当前位置: 首页>>代码示例>>Java>>正文


Java X509CertSelector.setCertificate方法代码示例

本文整理汇总了Java中java.security.cert.X509CertSelector.setCertificate方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setCertificate方法的具体用法?Java X509CertSelector.setCertificate怎么用?Java X509CertSelector.setCertificate使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509CertSelector的用法示例。


在下文中一共展示了X509CertSelector.setCertificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: doBuild

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:30,代码来源:NoExtensions.java

示例2: testCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testCertificate() {
    System.out.println("X.509 Certificate Match on certificateEquals criterion");

    X509CertSelector selector = new X509CertSelector();
    // good match
    selector.setCertificate(cert);
    checkMatch(selector, cert, true);
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:9,代码来源:X509CertSelectorTest.java

示例3: verifyCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
		Set<X509Certificate> intermediateCerts, boolean verifySelfSignedCert) throws GeneralSecurityException {

	// Create the selector that specifies the starting certificate
	X509CertSelector selector = new X509CertSelector();
	selector.setCertificate(cert);

	// Create the trust anchors (set of root CA certificates)
	Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
	for (X509Certificate trustedRootCert : trustedRootCerts) {
		trustAnchors.add(new TrustAnchor(trustedRootCert, null));
	}

	// Configure the PKIX certificate builder algorithm parameters
	PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);

	// Disable CRL checks (this is done manually as additional step)
	pkixParams.setRevocationEnabled(false);

	// Specify a list of intermediate certificates
	CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(
			intermediateCerts));
	pkixParams.addCertStore(intermediateCertStore);

	// Build and verify the certification chain
	CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
	PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
	return result;
}
 
开发者ID:infinitiessoft,项目名称:keystone4j,代码行数:30,代码来源:CertificateVerifier.java

示例4: getValidationData

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
public ValidationData getValidationData(
        List<X509Certificate> certChainFragment) throws ValidationDataException
{
    try
    {
        X509CertSelector cs = new X509CertSelector();
        cs.setCertificate(certChainFragment.get(0));
        return this.certificateValidationProvider.validate(cs, new Date(), certChainFragment);
    } catch (XAdES4jException ex)
    {
        throw new ValidationDataException("Cannot validate certificate to obtain validation data", ex);
    }
}
 
开发者ID:luisgoncalves,项目名称:xades4j,代码行数:15,代码来源:ValidationDataFromCertValidationProvider.java

示例5: initCertPathSSCertChain

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void initCertPathSSCertChain() throws CertificateException,
            InvalidAlgorithmParameterException, NoSuchAlgorithmException,
            IOException {
        // create certificates and CRLs
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes());
        rootCertificateSS = (X509Certificate) cf.generateCertificate(bi);
        bi = new ByteArrayInputStream(endCert.getBytes());
        endCertificate = (X509Certificate) cf.generateCertificate(bi);
        BigInteger revokedSerialNumber = BigInteger.valueOf(1);
        crl = new MyCRL("X.509");
//        X509CRL rootCRL = X509CRL;
//        X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
//                .getPrivate(), revokedSerialNumber);

        // create CertStore to support path building
        List<Object> list = new ArrayList<Object>();

        list.add(rootCertificateSS);
        list.add(endCertificate);

        CollectionCertStoreParameters params = new CollectionCertStoreParameters(
                list);
        store = CertStore.getInstance("Collection", params);

        theCertSelector = new X509CertSelector();
        theCertSelector.setCertificate(endCertificate);
        theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
                .getEncoded());

        // build the path
        builder = CertPathBuilder.getInstance("PKIX");

    }
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:35,代码来源:TestUtils.java

示例6: test_getCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#getCertificate()
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getCertificate",
    args = {}
)
public void test_getCertificate() throws CertificateException {
    X509CertSelector selector = new X509CertSelector();
    CertificateFactory certFact = CertificateFactory.getInstance("X509");
    X509Certificate cert1 = (X509Certificate) certFact
            .generateCertificate(new ByteArrayInputStream(TestUtils
                    .getX509Certificate_v3()));

    X509Certificate cert2 = (X509Certificate) certFact
            .generateCertificate(new ByteArrayInputStream(TestUtils
                    .getX509Certificate_v1()));

    selector.setCertificate(cert1);
    assertEquals(cert1, selector.getCertificate());

    selector.setCertificate(cert2);
    assertEquals(cert2, selector.getCertificate());

    selector.setCertificate(null);
    assertNull(selector.getCertificate());
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:30,代码来源:X509CertSelectorTest.java

示例7: test_matchLjava_security_cert_Certificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate)
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "match",
    args = {java.security.cert.Certificate.class}
)
public void test_matchLjava_security_cert_Certificate()
        throws CertificateException {
    X509CertSelector selector = new X509CertSelector();
    assertFalse(selector.match(null));

    CertificateFactory certFact = CertificateFactory.getInstance("X509");
    X509Certificate cert1 = (X509Certificate) certFact
            .generateCertificate(new ByteArrayInputStream(TestUtils
                    .getX509Certificate_v3()));

