本文整理汇总了Java中sun.security.x509.X500Name类的典型用法代码示例。如果您正苦于以下问题:Java X500Name类的具体用法?Java X500Name怎么用?Java X500Name使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
X500Name类属于sun.security.x509包,在下文中一共展示了X500Name类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: main
import sun.security.x509.X500Name; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
byte[] data = "Hello".getBytes();
X500Name n = new X500Name("cn=Me");
CertAndKeyGen cakg = new CertAndKeyGen("RSA", "SHA256withRSA");
cakg.generate(1024);
X509Certificate cert = cakg.getSelfCertificate(n, 1000);
MessageDigest md = MessageDigest.getInstance("SHA-256");
PKCS9Attributes authed = new PKCS9Attributes(new PKCS9Attribute[]{
new PKCS9Attribute(PKCS9Attribute.CONTENT_TYPE_OID, ContentInfo.DATA_OID),
new PKCS9Attribute(PKCS9Attribute.MESSAGE_DIGEST_OID, md.digest(data)),
});
Signature s = Signature.getInstance("SHA256withRSA");
s.initSign(cakg.getPrivateKey());
s.update(authed.getDerEncoding());
byte[] sig = s.sign();
SignerInfo signerInfo = new SignerInfo(
n,
cert.getSerialNumber(),
AlgorithmId.get("SHA-256"),
authed,
AlgorithmId.get("SHA256withRSA"),
sig,
null
);
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] {signerInfo.getDigestAlgorithmId()},
new ContentInfo(data),
new X509Certificate[] {cert},
new SignerInfo[] {signerInfo});
if (pkcs7.verify(signerInfo, data) == null) {
throw new Exception("Not verified");
}
}
示例2: getCertificate
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Returns the X.509 certificate listed in this PKCS7 block
* which has a matching serial number and Issuer name, or
* null if one is not found.
*
* @param serial the serial number of the certificate to retrieve.
* @param issuerName the Distinguished Name of the Issuer.
*/
public X509Certificate getCertificate(BigInteger serial, X500Name issuerName) {
if (certificates != null) {
if (certIssuerNames == null)
populateCertIssuerNames();
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
BigInteger thisSerial = cert.getSerialNumber();
if (serial.equals(thisSerial)
&& issuerName.equals(certIssuerNames[i]))
{
return cert;
}
}
}
return null;
}
示例3: writeSignatureBlock
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Write the certificate file with a digital signature.
*/
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get(DIGEST_ALGORITHM),
AlgorithmId.get(privateKey.getAlgorithm()),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[]{AlgorithmId.get(DIGEST_ALGORITHM)},
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[]{publicKey},
new SignerInfo[]{signerInfo});
pkcs7.encodeSignedData(mOutputJar);
}
示例4: writeSignatureBlock
import sun.security.x509.X500Name; //导入依赖的package包/类
/** Write the certificate file with a digital signature. */
private void writeSignatureBlock(Signature signature, X509Certificate publicKey,
PrivateKey privateKey)
throws IOException, GeneralSecurityException {
SignerInfo signerInfo = new SignerInfo(
new X500Name(publicKey.getIssuerX500Principal().getName()),
publicKey.getSerialNumber(),
AlgorithmId.get(DIGEST_ALGORITHM),
AlgorithmId.get(privateKey.getAlgorithm()),
signature.sign());
PKCS7 pkcs7 = new PKCS7(
new AlgorithmId[] { AlgorithmId.get(DIGEST_ALGORITHM) },
new ContentInfo(ContentInfo.DATA_OID, null),
new X509Certificate[] { publicKey },
new SignerInfo[] { signerInfo });
pkcs7.encodeSignedData(mOutputJar);
}
示例5: parseIssuerNames
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Parse an argument of the form passed to setIssuerNames,
* returning a Collection of issuerX500Principals.
* Throw an IOException if the argument is malformed.
*
* @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <Code>Null</Code> is
* not an acceptable value.
* @return a HashSet of issuerX500Principals
* @throws IOException if a parsing error occurs
*/
private static HashSet<X500Principal> parseIssuerNames(Collection<Object> names)
throws IOException {
HashSet<X500Principal> x500Principals = new HashSet<X500Principal>();
for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
Object nameObject = t.next();
if (nameObject instanceof String) {
x500Principals.add(new X500Name((String)nameObject).asX500Principal());
} else {
try {
x500Principals.add(new X500Principal((byte[])nameObject));
} catch (IllegalArgumentException e) {
throw (IOException)new IOException("Invalid name").initCause(e);
}
}
}
return x500Principals;
}
示例6: SignerInfo
import sun.security.x509.X500Name; //导入依赖的package包/类
public SignerInfo(X500Name issuerName,
BigInteger serial,
AlgorithmId digestAlgorithmId,
PKCS9Attributes authenticatedAttributes,
AlgorithmId digestEncryptionAlgorithmId,
byte[] encryptedDigest,
PKCS9Attributes unauthenticatedAttributes) {
this.version = BigInteger.ONE;
this.issuerName = issuerName;
this.certificateSerialNumber = serial;
this.digestAlgorithmId = digestAlgorithmId;
this.authenticatedAttributes = authenticatedAttributes;
this.digestEncryptionAlgorithmId = digestEncryptionAlgorithmId;
this.encryptedDigest = encryptedDigest;
this.unauthenticatedAttributes = unauthenticatedAttributes;
}
示例7: encodeAndSign
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Create the signed certificate request. This will later be
* retrieved in either string or binary format.
