本文整理汇总了Java中org.opensaml.xml.signature.X509Certificate类的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate类的具体用法?Java X509Certificate怎么用?Java X509Certificate使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
X509Certificate类属于org.opensaml.xml.signature包,在下文中一共展示了X509Certificate类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: processEntityCertificate
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificate()}.
*
* @param keyInfo the KeyInfo that is being built
* @param x509Data the X509Data that is being built
* @param credential the Credential that is being processed
* @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
*/
protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential credential)
throws SecurityException {
if (credential.getEntityCertificate() == null) {
return;
}
java.security.cert.X509Certificate javaCert = credential.getEntityCertificate();
processCertX509DataOptions(x509Data, javaCert);
processCertKeyNameOptions(keyInfo, javaCert);
// The cert chain includes the entity cert, so don't add a duplicate
if (options.emitEntityCertificate && ! options.emitEntityCertificateChain) {
try {
X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
x509Data.getX509Certificates().add(xmlCert);
} catch (CertificateEncodingException e) {
throw new SecurityException("Error generating X509Certificate element "
+ "from credential's end-entity certificate", e);
}
}
}
示例2: processSubjectAltNameKeyNames
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of KeyName elements based on subject
* alternative name information within the certificate data.
*
* @param keyInfo the KeyInfo element being processed.
* @param cert the certificate being processed
*/
protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) {
Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ];
options.subjectAltNames.toArray(nameTypes);
for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) {
// Each returned value should either be a String or a DER-encoded byte array.
// See X509Certificate#getSubjectAlternativeNames for the type rules.
if (altNameValue instanceof String) {
KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue);
} else if (altNameValue instanceof byte[]){
log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)");
} else {
log.warn("Certificate contained an alt name value with an unexpected type: {}",
altNameValue.getClass().getName());
}
}
}
}
示例3: processEntityCertificateChain
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificateChain()}.
*
* @param keyInfo the KeyInfo that is being built
* @param x509Data the X509Data that is being built
* @param credential the Credential that is being processed
* @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
*/
protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential credential)
throws SecurityException {
if (options.emitEntityCertificateChain && credential.getEntityCertificateChain() != null) {
for (java.security.cert.X509Certificate javaCert : credential.getEntityCertificateChain()) {
try {
X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
x509Data.getX509Certificates().add(xmlCert);
} catch (CertificateEncodingException e) {
throw new SecurityException("Error generating X509Certificate element "
+ "from a certificate in credential's certificate chain", e);
}
}
}
}
示例4: createBasicCredentials
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Create basic credentials needed to generate signature using EntitlementServiceComponent
*
* @return basicX509Credential
*/
private static BasicX509Credential createBasicCredentials() {
Certificate certificate = null;
PrivateKey issuerPK = null;
KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);
try {
certificate = keyMan.getDefaultPrimaryCertificate();
issuerPK = keyMan.getDefaultPrivateKey();
} catch (Exception e) {
log.error("Error occurred while getting the KeyStore from KeyManger.", e);
}
BasicX509Credential basicCredential = new BasicX509Credential();
basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
basicCredential.setPrivateKey(issuerPK);
return basicCredential;
}
示例5: getPublicX509CredentialImpl
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService
*
* @return created X509Credential
*/
private X509CredentialImpl getPublicX509CredentialImpl() throws Exception {
X509CredentialImpl credentialImpl;
KeyStoreManager keyStoreManager;
try {
keyStoreManager = KeyStoreManager.getInstance(-1234);
// load the default pub. cert using the configuration in carbon.xml
java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate();
credentialImpl = new X509CredentialImpl(cert);
return credentialImpl;
} catch (Exception e) {
log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
"object for the public cert.", e);
throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
"object for the public cert.", e);
}
}
示例6: getMetadata
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Get a string representation of the signed metadata.
*
* This method replaces the KeyInfo elements in the SPMetadata.xml file with
* the actual certificate passed in the credentials parameter.
*
* @param signingCredential
* Credential to use for signing. If <code>null</code>, the
* metadata is not signed.
* @return The signed metadata as a string.