    X509Certificate cert2 = (X509Certificate) certFact
            .generateCertificate(new ByteArrayInputStream(TestUtils
                    .getX509Certificate_v1()));

    selector.setCertificate(cert1);
    assertTrue(selector.match(cert1));
    assertFalse(selector.match(cert2));

    selector.setCertificate(cert2);
    assertFalse(selector.match(cert1));
    assertTrue(selector.match(cert2));
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:32,代码来源:X509CertSelectorTest.java

示例8: test_setCertificateLjava_security_cert_X509Certificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate)
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "setCertificate",
    args = {java.security.cert.X509Certificate.class}
)
public void test_setCertificateLjava_security_cert_X509Certificate()
        throws CertificateException {

    TestCert cert1 = new TestCert("same certificate");
    TestCert cert2 = new TestCert("other certificate");
    X509CertSelector selector = new X509CertSelector();

    selector.setCertificate(null);
    assertTrue("Any certificates should match in the case of null "
            + "certificateEquals criteria.", selector.match(cert1)
            && selector.match(cert2));
    selector.setCertificate(cert1);
    assertTrue("The certificate should match the selection criteria.",
            selector.match(cert1));
    assertFalse("The certificate should not match the selection criteria.",
            selector.match(cert2));
    selector.setCertificate(cert2);
    assertTrue("The certificate should match the selection criteria.",
            selector.match(cert2));
    selector.setCertificate(null);
    assertNull(selector.getCertificate());
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:32,代码来源:X509CertSelectorTest.java

示例9: setupEnvironment

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void setupEnvironment() throws Exception {
        // create certificates and CRLs
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes());
        rootCertificate = (X509Certificate) cf.generateCertificate(bi);
        bi = new ByteArrayInputStream(TestUtils.endCert.getBytes());
        endCertificate = (X509Certificate) cf.generateCertificate(bi);

        BigInteger revokedSerialNumber = BigInteger.valueOf(1);
        crl = new MyCRL("X.509");
//        X509CRL rootCRL = X509CRL;
//        X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
//                .getPrivate(), revokedSerialNumber);

        // create CertStore to support path building
        List<Object> list = new ArrayList<Object>();

        list.add(rootCertificate);
        list.add(endCertificate);

//        CollectionCertStoreParameters params = new CollectionCertStoreParameters(
//                list);
//        CertStore store = CertStore.getInstance("Collection", params);
//
        theCertSelector = new X509CertSelector();
        theCertSelector.setCertificate(endCertificate);
        theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
                .getEncoded());

     // build the path
        builder = CertPathBuilder.getInstance("PKIX");

    }
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:34,代码来源:X509CertSelectorTest.java

示例10: setUp

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
protected void setUp() throws Exception {
    super.setUp();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, null);

    CertificateFactory certificateFactory = CertificateFactory.getInstance(
            "X509");

    X509Certificate selfSignedcertificate =
            (X509Certificate) certificateFactory.generateCertificate(
                    new ByteArrayInputStream(selfSignedCert.getBytes()));

    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);

    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);

    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(
            certList);

    CertStore certStore = CertStore.getInstance("Collection", storeParams);

    PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore,
            targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);

    CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");

    CertPathBuilderResult builderResult = pathBuilder.build(parameters);

    certPath = builderResult.getCertPath();

    params = new PKIXParameters(keyStore);
    params.setRevocationEnabled(false);
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:40,代码来源:CertPathValidatorTestPKIX.java

示例11: getCertPathParameters

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
public CertPathParameters getCertPathParameters() throws Exception {
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

    keyStore.load(null, null);

    CertificateFactory certificateFactory = CertificateFactory.getInstance(
            "X509");

    X509Certificate selfSignedcertificate =
            (X509Certificate) certificateFactory.generateCertificate(
                    new ByteArrayInputStream(selfSignedCert.getBytes()));

    keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);

    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setCertificate(selfSignedcertificate);

    List<Certificate> certList = new ArrayList<Certificate>();
    certList.add(selfSignedcertificate);
    CertStoreParameters storeParams = new CollectionCertStoreParameters(
            certList);


    CertStore certStore = CertStore.getInstance("Collection", storeParams);


    PKIXBuilderParameters parameters = new PKIXBuilderParameters(
            keyStore, targetConstraints);
    parameters.addCertStore(certStore);
    parameters.setRevocationEnabled(false);
    return parameters;
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:34,代码来源:CertPathBuilderTestPKIX.java

示例12: testChain

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
 * validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
 * other validation methods.
 *
 * The first certificate in the chain is expected to be the end-entity certificate.
 *
 * The last certificate in the chain is expected to be the root CA certificate.
 *
 * @param chain A certificate chain (cannot be null or empty).
 * @return CertPathBuilderResult result of validation.
 * @throws Exception When the chain is not valid.
 */
public CertPathBuilderResult testChain( X509Certificate[] chain ) throws Exception
{
    // Create the selector that specifies the starting certificate
    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate( chain[0] );

