本文整理汇总了Java中java.security.cert.CertPathValidator.getInstance方法的典型用法代码示例。如果您正苦于以下问题:Java CertPathValidator.getInstance方法的具体用法?Java CertPathValidator.getInstance怎么用?Java CertPathValidator.getInstance使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.CertPathValidator
的用法示例。
在下文中一共展示了CertPathValidator.getInstance方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: X509TrustManagerWrapper
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
public X509TrustManagerWrapper(X509TrustManager tm, boolean verifyServerCertificate) throws CertificateException {
this.origTm = tm;
this.verifyServerCert = verifyServerCertificate;
if (verifyServerCertificate) {
try {
Set<TrustAnchor> anch = new HashSet<TrustAnchor>();
for (X509Certificate cert : tm.getAcceptedIssuers()) {
anch.add(new TrustAnchor(cert, null));
}
this.validatorParams = new PKIXParameters(anch);
this.validatorParams.setRevocationEnabled(false);
this.validator = CertPathValidator.getInstance("PKIX");
this.certFactory = CertificateFactory.getInstance("X.509");
} catch (Exception e) {
throw new CertificateException(e);
}
}
}
示例2: validateNoCache
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private void validateNoCache(List<? extends X509Certificate> certs)
throws SignatureException {
try {
CertPathValidator validator = CertPathValidator.getInstance(
VALIDATOR_TYPE);
PKIXParameters params = new PKIXParameters(trustRoots);
params.addCertPathChecker(WAVE_OID_CHECKER);
params.setDate(timeSource.now());
// turn off default revocation-checking mechanism
params.setRevocationEnabled(false);
// TODO: add a way for clients to add certificate revocation checks,
// perhaps by letting them pass in PKIXCertPathCheckers. This can also be
// useful to check for Wave-specific certificate extensions.
CertificateFactory certFactory = CertificateFactory.getInstance(
CERTIFICATE_TYPE);
CertPath certPath = certFactory.generateCertPath(certs);
validator.validate(certPath, params);
} catch (GeneralSecurityException e) {
throw new SignatureException("Certificate validation failure", e);
}
}
示例3: runTest
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private static void runTest(CertificateFactory cf,
List<X509Certificate> certList, TrustAnchor anchor)
throws Exception {
CertPath path = cf.generateCertPath(certList);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
System.out.println(anchor);
// Attach the OCSP responses to a PKIXParameters object
PKIXRevocationChecker pkrev =
(PKIXRevocationChecker)validator.getRevocationChecker();
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
pkrev.setOcspResponses(responseMap);
PKIXParameters params =
new PKIXParameters(Collections.singleton(anchor));
params.addCertPathChecker(pkrev);
params.setDate(EVAL_DATE);
validator.validate(path, params);
}
示例4: checkServerTrusted
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
this.mOriginalX509TrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException e1) {
try {
X509Certificate[] ex = this.reorderCertificateChain(chain);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
CertificateFactory factory = CertificateFactory.getInstance("X509");
CertPath certPath = factory.generateCertPath(Arrays.asList(ex));
PKIXParameters params = new PKIXParameters(this.mTrustStore);
params.setRevocationEnabled(false);
validator.validate(certPath, params);
} catch (Exception e) {
throw e1;
}
}
}
示例5: createCPVs
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private static CertPathValidator[] createCPVs() {
if (!PKIXSupport) {
fail(NotSupportMsg);
return null;
}
try {
CertPathValidator[] certPVs = new CertPathValidator[3];
certPVs[0] = CertPathValidator.getInstance(defaultType);
certPVs[1] = CertPathValidator.getInstance(defaultType,
defaultProviderName);
certPVs[2] = CertPathValidator.getInstance(defaultType,
defaultProvider);
return certPVs;
} catch (Exception e) {
return null;
}
}
示例6: testCertPathValidator03
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm)</code> method
* Assertion: returns CertPathValidator object
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies positive case.",
method = "getInstance",
args = {java.lang.String.class}
)
public void testCertPathValidator03() throws NoSuchAlgorithmException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathValidator certPV;
for (int i = 0; i < validValues.length; i++) {
certPV = CertPathValidator.getInstance(validValues[i]);
assertEquals("Incorrect algorithm", certPV.getAlgorithm(), validValues[i]);
}
}
示例7: testCertPathValidator05
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm, String provider)</code> method
* Assertion:
