert);
    if (list != null && !list.isEmpty()) {
        return list.iterator().next();
    }
    logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
    return null;
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {

    final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
    final X509Certificate[] certificates = x509Credential.getCertificates();

    X509Certificate clientCert = null;
    boolean hasTrustedIssuer = false;
    for (int i = certificates.length - 1; i >= 0; i--) {
        final X509Certificate certificate = certificates[i];
        logger.debug("Evaluating {}", CertUtils.toString(certificate));

        validate(certificate);

        if (!hasTrustedIssuer) {
            hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
        }

        // getBasicConstraints returns pathLenContraint which is generally
        // >=0 when this is a CA cert and -1 when it's not
        final int pathLength = certificate.getBasicConstraints();
        if (pathLength < 0) {
            logger.debug("Found valid client certificate");
            clientCert = certificate;
        } else {
            logger.debug("Found valid CA certificate");
        }
    }
    if (hasTrustedIssuer && clientCert != null) {
        x509Credential.setCertificate(clientCert);
        return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
    }
    throw new FailedLoginException();
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
public String getId() {
    X509Certificate cert = null;
    if (this.certificate != null) {
        cert = this.certificate;
    } else if (this.certificates.length > 0) {
        cert = this.certificates[0];
    }

    if (cert != null) {
        return CertUtils.toString(cert);
    }
    return UNKNOWN_ID;
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
 * Creates a new test instance with given parameters.
 *
 * @param certFiles File names of certificates to check.
 * @param expected Expected result of check; null to indicate expected success.
 */
public AbstractCRLRevocationCheckerTests(
        final String[] certFiles,
        final GeneralSecurityException expected) {

    this.expected = expected;
    this.certificates = new X509Certificate[certFiles.length];
    int i = 0;
    for (final String file : certFiles) {
        this.certificates[i++] = CertUtils.readCertificate(new ClassPathResource(file));
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
    CacheManager.getInstance().removeAllCaches();
    final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
    CacheManager.getInstance().addCache(cache);

    for (int i = 0; i < 10; i++) {
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        checker.init();
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.check(cert);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
    for (int i = 0; i < 10; i++) {
        CacheManager.getInstance().removeAllCaches();
        final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
        CacheManager.getInstance().addCache(cache);
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        checker.init();
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.check(cert);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
    CacheManager.getInstance().removeAllCaches();
    final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
    CacheManager.getInstance().addCache(cache);

    for (int i = 0; i < 10; i++) {
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.init();
        checker.check(cert);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
    for (int i = 0; i < 10; i++) {
        CacheManager.getInstance().removeAllCaches();
        final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
        CacheManager.getInstance().addCache(cache);
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.init();
        checker.check(cert);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
 * {@inheritDoc}
 */
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {

    final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
    final X509Certificate[] certificates = x509Credential.getCertificates();

    X509Certificate clientCert = null;
    boolean hasTrustedIssuer = false;
    for (int i = certificates.length - 1; i >= 0; i--) {
        final X509Certificate certificate = certificates[i];
        logger.debug("Evaluating {}", CertUtils.toString(certificate));

        validate(certificate);

        if (!hasTrustedIssuer) {
            hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
        }

        // getBasicConstraints returns pathLenContraint which is generally
        // >=0 when this is a CA cert and -1 when it's not
        final int pathLength = certificate.getBasicConstraints();
        if (pathLength < 0) {
            logger.debug("Found valid client certificate");
            clientCert = certificate;
        } else {
            logger.debug("Found valid CA certificate");
        }
    }
    if (hasTrustedIssuer && clientCert != null) {
        x509Credential.setCertificate(clientCert);
        return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
    }
    throw new FailedLoginException();
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
    CacheManager.getInstance().removeAllCaches();
    final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
    CacheManager.getInstance().addCache(cache);

    for (int i = 0; i < 10; i++) {
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.check(cert);
    }
}
 

import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
    for (int i = 0; i < 10; i++) {
        CacheManager.getInstance().removeAllCaches();
        final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
        CacheManager.getInstance().addCache(cache);
        final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
        checker.setThrowOnFetchFailure(true);
        checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
        final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
        checker.check(cert);
    }
}