    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    trustAnchors.add(new TrustAnchor(chain[ chain.length - 1], null));

    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(
            trustAnchors, selector);

    // Disable CRL checks (this is done manually as additional step)
    pkixParams.setRevocationEnabled(false);

    // Specify a list of intermediate certificates
    Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
    for (int i=1; i<chain.length -1; i++)
    {
        intermediateCerts.add( chain[ i ] );
    }

    CertStore intermediateCertStore = CertStore.getInstance("Collection",
            new CollectionCertStoreParameters(intermediateCerts));
    pkixParams.addCertStore(intermediateCertStore);

    // Build and verify the certification chain
    CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder
            .build(pkixParams);

    return result;
}
 
开发者ID:igniterealtime,项目名称:Openfire,代码行数:49,代码来源:KeystoreTestUtils.java

示例13: verifyCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * Attempts to build a certification chain for given certificate to verify
 * it. Relies on a set of root CA certificates (trust anchors) and a set of
 * intermediate certificates (to be used as part of the chain).
 */
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts)
		throws GeneralSecurityException {

	// Create the selector that specifies the starting certificate
	X509CertSelector selector = new X509CertSelector();
	selector.setBasicConstraints(-2);
	selector.setCertificate(certificate);

	// Create the trust anchors (set of root CA certificates)
	Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
	for (X509Certificate trustedRootCert : trustedRootCerts) {
		trustAnchors.add(new TrustAnchor(trustedRootCert, null));
	}

	// Configure the PKIX certificate builder algorithm parameters
	PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);

	// Turn off default revocation-checking mechanism
	pkixParams.setRevocationEnabled(false);

	// Specify a list of intermediate certificates
	CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
	pkixParams.addCertStore(intermediateCertStore);

	// Build and verify the certification chain
	CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
	PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);

	// Additional check to Verify cert path
	CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
	PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);

	return certPathBuilderResult;
}
 
开发者ID:GluuFederation,项目名称:oxAuth,代码行数:40,代码来源:PathCertificateVerifier.java

示例14: verifyCertificate

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * Attempts to build a certification chain for given certificate and to verify
 * it. Relies on a set of root CA certificates (trust anchors) and a set of
 * intermediate certificates (to be used as part of the chain).
 * @param cert - certificate for validation
 * @param trustedRootCerts - set of trusted root CA certificates
 * @param intermediateCerts - set of intermediate certificates
 * @return the certification chain (if verification is successful)
 * @throws GeneralSecurityException - if the verification is not successful
 * 		(e.g. certification path cannot be built or some certificate in the
 * 		chain is expired)
 */
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
		Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
	
	// Create the selector that specifies the starting certificate
	X509CertSelector selector = new X509CertSelector(); 
    selector.setCertificate(cert);
    
    // Create the trust anchors (set of root CA certificates)
    Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
    for (X509Certificate trustedRootCert : trustedRootCerts) {
    	trustAnchors.add(new TrustAnchor(trustedRootCert, null));
    }
    
    // Configure the PKIX certificate builder algorithm parameters
    PKIXBuilderParameters pkixParams = 
		new PKIXBuilderParameters(trustAnchors, selector);
	
	// Disable CRL checks (this is done manually as additional step)
	pkixParams.setRevocationEnabled(false);

	// Specify a list of intermediate certificates
	CertStore intermediateCertStore = CertStore.getInstance("Collection",
		new CollectionCertStoreParameters(intermediateCerts), "BC");
	pkixParams.addCertStore(intermediateCertStore);

	// Build and verify the certification chain
	CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
	PKIXCertPathBuilderResult result = 
		(PKIXCertPathBuilderResult) builder.build(pkixParams);
	return result;
}
 
开发者ID:tornabene,项目名称:jopenpec,代码行数:44,代码来源:CertificateVerifier.java

示例15: validateTrustChain

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void validateTrustChain(X509Certificate certificate,
                                      List<X509Certificate> chain,
                                      Set<X509Certificate> trustedCertificates,
                                      Set<X509Certificate> authorityCertificates) throws UaException {

    boolean certificateTrusted = trustedCertificates.stream()
            .anyMatch(c -> Arrays.equals(certificate.getSignature(), c.getSignature()));

    if (certificateTrusted) return;

    try {
        Set<TrustAnchor> trustAnchors = new HashSet<>();
        authorityCertificates.forEach(ca -> trustAnchors.add(new TrustAnchor(ca, null)));

        X509CertSelector selector = new X509CertSelector();
        selector.setCertificate(certificate);

        PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);

        params.setRevocationEnabled(false);

        CertStore intermediateCertStore =
                CertStore.getInstance("Collection", new CollectionCertStoreParameters(chain));

        params.addCertStore(intermediateCertStore);

        CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");

        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);

        LOGGER.debug("Validated certificate chain: {}", result.getCertPath());
    } catch (Throwable t) {
        throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
    }
}
 
开发者ID:digitalpetri,项目名称:opc-ua-stack,代码行数:36,代码来源:CertificateValidationUtil.java


注:本文中的java.security.cert.X509CertSelector.setCertificate方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。