当前位置: 首页>>代码示例>>Java>>正文


Java X509CertSelector.setBasicConstraints方法代码示例

本文整理汇总了Java中java.security.cert.X509CertSelector.setBasicConstraints方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setBasicConstraints方法的具体用法?Java X509CertSelector.setBasicConstraints怎么用?Java X509CertSelector.setBasicConstraints使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509CertSelector的用法示例。


在下文中一共展示了X509CertSelector.setBasicConstraints方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: test_setBasicConstraintsLint

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#setBasicConstraints(int)
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "setBasicConstraints",
    args = {int.class}
)
public void test_setBasicConstraintsLint() {
    X509CertSelector selector = new X509CertSelector();
    int[] invalidValues = { -3, -4, -5, 1000000000 };
    for (int i = 0; i < invalidValues.length; i++) {
        try {
            selector.setBasicConstraints(-3);
            fail("IllegalArgumentException expected");
        } catch (IllegalArgumentException e) {
            // expected
        }
    }

    int[] validValues = { -2, -1, 0, 1, 2, 3, 10, 20 };
    for (int i = 0; i < validValues.length; i++) {
        selector.setBasicConstraints(validValues[i]);
        assertEquals(validValues[i], selector.getBasicConstraints());
    }
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:28,代码来源:X509CertSelectorTest.java

示例2: main

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:32,代码来源:BuildEEBasicConstraints.java

示例3: testBasicConstraints

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testBasicConstraints() {
    System.out.println("X.509 Certificate Match on basic constraints");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    int mpl = cert.getBasicConstraints();
    selector.setBasicConstraints(0);
    checkMatch(selector, cert, false);

    // good match
    selector.setBasicConstraints(mpl);
    checkMatch(selector, cert, true);
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:13,代码来源:X509CertSelectorTest.java

示例4: test_getBasicConstraints

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#getBasicConstraints()
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getBasicConstraints",
    args = {}
)
public void test_getBasicConstraints() {
    X509CertSelector selector = new X509CertSelector();
    int[] validValues = { 2, 1, 0, 1, 2, 3, 10, 20 };
    for (int i = 0; i < validValues.length; i++) {
        selector.setBasicConstraints(validValues[i]);
        assertEquals(validValues[i], selector.getBasicConstraints());
    }
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:18,代码来源:X509CertSelectorTest.java

示例5: main

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {

        X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
        TrustAnchor anchor = new TrustAnchor
            (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
        X509CertSelector sel = new X509CertSelector();
        sel.setBasicConstraints(-2);
        PKIXBuilderParameters params = new PKIXBuilderParameters
            (Collections.singleton(anchor), sel);
        params.setRevocationEnabled(false);
        X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
        X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
        ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
        certs.add(caCert);
        certs.add(eeCert);
        CollectionCertStoreParameters ccsp =
            new CollectionCertStoreParameters(certs);
        CertStore cs = CertStore.getInstance("Collection", ccsp);
        params.addCertStore(cs);
        PKIXCertPathBuilderResult res = CertUtils.build(params);
        CertPath cp = res.getCertPath();
        // check that first certificate is an EE cert
        List<? extends Certificate> certList = cp.getCertificates();
        X509Certificate cert = (X509Certificate) certList.get(0);
        if (cert.getBasicConstraints() != -1) {
            throw new Exception("Target certificate is not an EE certificate");
        }
    }
 
开发者ID:openjdk,项目名称:jdk7-jdk,代码行数:29,代码来源:BuildEEBasicConstraints.java

示例6: verifyCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * Attempts to build a certification chain for given certificate to verify
 * it. Relies on a set of root CA certificates (trust anchors) and a set of
 * intermediate certificates (to be used as part of the chain).
 */
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts)
		throws GeneralSecurityException {

	// Create the selector that specifies the starting certificate
	X509CertSelector selector = new X509CertSelector();
	selector.setBasicConstraints(-2);
	selector.setCertificate(certificate);

	// Create the trust anchors (set of root CA certificates)
	Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
	for (X509Certificate trustedRootCert : trustedRootCerts) {
		trustAnchors.add(new TrustAnchor(trustedRootCert, null));
	}

	// Configure the PKIX certificate builder algorithm parameters
	PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);

	// Turn off default revocation-checking mechanism
	pkixParams.setRevocationEnabled(false);

	// Specify a list of intermediate certificates
	CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
	pkixParams.addCertStore(intermediateCertStore);

	// Build and verify the certification chain
	CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
	PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);

	// Additional check to Verify cert path
	CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
	PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);

	return certPathBuilderResult;
}
 
开发者ID:GluuFederation,项目名称:oxAuth,代码行数:40,代码来源:PathCertificateVerifier.java

示例7: if

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingEECerts
    (ReverseState currentState, List<CertStore> certStores)
    throws CertStoreException, CertificateException, IOException {

    /*
     * Compose a CertSelector to filter out
     * certs which do not satisfy requirements.
     *
     * First, retrieve clone of current target cert constraints, and
     * then add more selection criteria based on current validation state.
     */
    X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone();

    /*
     * Match on issuer (subject of previous cert)
     */
    sel.setIssuer(currentState.subjectDN);

    /*
     * Match on certificate validity date.
     */
    sel.setCertificateValid(buildParams.date());

    /*
     * Policy processing optimizations
     */
    if (currentState.explicitPolicy == 0)
        sel.setPolicy(getMatchingPolicies());

    /*
     * If previous cert has a subject key identifier extension,
     * use it to match on authority key identifier extension.
     */
    /*if (currentState.subjKeyId != null) {
      AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
            (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
            null, null);
    sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
    }*/

    /*
     * Require EE certs
     */
    sel.setBasicConstraints(-2);

