本文整理汇总了Java中java.security.cert.X509CertSelector.addPathToName方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.addPathToName方法的具体用法?Java X509CertSelector.addPathToName怎么用?Java X509CertSelector.addPathToName使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509CertSelector的用法示例。
在下文中一共展示了X509CertSelector.addPathToName方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: X509CertSelector
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingCACerts
(ReverseState currentState, List<CertStore> certStores)
throws CertificateException, CertStoreException, IOException {
/*
* Compose a CertSelector to filter out
* certs which do not satisfy requirements.
*/
X509CertSelector sel = new X509CertSelector();
/*
* Match on issuer (subject of previous cert)
*/
sel.setIssuer(currentState.subjectDN);
/*
* Match on certificate validity date.
*/
sel.setCertificateValid(buildParams.date());
/*
* Match on target subject name (checks that current cert's
* name constraints permit it to certify target).
* (4 is the integer type for DIRECTORY name).
*/
byte[] subject = targetCertConstraints.getSubjectAsBytes();
if (subject != null) {
sel.addPathToName(4, subject);
} else {
X509Certificate cert = targetCertConstraints.getCertificate();
if (cert != null) {
sel.addPathToName(4,
cert.getSubjectX500Principal().getEncoded());
}
}
/*
* Policy processing optimizations
*/
if (currentState.explicitPolicy == 0)
sel.setPolicy(getMatchingPolicies());
/*
* If previous cert has a subject key identifier extension,
* use it to match on authority key identifier extension.
*/
/*if (currentState.subjKeyId != null) {
AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
(KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
null, null);
sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
}*/
/*
* Require CA certs
*/
sel.setBasicConstraints(0);
/* Retrieve matching certs from CertStores */
ArrayList<X509Certificate> reverseCerts = new ArrayList<>();
addMatchingCerts(sel, certStores, reverseCerts, true);
/* Sort remaining certs using name constraints */
Collections.sort(reverseCerts, new PKIXCertComparator());
if (debug != null)
debug.println("ReverseBuilder.getMatchingCACerts got " +
reverseCerts.size() + " certs.");
return reverseCerts;
}
示例2: X509CertSelector
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingCACerts
(ReverseState currentState, List<CertStore> certStores)
throws CertificateException, CertStoreException, IOException {
/*
* Compose a CertSelector to filter out
* certs which do not satisfy requirements.
*/
X509CertSelector sel = new X509CertSelector();
/*
* Match on issuer (subject of previous cert)
*/
sel.setIssuer(currentState.subjectDN);
/*
* Match on certificate validity date.
*/
sel.setCertificateValid(date);
/*
* Match on target subject name (checks that current cert's
* name constraints permit it to certify target).
* (4 is the integer type for DIRECTORY name).
*/
sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());
/*
* Policy processing optimizations
*/
if (currentState.explicitPolicy == 0)
sel.setPolicy(getMatchingPolicies());
/*
* If previous cert has a subject key identifier extension,
* use it to match on authority key identifier extension.
*/
/*if (currentState.subjKeyId != null) {
AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
(KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
null, null);
sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
}*/
/*
* Require CA certs
*/
sel.setBasicConstraints(0);
/* Retrieve matching certs from CertStores */
ArrayList<X509Certificate> reverseCerts =
new ArrayList<X509Certificate>();
addMatchingCerts(sel, certStores, reverseCerts, true);
/* Sort remaining certs using name constraints */
Collections.sort(reverseCerts, new PKIXCertComparator());
if (debug != null)
debug.println("ReverseBuilder.getMatchingCACerts got " +
reverseCerts.size() + " certs.");
return reverseCerts;
}