本文整理汇总了Java中java.security.cert.CertPathValidator.validate方法的典型用法代码示例。如果您正苦于以下问题:Java CertPathValidator.validate方法的具体用法?Java CertPathValidator.validate怎么用?Java CertPathValidator.validate使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.CertPathValidator
的用法示例。
在下文中一共展示了CertPathValidator.validate方法的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateNoCache
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private void validateNoCache(List<? extends X509Certificate> certs)
throws SignatureException {
try {
CertPathValidator validator = CertPathValidator.getInstance(
VALIDATOR_TYPE);
PKIXParameters params = new PKIXParameters(trustRoots);
params.addCertPathChecker(WAVE_OID_CHECKER);
params.setDate(timeSource.now());
// turn off default revocation-checking mechanism
params.setRevocationEnabled(false);
// TODO: add a way for clients to add certificate revocation checks,
// perhaps by letting them pass in PKIXCertPathCheckers. This can also be
// useful to check for Wave-specific certificate extensions.
CertificateFactory certFactory = CertificateFactory.getInstance(
CERTIFICATE_TYPE);
CertPath certPath = certFactory.generateCertPath(certs);
validator.validate(certPath, params);
} catch (GeneralSecurityException e) {
throw new SignatureException("Certificate validation failure", e);
}
}
示例2: runTest
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private static void runTest(CertificateFactory cf,
List<X509Certificate> certList, TrustAnchor anchor)
throws Exception {
CertPath path = cf.generateCertPath(certList);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
System.out.println(anchor);
// Attach the OCSP responses to a PKIXParameters object
PKIXRevocationChecker pkrev =
(PKIXRevocationChecker)validator.getRevocationChecker();
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
pkrev.setOcspResponses(responseMap);
PKIXParameters params =
new PKIXParameters(Collections.singleton(anchor));
params.addCertPathChecker(pkrev);
params.setDate(EVAL_DATE);
validator.validate(path, params);
}
示例3: checkServerTrusted
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
this.mOriginalX509TrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException e1) {
try {
X509Certificate[] ex = this.reorderCertificateChain(chain);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
CertificateFactory factory = CertificateFactory.getInstance("X509");
CertPath certPath = factory.generateCertPath(Arrays.asList(ex));
PKIXParameters params = new PKIXParameters(this.mTrustStore);
params.setRevocationEnabled(false);
validator.validate(certPath, params);
} catch (Exception e) {
throw e1;
}
}
}
示例4: testCertPathValidator
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
@TestTargets({
@TestTargetNew(
level=TestLevel.ADDITIONAL,
method="getInstance",
args={String.class}
),
@TestTargetNew(
level=TestLevel.ADDITIONAL,
method="validate",
args={CertPath.class, CertPathParameters.class}
),
@TestTargetNew(
level=TestLevel.COMPLETE,
method="method",
args={}
)
})
public void testCertPathValidator() throws Exception {
CertPathValidator certPathValidator = CertPathValidator.getInstance(
algorithmName);
CertPathValidatorResult validatorResult = certPathValidator.validate(
getCertPath(), getParams());
validateResult(validatorResult);
}
示例5: validateCertPath
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private boolean validateCertPath(KeyStore ks, Certificate[] certs) throws WSSecurityException {
try {
// Generate cert path
java.util.List certList = java.util.Arrays.asList(certs);
CertPath path = this.getCertificateFactory().generateCertPath(certList);
// Use the certificates in the keystore as TrustAnchors
PKIXParameters param = new PKIXParameters(ks);
// Do not check a revocation list
param.setRevocationEnabled(false);
// Verify the trust path using the above settings
String provider = properties
.getProperty("org.apache.ws.security.crypto.merlin.cert.provider");
CertPathValidator certPathValidator;
if (provider == null || provider.length() == 0) {
certPathValidator = CertPathValidator.getInstance("PKIX");
} else {
certPathValidator = CertPathValidator.getInstance("PKIX", provider);
}
certPathValidator.validate(path, param);
} catch (NoSuchProviderException | NoSuchAlgorithmException | CertificateException |
InvalidAlgorithmParameterException | CertPathValidatorException | KeyStoreException ex) {
throw new WSSecurityException(WSSecurityException.FAILURE, "certpath",
new Object[]{ex.getMessage()}, ex);
}
return true;
}
示例6: validateCertificate
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
boolean validateCertificate(Certificate cert) {
boolean isValidated;
if (cert == null) {
return false;
}
try {
KeyStore keyStore = getTrustStore();
PKIXParameters parms = new PKIXParameters(keyStore);
parms.setRevocationEnabled(false);
CertPathValidator certValidator = CertPathValidator.getInstance(CertPathValidator.getDefaultType()); // PKIX
ArrayList<Certificate> start = new ArrayList<>();
start.add(cert);
CertificateFactory certFactory = CertificateFactory.getInstance(CERTIFICATE_FORMAT);
CertPath certPath = certFactory.generateCertPath(start);
certValidator.validate(certPath, parms);
isValidated = true;
} catch (KeyStoreException | InvalidAlgorithmParameterException | NoSuchAlgorithmException
| CertificateException | CertPathValidatorException | CryptoException e) {
logger.error("Cannot validate certificate. Error is: " + e.getMessage() + "\r\nCertificate"
+ cert.toString());
isValidated = false;
}
return isValidated;
}
示例7: certPathReview
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private PKIXCertPathValidatorResult certPathReview(CertPath certPath,