*
* @param subject identifies the signer (by X.500 name).
* @param signature private key and signing algorithm to use.
* @exception IOException on errors.
* @exception CertificateException on certificate handling errors.
* @exception SignatureException on signature handling errors.
*/
public void encodeAndSign(X500Name subject, Signature signature)
throws CertificateException, IOException, SignatureException {
DerOutputStream out, scratch;
byte[] certificateRequestInfo;
byte[] sig;
if (encoded != null)
throw new SignatureException("request is already signed");
this.subject = subject;
/*
* Encode cert request info, wrap in a sequence for signing
*/
scratch = new DerOutputStream();
scratch.putInteger(BigInteger.ZERO); // PKCS #10 v1.0
subject.encode(scratch); // X.500 name
scratch.write(subjectPublicKeyInfo.getEncoded()); // public key
attributeSet.encode(scratch);
out = new DerOutputStream();
out.write(DerValue.tag_Sequence, scratch); // wrap it!
certificateRequestInfo = out.toByteArray();
scratch = out;
/*
* Sign it ...
*/
signature.update(certificateRequestInfo, 0,
certificateRequestInfo.length);
sig = signature.sign();
/*
* Build guts of SIGNED macro
*/
AlgorithmId algId = null;
try {
algId = AlgorithmId.get(signature.getAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new SignatureException(nsae);
}
algId.encode(scratch); // sig algorithm
scratch.putBitString(sig); // sig
/*
* Wrap those guts in a sequence
*/
out = new DerOutputStream();
out.write(DerValue.tag_Sequence, scratch);
encoded = out.toByteArray();
}
示例8: matchDNS
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Check if the certificate allows use of the given DNS name.
*
* From RFC2818:
* If a subjectAltName extension of type dNSName is present, that MUST
* be used as the identity. Otherwise, the (most specific) Common Name
* field in the Subject field of the certificate MUST be used. Although
* the use of the Common Name is existing practice, it is deprecated and
* Certification Authorities are encouraged to use the dNSName instead.
*
* Matching is performed using the matching rules specified by
* [RFC2459]. If more than one identity of a given type is present in
* the certificate (e.g., more than one dNSName name, a match in any one
* of the set is considered acceptable.)
*/
private void matchDNS(String expectedName, X509Certificate cert)
throws CertificateException {
Collection<List<?>> subjAltNames = cert.getSubjectAlternativeNames();
if (subjAltNames != null) {
boolean foundDNS = false;
for ( List<?> next : subjAltNames) {
if (((Integer)next.get(0)).intValue() == ALTNAME_DNS) {
foundDNS = true;
String dnsName = (String)next.get(1);
if (isMatched(expectedName, dnsName)) {
return;
}
}
}
if (foundDNS) {
// if certificate contains any subject alt names of type DNS
// but none match, reject
throw new CertificateException("No subject alternative DNS "
+ "name matching " + expectedName + " found.");
}
}
X500Name subjectName = getSubjectX500Name(cert);
DerValue derValue = subjectName.findMostSpecificAttribute
(X500Name.commonName_oid);
if (derValue != null) {
try {
if (isMatched(expectedName, derValue.getAsString())) {
return;
}
} catch (IOException e) {
// ignore
}
}
String msg = "No name matching " + expectedName + " found";
throw new CertificateException(msg);
}
示例9: equals
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Compares the specified Object with this <code>X500Principal</code>
* for equality.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>X500Principal</code>.
*
* @return true if the specified Object is equal equal to this
* <code>X500Principal</code>.
*/
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (o instanceof X500Principal) {
X500Principal that = (X500Principal)o;
try {
X500Name thatX500Name = new X500Name(that.getName());
return thisX500Name.equals(thatX500Name);
} catch (Exception e) {
// any parsing exceptions, return false
return false;
}
} else if (o instanceof Principal) {
// this will return 'true' if 'o' is a sun.security.x509.X500Name
// and the X500Names are equal
return o.equals(thisX500Name);
}
return false;
}
示例10: readObject
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Reads this object from a stream (i.e., deserializes it)
*/
private void readObject(java.io.ObjectInputStream s) throws
java.io.IOException,
java.io.NotActiveException,
ClassNotFoundException {
s.defaultReadObject();
// re-create thisX500Name
thisX500Name = new X500Name(name);
}
示例11: search
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Searches for entries matching given user id, baseDn and attribute.
