本文整理汇总了Java中org.jasig.cas.adaptors.x509.util.CertUtils类的典型用法代码示例。如果您正苦于以下问题:Java CertUtils类的具体用法?Java CertUtils怎么用?Java CertUtils使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CertUtils类属于org.jasig.cas.adaptors.x509.util包,在下文中一共展示了CertUtils类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getDistributionPoints
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Gets the distribution points.
*
* @param cert the cert
* @return the url distribution points
*/
private URI[] getDistributionPoints(final X509Certificate cert) {
final DistributionPointList points;
try {
points = new ExtensionReader(cert).readCRLDistributionPoints();
} catch (final Exception e) {
logger.error("Error reading CRLDistributionPoints extension field on {}", CertUtils.toString(cert), e);
return new URI[0];
}
final List<URI> urls = new ArrayList<>();
for (final DistributionPoint point : points.getItems()) {
final Object location = point.getDistributionPoint();
if (location instanceof String) {
addURL(urls, (String) location);
} else if (location instanceof GeneralNameList) {
for (final GeneralName gn : ((GeneralNameList) location).getItems()) {
addURL(urls, gn.getName());
}
} else {
logger.warn("{} not supported. String or GeneralNameList expected.", location);
}
}
return urls.toArray(new URI[urls.size()]);
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:32,代码来源:CRLDistributionPointRevocationChecker.java
示例2: apply
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* {@inheritDoc}
* The CRL next update time is compared against the current time with the threshold
* applied and rejected if and only if the next update time is in the past.
*
* @param crl CRL instance to evaluate.
*
* @throws GeneralSecurityException On expired CRL data. Check the exception type for exact details
*
* @see org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy#apply(java.lang.Object)
*/
@Override
public void apply(final X509CRL crl) throws GeneralSecurityException {
final Calendar cutoff = Calendar.getInstance();
if (CertUtils.isExpired(crl, cutoff.getTime())) {
cutoff.add(Calendar.SECOND, -this.threshold);
if (CertUtils.isExpired(crl, cutoff.getTime())) {
throw new ExpiredCRLException(crl.toString(), cutoff.getTime(), this.threshold);
}
logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.",
crl.getNextUpdate(), this.threshold));
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:24,代码来源:ThresholdExpiredCRLRevocationPolicy.java
示例3: getDistributionPoints
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
private URL[] getDistributionPoints(final X509Certificate cert) {
final DistributionPointList points;
try {
points = new ExtensionReader(cert).readCRLDistributionPoints();
} catch (final Exception e) {
logger.error(
"Error reading CRLDistributionPoints extension field on " + CertUtils.toString(cert), e);
return new URL[0];
}
final List<URL> urls = new ArrayList<URL>();
for (DistributionPoint point : points.getItems()) {
final Object location = point.getDistributionPoint();
if (location instanceof String) {
addURL(urls, (String) location);
} else if (location instanceof GeneralNameList) {
for (GeneralName gn : ((GeneralNameList) location).getItems()) {
addURL(urls, gn.getName());
}
} else {
logger.warn("{} not supported. String or GeneralNameList expected.", location);
}
}
return urls.toArray(new URL[urls.size()]);
}
示例4: check
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
if (cert == null) {
throw new IllegalArgumentException("Certificate cannot be null.");
}
logger.debug("Evaluating certificate revocation status for {}", CertUtils.toString(cert));
final X509CRL crl = getCRL(cert);
if (crl == null) {
logger.warn("CRL data is not available for {}", CertUtils.toString(cert));
this.unavailableCRLPolicy.apply(null);
return;
}
if (CertUtils.isExpired(crl)) {
logger.warn("CRL data expired on ", crl.getNextUpdate());
this.expiredCRLPolicy.apply(crl);
}
final X509CRLEntry entry = crl.getRevokedCertificate(cert);
if (entry != null) {
throw new RevokedCertificateException(entry);
}
}
示例5: getCRL
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Gets the first fetched CRL for the given certificate.
*
* @param cert Certificate for which the CRL of the issuing CA should be retrieved.
*
* @return CRL for given cert, or null
*/
public final X509CRL getCRL(final X509Certificate cert) {
final Collection<X509CRL> list = getCRLs(cert);
if (list != null && !list.isEmpty()) {
return list.iterator().next();
}
logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
return null;
}
示例6: doAuthentication
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:35,代码来源:X509CredentialsAuthenticationHandler.java
示例7: getId
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
public String getId() {
X509Certificate cert = null;
if (this.certificate != null) {
cert = this.certificate;
} else if (this.certificates.length > 0) {
cert = this.certificates[0];
}
if (cert != null) {
return CertUtils.toString(cert);
}
return UNKNOWN_ID;
}
示例8: AbstractCRLRevocationCheckerTests
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Creates a new test instance with given parameters.
*
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public AbstractCRLRevocationCheckerTests(
final String[] certFiles,
final GeneralSecurityException expected) {
this.expected = expected;
this.certificates = new X509Certificate[certFiles.length];
int i = 0;
for (final String file : certFiles) {
this.certificates[i++] = CertUtils.readCertificate(new ClassPathResource(file));
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:18,代码来源:AbstractCRLRevocationCheckerTests.java
示例9: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
checker.init();
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:16,代码来源:LdaptiveResourceCRLFetcherTests.java
示例10: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
checker.init();
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:LdaptiveResourceCRLFetcherTests.java
示例11: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.init();
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:16,代码来源:PoolingLdaptiveResourceCRLFetcherTests.java
示例12: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.init();
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:PoolingLdaptiveResourceCRLFetcherTests.java
示例13: doAuthentication
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:38,代码来源:X509CredentialsAuthenticationHandler.java
示例14: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:LdaptiveResourceCRLFetcherTests.java
示例15: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:14,代码来源:LdaptiveResourceCRLFetcherTests.java