* throws NoSuchProviderException when provider has invalid value
*/
@TestTargetNew(
level = TestLevel.PARTIAL_COMPLETE,
notes = "Verifies that getInstance method throws NoSuchProviderException when provider parameter has invalid value.",
method = "getInstance",
args = {java.lang.String.class, java.lang.String.class}
)
public void testCertPathValidator05() throws NoSuchAlgorithmException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
for (int t = 0; t < validValues.length; t++) {
for (int i = 1; i < invalidValues.length; i++) {
try {
CertPathValidator.getInstance(validValues[t],
invalidValues[i]);
fail("NoSuchProviderException must be thrown");
} catch (NoSuchProviderException e1) {
}
}
}
}
示例8: testCertPathValidator08
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm, Provider provider)</code> method
* Assertion: throws IllegalArgumentException when provider is null
*/
public void testCertPathValidator08()
throws NoSuchAlgorithmException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
Provider prov = null;
for (int t = 0; t < validValues.length; t++ ) {
try {
CertPathValidator.getInstance(validValues[t], prov);
fail("IllegalArgumentException must be thrown");
} catch (IllegalArgumentException e1) {
}
}
}
示例9: testCertPathValidator05
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm, String provider)</code> method
* Assertion:
* throws NoSuchProviderException when provider has invalid value
*/
public void testCertPathValidator05() throws NoSuchAlgorithmException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
for (int t = 0; t < validValues.length; t++) {
for (int i = 1; i < invalidValues.length; i++) {
try {
CertPathValidator.getInstance(validValues[t],
invalidValues[i]);
fail("NoSuchProviderException must be thrown");
} catch (NoSuchProviderException e1) {
}
}
}
}
示例10: TrustManagerImpl
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Creates trust manager implementation
*
* @param ks
*/
public TrustManagerImpl(KeyStore ks) {
try {
validator = CertPathValidator.getInstance("PKIX");
factory = CertificateFactory.getInstance("X509");
String alias;
X509Certificate cert;
byte[] nameConstrains = null;
Set trusted = new HashSet();
for (Enumeration en = ks.aliases(); en.hasMoreElements();) {
alias = (String) en.nextElement();
cert = (X509Certificate) ks.getCertificate(alias);
if (cert != null) {
trusted.add(new TrustAnchor(cert, nameConstrains));
}
}
params = new PKIXParameters(trusted);
params.setRevocationEnabled(false);
} catch (Exception e) {
err = e;
}
}
示例11: testCertPathValidator07
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm, String provider)</code> method
* Assertion: returns CertPathValidator object
*/
public void testCertPathValidator07() throws NoSuchAlgorithmException,
NoSuchProviderException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathValidator certPV;
for (int i = 0; i < validValues.length; i++) {
certPV = CertPathValidator.getInstance(validValues[i],
defaultProviderName);
assertEquals("Incorrect algorithm", certPV.getAlgorithm(),
validValues[i]);
assertEquals("Incorrect provider name", certPV.getProvider()
.getName(), defaultProviderName);
}
}
示例12: testCertPathValidator10
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test for <code>getInstance(String algorithm, String provider)</code> method
* Assertion: returns CertPathValidator object
*/
public void testCertPathValidator10() throws NoSuchAlgorithmException,
NoSuchProviderException {
if (!PKIXSupport) {
fail(NotSupportMsg);
return;
}
CertPathValidator certPV;
for (int i = 0; i < invalidValues.length; i++) {
certPV = CertPathValidator.getInstance(validValues[i],
defaultProvider);
assertEquals("Incorrect algorithm", certPV.getAlgorithm(),
validValues[i]);
assertEquals("Incorrect provider name", certPV.getProvider(),
defaultProvider);
}
}
示例13: TrustManagerImpl
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Creates trust manager implementation
*
* @param ks
*/
public TrustManagerImpl(KeyStore ks) {
try {
validator = CertPathValidator.getInstance("PKIX");
factory = CertificateFactory.getInstance("X509");
byte[] nameConstrains = null;
Set<TrustAnchor> trusted = new HashSet<TrustAnchor>();
for (Enumeration<String> en = ks.aliases(); en.hasMoreElements();) {
final String alias = en.nextElement();
final X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
if (cert != null) {
trusted.add(new TrustAnchor(cert, nameConstrains));
}
}
params = new PKIXParameters(trusted);
params.setRevocationEnabled(false);
} catch (Exception e) {
err = e;
}
}
示例14: JavaSecVerifier
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Create a JavaSecVerifier and load the system keystore.
