本文整理汇总了Java中java.security.cert.PKIXBuilderParameters.setRevocationEnabled方法的典型用法代码示例。如果您正苦于以下问题:Java PKIXBuilderParameters.setRevocationEnabled方法的具体用法?Java PKIXBuilderParameters.setRevocationEnabled怎么用?Java PKIXBuilderParameters.setRevocationEnabled使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.PKIXBuilderParameters的用法示例。
在下文中一共展示了PKIXBuilderParameters.setRevocationEnabled方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
示例2: getParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
/**
* Return the initialization parameters for the TrustManager. Currently,
* only the default <code>PKIX</code> is supported.
*
* @param algorithm
* The algorithm to get parameters for.
* @param crlf
* The path to the CRL file.
* @param trustStore
* The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
CertPathParameters params = null;
if ("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if (trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch (Exception ex) {
log.warn("Bad maxCertLength: " + trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: " + algorithm);
}
return params;
}
示例3: getCertPathParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
public static CertPathParameters getCertPathParameters()
throws InvalidAlgorithmParameterException {
if ((rootCertificateSS == null) || (theCertSelector == null)
|| (builder == null)) {
throw new RuntimeException(
"Call initCertPathSSCertChain prior to buildCertPath");
}
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(
Collections.singleton(new TrustAnchor(rootCertificateSS, null)),
theCertSelector);
buildParams.addCertStore(store);
buildParams.setRevocationEnabled(false);
return buildParams;
}
示例4: checkCertPath
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs)
throws IOException, GeneralSecurityException
{
CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build();
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setIssuer(signerId.getIssuer().getEncoded());
targetConstraints.setSerialNumber(signerId.getSerialNumber());
PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints);
params.addCertStore(store);
params.setRevocationEnabled(false); // TODO: CRLs?
return (PKIXCertPathBuilderResult)pathBuilder.build(params);
}
示例5: getParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams =
new PKIXBuilderParameters(trustStore, new X509CertSelector());
Collection<? extends CRL> crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = endpoint.getTrustMaxCertLength();
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
示例6: getParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
/**
* Return the initialization parameters for the TrustManager.
* Currently, only the default <code>PKIX</code> is supported.
*
* @param algorithm The algorithm to get parameters for.
* @param crlf The path to the CRL file.
* @param trustStore The configured TrustStore.
* @return The parameters including the CRLs and TrustStore.
*/
protected CertPathParameters getParameters(String algorithm,
String crlf,
KeyStore trustStore)
throws Exception {
CertPathParameters params = null;
if("PKIX".equalsIgnoreCase(algorithm)) {
PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
Collection crls = getCRLs(crlf);
CertStoreParameters csp = new CollectionCertStoreParameters(crls);
CertStore store = CertStore.getInstance("Collection", csp);
xparams.addCertStore(store);
xparams.setRevocationEnabled(true);
String trustLength = (String)attributes.get("trustMaxCertLength");
if(trustLength != null) {
try {
xparams.setMaxPathLength(Integer.parseInt(trustLength));
} catch(Exception ex) {
log.warn("Bad maxCertLength: "+trustLength);
}
}
params = xparams;
} else {
throw new CRLException("CRLs not supported for type: "+algorithm);
}
return params;
}
示例7: doBuild
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
示例8: createParams
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
public static void createParams() throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile("sun.cer"), null);
Set anchors = Collections.singleton(anchor);
// Create odd CertSelector
sel = new OddSel();
params = new PKIXBuilderParameters(anchors, sel);
params.setRevocationEnabled(false);
}
示例9: main
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
示例10: createSSLEngines
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
private void createSSLEngines() throws Exception {
// Initialize the KeyManager and TrustManager for the server
KeyManagerFactory servKmf = KeyManagerFactory.getInstance("PKIX");
servKmf.init(serverKeystore, passwd.toCharArray());
TrustManagerFactory servTmf =
TrustManagerFactory.getInstance("PKIX");
servTmf.init(trustStore);
// Initialize the TrustManager for the client with revocation checking
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore,
new X509CertSelector());
pkixParams.setRevocationEnabled(true);
ManagerFactoryParameters mfp =
new CertPathTrustManagerParameters(pkixParams);
TrustManagerFactory cliTmf =
TrustManagerFactory.getInstance("PKIX");
cliTmf.init(mfp);
// Create the SSLContexts from the factories
SSLContext servCtx = SSLContext.getInstance("TLS");
servCtx.init(servKmf.getKeyManagers(), servTmf.getTrustManagers(),
null);
SSLContext cliCtx = SSLContext.getInstance("TLS");
cliCtx.init(null, cliTmf.getTrustManagers(), null);
/*
* Configure the serverEngine to act as a server in the SSL/TLS
* handshake.