*
* @param name LDAP/AD user id
* @param baseDn user/role baseDn
* @param attributeName attribute name to search for.
* @return list of {@link X500Name} matching the given user id.
* @throws LdapException if there are any errors searching LDAP or invalid user id.
*/
private @Nonnull
List<X500Name> search(String name, String baseDn, String attributeName) throws LdapException {
SearchExecutor executor = new SearchExecutor();
executor.setBaseDn(baseDn);
executor.setSearchScope(SearchScope.SUBTREE);
executor.setSearchCache(cache);
// Use "*" to query all the attributes.
SearchFilter filter = new SearchFilter(String.format("(%s=%s)", attributeName, name));
SearchResult result = executor.search(pcf, filter).getResult();
return result.getEntries().stream().map(entry -> {
try {
return new X500Name(entry.getDn());
} catch (IOException ex) {
throw new RuntimeException(ex);
}
}).collect(Collectors.toList());
}
示例12: getSubjectX500Name
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Return the subject of a certificate as X500Name, by reparsing if
* necessary. X500Name should only be used if access to name components
* is required, in other cases X500Principal is to be preferred.
*
* This method is currently used from within JSSE, do not remove.
*/
public static X500Name getSubjectX500Name(X509Certificate cert)
throws CertificateParsingException {
try {
Principal subjectDN = cert.getSubjectDN();
if (subjectDN instanceof X500Name) {
return (X500Name)subjectDN;
} else {
X500Principal subjectX500 = cert.getSubjectX500Principal();
return new X500Name(subjectX500.getEncoded());
}
} catch (IOException e) {
throw(CertificateParsingException)
new CertificateParsingException().initCause(e);
}
}
示例13: parseIssuerNames
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Parse an argument of the form passed to setIssuerNames,
* returning a Collection of issuerX500Principals.
* Throw an IOException if the argument is malformed.
*
* @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <Code>Null</Code> is
* not an acceptable value.
* @return a HashSet of issuerX500Principals
* @throws IOException if a parsing error occurs
*/
private static HashSet<X500Principal> parseIssuerNames(Collection<Object> names)
throws IOException {
HashSet<X500Principal> x500Principals = new HashSet<>();
for (Iterator<Object> t = names.iterator(); t.hasNext(); ) {
Object nameObject = t.next();
if (nameObject instanceof String) {
x500Principals.add(new X500Name((String)nameObject).asX500Principal());
} else {
try {
x500Principals.add(new X500Principal((byte[])nameObject));
} catch (IllegalArgumentException e) {
throw (IOException)new IOException("Invalid name").initCause(e);
}
}
}
return x500Principals;
}
示例14: testCheckToken
import sun.security.x509.X500Name; //导入依赖的package包/类
@Test
public void testCheckToken() throws Exception {
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
gen.generate(1024);
X509Certificate cert = gen.getSelfCertificate(new X500Name("CN=ROOT"),
new Date(), 10000000);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
String alias = "temp";
String loc = "./temp.jks";
String password = "changeit";
ks.load(null, password.toCharArray());
ks.setCertificateEntry(alias, cert);
FileOutputStream fos = new FileOutputStream(loc);
ks.store(fos, password.toCharArray());
fos.close();
Mockito.when(configSvc.getProxyConfigurationSetting(
PlatformConfigurationKey.APP_TRUSTSTORE)).thenReturn(loc);
Mockito.when(configSvc.getProxyConfigurationSetting(
PlatformConfigurationKey.APP_TRUSTSTORE_PASSWORD))
.thenReturn(password);
Mockito.when(configSvc.getProxyConfigurationSetting(
PlatformConfigurationKey.APP_TRUSTSTORE_BSS_ALIAS))
.thenReturn(alias);
String token = UUID.randomUUID().toString();
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(token.getBytes(StandardCharsets.UTF_8));
byte[] tokenHash = md.digest();
Key key = gen.getPrivateKey();
Cipher c = Cipher.getInstance(key.getAlgorithm());
c.init(Cipher.ENCRYPT_MODE, key);
String tokenSignature = Base64
.encodeBase64URLSafeString(c.doFinal(tokenHash));
boolean check = platformSvc.checkToken(token, tokenSignature);
assertTrue(check);
Files.delete(new File(loc).toPath());
}
示例15: populateCertIssuerNames
import sun.security.x509.X500Name; //导入依赖的package包/类
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}