PKIXParameters params) throws NoSuchAlgorithmException,
CertPathValidatorException, InvalidAlgorithmParameterException {
CertPathValidator certPathValidator = CertPathValidator
.getInstance(CertPathValidator.getDefaultType());
CertPathValidatorResult result = certPathValidator.validate(certPath,
params);
PKIXCertPathValidatorResult pkixResult = (PKIXCertPathValidatorResult) result;
return pkixResult;
}
示例8: verifyCertificate
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Attempts to build a certification chain for given certificate to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
*/
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts)
throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setBasicConstraints(-2);
selector.setCertificate(certificate);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Turn off default revocation-checking mechanism
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
// Additional check to Verify cert path
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
return certPathBuilderResult;
}
示例9: doTest
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private PKIXCertPathValidatorResult doTest(
String trustAnchor,
String[] certs,
String[] crls,
Set policies)
throws Exception
{
Set trustedSet = Collections.singleton(getTrustAnchor(trustAnchor));
List certsAndCrls = new ArrayList();
X509Certificate endCert = loadCert(certs[certs.length - 1]);
for (int i = 0; i != certs.length - 1; i++)
{
certsAndCrls.add(loadCert(certs[i]));
}
certsAndCrls.add(endCert);
CertPath certPath = CertificateFactory.getInstance("X.509","BC").generateCertPath(certsAndCrls);
for (int i = 0; i != crls.length; i++)
{
certsAndCrls.add(loadCrl(crls[i]));
}
CertStore store = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certsAndCrls), "BC");
CertPathValidator validator = CertPathValidator.getInstance("PKIX","BC");
PKIXParameters params = new PKIXParameters(trustedSet);
params.addCertStore(store);
params.setRevocationEnabled(true);
params.setDate(new GregorianCalendar(2010, 1, 1).getTime());
if (policies != null)
{
params.setExplicitPolicyRequired(true);
params.setInitialPolicies(policies);
}
return (PKIXCertPathValidatorResult)validator.validate(certPath, params);
}
示例10: checkCircProcessing
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
private void checkCircProcessing()
throws Exception
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(circCA));
X509Certificate crlCaCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(circCRLCA));
X509CRL crl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(circCRL));
List list = new ArrayList();
list.add(caCert);
list.add(crlCaCert);
list.add(crl);
CertStoreParameters ccsp = new CollectionCertStoreParameters(list);
CertStore store = CertStore.getInstance("Collection", ccsp);
Calendar validDate = Calendar.getInstance();
validDate.set(2010,0,8,2,21,10);
//validating path
List certchain = new ArrayList();
certchain.add(crlCaCert);
CertPath cp = CertificateFactory.getInstance("X.509","BC").generateCertPath(certchain);
Set trust = new HashSet();
trust.add(new TrustAnchor(caCert, null));
CertPathValidator cpv = CertPathValidator.getInstance("PKIX","BC");
//PKIXParameters param = new PKIXParameters(trust);
PKIXBuilderParameters param = new PKIXBuilderParameters(trust, null);
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(crlCaCert);
param.setTargetCertConstraints(certSelector);
param.addCertStore(store);
param.setRevocationEnabled(true);
param.setDate(validDate.getTime());
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult)cpv.validate(cp, param);
}
示例11: validate
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Perform a PKIX validation. On success, print the
* CertPathValidatorResult on System.out. On failure,
* throw an exception.
*
* @param path CertPath to validate
* @param params PKIXParameters to use in validation
* @throws Exception on error
*/
public static void validate(CertPath path, PKIXParameters params)
throws Exception {
CertPathValidator validator =
CertPathValidator.getInstance("PKIX");
CertPathValidatorResult cpvr = validator.validate(path, params);
}
示例12: validate
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Perform a PKIX validation.
*
* @param path CertPath to validate
* @param params PKIXParameters to use in validation
* @throws Exception on error
*/
public static void validate(CertPath path, PKIXParameters params)
throws Exception {
CertPathValidator validator =
CertPathValidator.getInstance("PKIX");
CertPathValidatorResult cpvr = validator.validate(path, params);
}
示例13: validate
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Perform a PKIX validation.
*
* @param path CertPath to validate
* @param params PKIXParameters to use in validation
* @throws Exception on error
*/
public static void validate(CertPath path, PKIXParameters params)
throws Exception {
CertPathValidator validator =
CertPathValidator.getInstance("PKIX", "SUN");
CertPathValidatorResult cpvr = validator.validate(path, params);
}
示例14: return
import java.security.cert.CertPathValidator; //导入方法依赖的package包/类
/**
* Perform a PKIX validation. On failure, throw an exception.
*
* @param path CertPath to validate
* @param params PKIXParameters to use in validation
* @throws Exception on error
*/
public static PKIXCertPathValidatorResult validate
(CertPath path, PKIXParameters params) throws Exception {
CertPathValidator validator =
CertPathValidator.getInstance("PKIX");
return (PKIXCertPathValidatorResult) validator.validate(path, params);
}