*/
serverEngine = servCtx.createSSLEngine();
serverEngine.setUseClientMode(false);
serverEngine.setNeedClientAuth(false);
/*
* Similar to above, but using client mode instead.
*/
clientEngine = cliCtx.createSSLEngine("client", 80);
clientEngine.setUseClientMode(true);
}
示例11: verifyCertificate
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
Set<X509Certificate> intermediateCerts, boolean verifySelfSignedCert) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(
intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
示例12: loadTrustManager
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
private static TrustManager[] loadTrustManager(final String trustStoreProvider,
final String trustStorePath,
final String trustStorePassword,
final boolean trustAll,
final String crlPath) throws Exception {
if (trustAll) {
//This is useful for testing but not should be used outside of that purpose
return InsecureTrustManagerFactory.INSTANCE.getTrustManagers();
} else if (trustStorePath == null && (trustStoreProvider == null || !"PKCS11".equals(trustStoreProvider.toUpperCase()))) {
return null;
} else {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = SSLSupport.loadKeystore(trustStoreProvider, trustStorePath, trustStorePassword);
boolean ocsp = Boolean.valueOf(Security.getProperty("ocsp.enable"));
boolean initialized = false;
if ((ocsp || crlPath != null) && TrustManagerFactory.getDefaultAlgorithm().equalsIgnoreCase("PKIX")) {
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
if (crlPath != null) {
pkixParams.setRevocationEnabled(true);
Collection<? extends CRL> crlList = loadCRL(crlPath);
if (crlList != null) {
pkixParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlList)));
}
}
trustMgrFactory.init(new CertPathTrustManagerParameters(pkixParams));
initialized = true;
}
if (!initialized) {
trustMgrFactory.init(trustStore);
}
return trustMgrFactory.getTrustManagers();
}
}
示例13: setUp
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
@Override
protected void setUp() throws Exception {
super.setUp();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
CertificateFactory certificateFactory = CertificateFactory.getInstance(
"X509");
X509Certificate selfSignedcertificate =
(X509Certificate) certificateFactory.generateCertificate(
new ByteArrayInputStream(selfSignedCert.getBytes()));
keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(selfSignedcertificate);
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(selfSignedcertificate);
CertStoreParameters storeParams = new CollectionCertStoreParameters(
certList);
CertStore certStore = CertStore.getInstance("Collection", storeParams);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore,
targetConstraints);
parameters.addCertStore(certStore);
parameters.setRevocationEnabled(false);
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult builderResult = pathBuilder.build(parameters);
certPath = builderResult.getCertPath();
params = new PKIXParameters(keyStore);
params.setRevocationEnabled(false);
}
示例14: getCertPathParameters
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
@Override
public CertPathParameters getCertPathParameters() throws Exception {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
CertificateFactory certificateFactory = CertificateFactory.getInstance(
"X509");
X509Certificate selfSignedcertificate =
(X509Certificate) certificateFactory.generateCertificate(
new ByteArrayInputStream(selfSignedCert.getBytes()));
keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(selfSignedcertificate);
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(selfSignedcertificate);
CertStoreParameters storeParams = new CollectionCertStoreParameters(
certList);
CertStore certStore = CertStore.getInstance("Collection", storeParams);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(
keyStore, targetConstraints);
parameters.addCertStore(certStore);
parameters.setRevocationEnabled(false);
return parameters;
}
示例15: main
import java.security.cert.PKIXBuilderParameters; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}