*
* @throws KeyStoreException Keystore type could not be instantiated.
* @throws FileNotFoundException Keystore was not found in standard locations.
* @throws IOException Error loading keystore from disc.
* @throws GeneralSecurityException Error processing loaded keystore.
*/
public JavaSecVerifier() throws IOException, GeneralSecurityException {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null); // initialize keystore
KeyStore tmpKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
certPathValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType());
// determine system keystore
final String fSep = File.separator;
File keyStoreFile;
// try system property
keyStoreFile = getKeystore(System.getProperty("java.home"), "lib" + fSep + "security" + fSep + "cacerts");
// load file
if (keyStoreFile != null) {
tmpKeyStore.load(new FileInputStream(keyStoreFile), null); // system keystore has no password protection
} else {
// TODO: this is either on android or it doesn' work at all
throw new FileNotFoundException("Unable to find system keystore in standard locations.");
}
addKeyStore(tmpKeyStore);
}
示例15: testSoftFailFallback
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Test a case where client-side stapling is attempted, but does not
* occur because OCSP responders are unreachable. Client-side OCSP
* checking is enabled for this, with SOFT_FAIL.
*/
static void testSoftFailFallback() throws Exception {
ClientParameters cliParams = new ClientParameters();
ServerParameters servParams = new ServerParameters();
serverReady = false;
// make OCSP responders reject connections
intOcsp.rejectConnections();
rootOcsp.rejectConnections();
System.out.println("=======================================");
System.out.println("Stapling enbled in client and server,");
System.out.println("but OCSP responders disabled.");
System.out.println("PKIXParameters with Revocation checking");
System.out.println("enabled and SOFT_FAIL.");
System.out.println("=======================================");
Security.setProperty("ocsp.enable", "true");
cliParams.pkixParams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
cliParams.pkixParams.setRevocationEnabled(true);
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
cliParams.revChecker =
(PKIXRevocationChecker)cpv.getRevocationChecker();
cliParams.revChecker.setOptions(EnumSet.of(Option.SOFT_FAIL));
SSLSocketWithStapling sslTest = new SSLSocketWithStapling(cliParams,
servParams);
TestResult tr = sslTest.getResult();
if (tr.clientExc != null) {
throw tr.clientExc;
} else if (tr.serverExc != null) {
throw tr.serverExc;
}
// make sure getSoftFailExceptions is not empty
if (cliParams.revChecker.getSoftFailExceptions().isEmpty()) {
throw new Exception("No soft fail exceptions");
}
System.out.println(" PASS");
System.out.println("=======================================\n");
// Make OCSP responders accept connections
intOcsp.acceptConnections();
rootOcsp.acceptConnections();
// Wait 5 seconds for server ready
for (int i = 0; (i < 100 && (!intOcsp.isServerReady() || !rootOcsp.isServerReady())); i++) {
Thread.sleep(50);
}
if (!intOcsp.isServerReady() || !rootOcsp.isServerReady()) {
throw new RuntimeException("Server not ready yet");
}
}