    /* Retrieve matching certs from CertStores */
    HashSet<X509Certificate> eeCerts = new HashSet<>();
    addMatchingCerts(sel, certStores, eeCerts, true);

    if (debug != null) {
        debug.println("ReverseBuilder.getMatchingEECerts got "
                      + eeCerts.size() + " certs.");
    }
    return eeCerts;
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:56,代码来源:ReverseBuilder.java

示例8: X509CertSelector

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingCACerts
    (ReverseState currentState, List<CertStore> certStores)
    throws CertificateException, CertStoreException, IOException {

    /*
     * Compose a CertSelector to filter out
     * certs which do not satisfy requirements.
     */
    X509CertSelector sel = new X509CertSelector();

    /*
     * Match on issuer (subject of previous cert)
     */
    sel.setIssuer(currentState.subjectDN);

    /*
     * Match on certificate validity date.
     */
    sel.setCertificateValid(buildParams.date());

    /*
     * Match on target subject name (checks that current cert's
     * name constraints permit it to certify target).
     * (4 is the integer type for DIRECTORY name).
     */
    byte[] subject = targetCertConstraints.getSubjectAsBytes();
    if (subject != null) {
        sel.addPathToName(4, subject);
    } else {
        X509Certificate cert = targetCertConstraints.getCertificate();
        if (cert != null) {
            sel.addPathToName(4,
                              cert.getSubjectX500Principal().getEncoded());
        }
    }

    /*
     * Policy processing optimizations
     */
    if (currentState.explicitPolicy == 0)
        sel.setPolicy(getMatchingPolicies());

    /*
     * If previous cert has a subject key identifier extension,
     * use it to match on authority key identifier extension.
     */
    /*if (currentState.subjKeyId != null) {
      AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
            (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
                            null, null);
      sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
    }*/

    /*
     * Require CA certs
     */
    sel.setBasicConstraints(0);

    /* Retrieve matching certs from CertStores */
    ArrayList<X509Certificate> reverseCerts = new ArrayList<>();
    addMatchingCerts(sel, certStores, reverseCerts, true);

    /* Sort remaining certs using name constraints */
    Collections.sort(reverseCerts, new PKIXCertComparator());

    if (debug != null)
        debug.println("ReverseBuilder.getMatchingCACerts got " +
                      reverseCerts.size() + " certs.");
    return reverseCerts;
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:71,代码来源:ReverseBuilder.java

示例9: if

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingEECerts
    (ReverseState currentState, List<CertStore> certStores)
    throws CertStoreException, CertificateException, IOException {

  /*
   * Compose a CertSelector to filter out
   * certs which do not satisfy requirements.
   *
   * First, retrieve clone of current target cert constraints,
   * and then add more selection criteria based on current validation state.
   */
  X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone();

  /*
   * Match on issuer (subject of previous cert)
   */
  sel.setIssuer(currentState.subjectDN);

  /*
   * Match on certificate validity date.
   */
  sel.setCertificateValid(date);

  /*
   * Policy processing optimizations
   */
  if (currentState.explicitPolicy == 0)
      sel.setPolicy(getMatchingPolicies());

  /*
   * If previous cert has a subject key identifier extension,
   * use it to match on authority key identifier extension.
   */
  /*if (currentState.subjKeyId != null) {
    AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
            (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
            null, null);
    sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
  }*/

  /*
   * Require EE certs
   */
  sel.setBasicConstraints(-2);

  /* Retrieve matching certs from CertStores */
  HashSet<X509Certificate> eeCerts = new HashSet<X509Certificate>();
  addMatchingCerts(sel, certStores, eeCerts, true);

  if (debug != null) {
    debug.println("ReverseBuilder.getMatchingEECerts got " + eeCerts.size()
                + " certs.");
  }
  return eeCerts;
}
 
开发者ID:openjdk,项目名称:jdk7-jdk,代码行数:56,代码来源:ReverseBuilder.java

示例10: X509CertSelector

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingCACerts
    (ReverseState currentState, List<CertStore> certStores)
    throws CertificateException, CertStoreException, IOException {

  /*
   * Compose a CertSelector to filter out
   * certs which do not satisfy requirements.
   */
  X509CertSelector sel = new X509CertSelector();

  /*
   * Match on issuer (subject of previous cert)
   */
  sel.setIssuer(currentState.subjectDN);

  /*
   * Match on certificate validity date.
   */
  sel.setCertificateValid(date);

  /*
   * Match on target subject name (checks that current cert's
   * name constraints permit it to certify target).
   * (4 is the integer type for DIRECTORY name).
   */
  sel.addPathToName(4, targetCertConstraints.getSubjectAsBytes());

  /*
   * Policy processing optimizations
   */
  if (currentState.explicitPolicy == 0)
      sel.setPolicy(getMatchingPolicies());

  /*
   * If previous cert has a subject key identifier extension,
   * use it to match on authority key identifier extension.
   */
  /*if (currentState.subjKeyId != null) {
    AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
            (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
                            null, null);
    sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
  }*/

  /*
   * Require CA certs
   */
  sel.setBasicConstraints(0);

  /* Retrieve matching certs from CertStores */
  ArrayList<X509Certificate> reverseCerts =
      new ArrayList<X509Certificate>();
  addMatchingCerts(sel, certStores, reverseCerts, true);

  /* Sort remaining certs using name constraints */
  Collections.sort(reverseCerts, new PKIXCertComparator());

  if (debug != null)
    debug.println("ReverseBuilder.getMatchingCACerts got " +
                reverseCerts.size() + " certs.");
  return reverseCerts;
}
 
开发者ID:openjdk,项目名称:jdk7-jdk,代码行数:63,代码来源:ReverseBuilder.java


注:本文中的java.security.cert.X509CertSelector.setBasicConstraints方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。