*/
public String getMetadata(Credential signingCredential, boolean sign) {
X509Credential c = (X509Credential) signingCredential;
EntityDescriptor e = SAMLUtil.clone(entityDescriptor);
for (RoleDescriptor rd : e.getRoleDescriptors()) {
for (KeyDescriptor k : rd.getKeyDescriptors()) {
for (X509Data data : k.getKeyInfo().getX509Datas()) {
for (X509Certificate cert : data.getX509Certificates()) {
try {
cert.setValue(Base64.encodeBytes(c.getEntityCertificate().getEncoded()));
} catch (CertificateEncodingException e1) {
throw new RuntimeException(e1);
}
}
}
}
}
OIOSamlObject obj = new OIOSamlObject(e);
if (sign) {
obj.sign(signingCredential);
}
return obj.toXML();
}
示例7: setSignature
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(signatureAlgorithm);
signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
try {
KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
String value = Base64.encode(cred.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
} catch (CertificateEncodingException e) {
log.error("Failed to get encoded certificate", e);
throw new IdentityProviderException("Error while getting encoded certificate");
}
assertion.setSignature(signature);
signatureList.add(signature);
}
示例8: setSignature
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(signatureAlgorithm);
signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
try {
KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
String value = Base64.encode(cred.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
} catch (CertificateEncodingException e) {
log.error("Error while getting the encoded certificate", e);
throw new IdentityProviderException("Error while getting the encoded certificate");
}
assertion.setSignature(signature);
signatureList.add(signature);
}
示例9: processCertX509DataOptions
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of child elements of X509Data based on certificate data.
*
* @param x509Data the X509Data element being processed.
* @param cert the certificate being processed
*/
protected void processCertX509DataOptions(X509Data x509Data, java.security.cert.X509Certificate cert) {
processCertX509SubjectName(x509Data, cert);
processCertX509IssuerSerial(x509Data, cert);
processCertX509SKI(x509Data, cert);
processCertX509Digest(x509Data, cert);
}
示例10: processCertX509SubjectName
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of the X509SubjectDN child element of X509Data
* based on certificate data.
*
* @param x509Data the X509Data element being processed.
* @param cert the certificate being processed
*/
protected void processCertX509SubjectName(X509Data x509Data, java.security.cert.X509Certificate cert) {
if (options.emitX509SubjectName) {
String subjectNameValue = getSubjectName(cert);
if (! DatatypeHelper.isEmpty(subjectNameValue)) {
x509Data.getX509SubjectNames().add( KeyInfoHelper.buildX509SubjectName(subjectNameValue));
}
}
}
示例11: processCertX509IssuerSerial
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of the X509IssuerSerial child element of X509Data
* based on certificate data.
*
* @param x509Data the X509Data element being processed.
* @param cert the certificate being processed
*/
protected void processCertX509IssuerSerial(X509Data x509Data, java.security.cert.X509Certificate cert) {
if (options.emitX509IssuerSerial) {
String issuerNameValue = getIssuerName(cert);
if (! DatatypeHelper.isEmpty(issuerNameValue)) {
x509Data.getX509IssuerSerials().add(
KeyInfoHelper.buildX509IssuerSerial(issuerNameValue, cert.getSerialNumber()) );
}
}
}
示例12: processCertX509SKI
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of the X509SKI child element of X509Data
* based on certificate data.
*
* @param x509Data the X509Data element being processed.
* @param cert the certificate being processed
*/
protected void processCertX509SKI(X509Data x509Data, java.security.cert.X509Certificate cert) {
if (options.emitX509SKI) {
X509SKI xmlSKI = KeyInfoHelper.buildX509SKI(cert);
if (xmlSKI != null) {
x509Data.getX509SKIs().add(xmlSKI);
}
}
}
示例13: getSubjectName
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Get subject name from a certificate, using the currently configured X500DNHandler
* and subject DN output format.
*
* @param cert the certificate being processed
* @return the subject name
*/
protected String getSubjectName(java.security.cert.X509Certificate cert) {
if (cert == null) {
return null;
}
if (! DatatypeHelper.isEmpty(options.x500SubjectDNFormat)) {
return options.x500DNHandler.getName(cert.getSubjectX500Principal(), options.x500SubjectDNFormat);
} else {
return options.x500DNHandler.getName(cert.getSubjectX500Principal());
}
}
示例14: getIssuerName
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Get issuer name from a certificate, using the currently configured X500DNHandler
* and issuer DN output format.
*
* @param cert the certificate being processed
* @return the issuer name
*/
protected String getIssuerName(java.security.cert.X509Certificate cert) {
if (cert == null) {
return null;
}
if (! DatatypeHelper.isEmpty(options.x500IssuerDNFormat)) {
return options.x500DNHandler.getName(cert.getIssuerX500Principal(), options.x500IssuerDNFormat);
} else {
return options.x500DNHandler.getName(cert.getIssuerX500Principal());
}
}
示例15: processSubjectDNKeyName
import org.opensaml.xml.signature.X509Certificate; //导入依赖的package包/类
/**
* Process the options related to generation of KeyName elements based on the certificate's
* subject DN value.
*
* @param keyInfo the KeyInfo element being processed.
* @param cert the certificate being processed
*/
protected void processSubjectDNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
if (options.emitSubjectDNAsKeyName) {
String subjectNameValue = getSubjectName(cert);
if (! DatatypeHelper.isEmpty(subjectNameValue)) {
KeyInfoHelper.addKeyName(keyInfo, subjectNameValue);
}
}
}