本文整理汇总了Java中java.security.cert.X509CertSelector.setCertificate方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setCertificate方法的具体用法?Java X509CertSelector.setCertificate怎么用?Java X509CertSelector.setCertificate使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509CertSelector
的用法示例。
在下文中一共展示了X509CertSelector.setCertificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doBuild
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
示例2: testCertificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testCertificate() {
System.out.println("X.509 Certificate Match on certificateEquals criterion");
X509CertSelector selector = new X509CertSelector();
// good match
selector.setCertificate(cert);
checkMatch(selector, cert, true);
}
示例3: verifyCertificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
Set<X509Certificate> intermediateCerts, boolean verifySelfSignedCert) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(
intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
示例4: getValidationData
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
public ValidationData getValidationData(
List<X509Certificate> certChainFragment) throws ValidationDataException
{
try
{
X509CertSelector cs = new X509CertSelector();
cs.setCertificate(certChainFragment.get(0));
return this.certificateValidationProvider.validate(cs, new Date(), certChainFragment);
} catch (XAdES4jException ex)
{
throw new ValidationDataException("Cannot validate certificate to obtain validation data", ex);
}
}
示例5: initCertPathSSCertChain
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void initCertPathSSCertChain() throws CertificateException,
InvalidAlgorithmParameterException, NoSuchAlgorithmException,
IOException {
// create certificates and CRLs
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes());
rootCertificateSS = (X509Certificate) cf.generateCertificate(bi);
bi = new ByteArrayInputStream(endCert.getBytes());
endCertificate = (X509Certificate) cf.generateCertificate(bi);
BigInteger revokedSerialNumber = BigInteger.valueOf(1);
crl = new MyCRL("X.509");
// X509CRL rootCRL = X509CRL;
// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
// .getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List<Object> list = new ArrayList<Object>();
list.add(rootCertificateSS);
list.add(endCertificate);
CollectionCertStoreParameters params = new CollectionCertStoreParameters(
list);
store = CertStore.getInstance("Collection", params);
theCertSelector = new X509CertSelector();
theCertSelector.setCertificate(endCertificate);
theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
.getEncoded());
// build the path
builder = CertPathBuilder.getInstance("PKIX");
}
示例6: test_getCertificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getCertificate()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getCertificate",
args = {}
)
public void test_getCertificate() throws CertificateException {
X509CertSelector selector = new X509CertSelector();
CertificateFactory certFact = CertificateFactory.getInstance("X509");
X509Certificate cert1 = (X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(TestUtils
.getX509Certificate_v3()));
X509Certificate cert2 = (X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(TestUtils
.getX509Certificate_v1()));
selector.setCertificate(cert1);
assertEquals(cert1, selector.getCertificate());
selector.setCertificate(cert2);
assertEquals(cert2, selector.getCertificate());
selector.setCertificate(null);
assertNull(selector.getCertificate());
}
示例7: test_matchLjava_security_cert_Certificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#match(java.security.cert.Certificate)
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "match",
args = {java.security.cert.Certificate.class}
)
public void test_matchLjava_security_cert_Certificate()
throws CertificateException {
X509CertSelector selector = new X509CertSelector();
assertFalse(selector.match(null));
CertificateFactory certFact = CertificateFactory.getInstance("X509");
X509Certificate cert1 = (X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(TestUtils
.getX509Certificate_v3()));
X509Certificate cert2 = (X509Certificate) certFact
.generateCertificate(new ByteArrayInputStream(TestUtils
.getX509Certificate_v1()));
selector.setCertificate(cert1);
assertTrue(selector.match(cert1));
assertFalse(selector.match(cert2));
selector.setCertificate(cert2);
assertFalse(selector.match(cert1));
assertTrue(selector.match(cert2));
}
示例8: test_setCertificateLjava_security_cert_X509Certificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#setCertificate(java.security.cert.Certificate)
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "setCertificate",
args = {java.security.cert.X509Certificate.class}
)
public void test_setCertificateLjava_security_cert_X509Certificate()
throws CertificateException {
TestCert cert1 = new TestCert("same certificate");
TestCert cert2 = new TestCert("other certificate");
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(null);
assertTrue("Any certificates should match in the case of null "
+ "certificateEquals criteria.", selector.match(cert1)
&& selector.match(cert2));
selector.setCertificate(cert1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert2));
selector.setCertificate(cert2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert2));
selector.setCertificate(null);
assertNull(selector.getCertificate());
}
示例9: setupEnvironment
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void setupEnvironment() throws Exception {
// create certificates and CRLs
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes());
rootCertificate = (X509Certificate) cf.generateCertificate(bi);
bi = new ByteArrayInputStream(TestUtils.endCert.getBytes());
endCertificate = (X509Certificate) cf.generateCertificate(bi);
BigInteger revokedSerialNumber = BigInteger.valueOf(1);
crl = new MyCRL("X.509");
// X509CRL rootCRL = X509CRL;
// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
// .getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List<Object> list = new ArrayList<Object>();
list.add(rootCertificate);
list.add(endCertificate);
// CollectionCertStoreParameters params = new CollectionCertStoreParameters(
// list);
// CertStore store = CertStore.getInstance("Collection", params);
//
theCertSelector = new X509CertSelector();
theCertSelector.setCertificate(endCertificate);
theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
.getEncoded());
// build the path
builder = CertPathBuilder.getInstance("PKIX");
}
示例10: setUp
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
protected void setUp() throws Exception {
super.setUp();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
CertificateFactory certificateFactory = CertificateFactory.getInstance(
"X509");
X509Certificate selfSignedcertificate =
(X509Certificate) certificateFactory.generateCertificate(
new ByteArrayInputStream(selfSignedCert.getBytes()));
keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(selfSignedcertificate);
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(selfSignedcertificate);
CertStoreParameters storeParams = new CollectionCertStoreParameters(
certList);
CertStore certStore = CertStore.getInstance("Collection", storeParams);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore,
targetConstraints);
parameters.addCertStore(certStore);
parameters.setRevocationEnabled(false);
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult builderResult = pathBuilder.build(parameters);
certPath = builderResult.getCertPath();
params = new PKIXParameters(keyStore);
params.setRevocationEnabled(false);
}
示例11: getCertPathParameters
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Override
public CertPathParameters getCertPathParameters() throws Exception {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
CertificateFactory certificateFactory = CertificateFactory.getInstance(
"X509");
X509Certificate selfSignedcertificate =
(X509Certificate) certificateFactory.generateCertificate(
new ByteArrayInputStream(selfSignedCert.getBytes()));
keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(selfSignedcertificate);
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(selfSignedcertificate);
CertStoreParameters storeParams = new CollectionCertStoreParameters(
certList);
CertStore certStore = CertStore.getInstance("Collection", storeParams);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(
keyStore, targetConstraints);
parameters.addCertStore(certStore);
parameters.setRevocationEnabled(false);
return parameters;
}
示例12: testChain
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* This method will validate a chain of certificates. It is provided as an alternative to the certificate chain
* validation mechanisms that are under test. This method is intended to be used as a comparative benchmark against
* other validation methods.
*
* The first certificate in the chain is expected to be the end-entity certificate.
*
* The last certificate in the chain is expected to be the root CA certificate.
*
* @param chain A certificate chain (cannot be null or empty).
* @return CertPathBuilderResult result of validation.
* @throws Exception When the chain is not valid.
*/
public CertPathBuilderResult testChain( X509Certificate[] chain ) throws Exception
{
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate( chain[0] );
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
trustAnchors.add(new TrustAnchor(chain[ chain.length - 1], null));
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(
trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
Set<java.security.cert.Certificate> intermediateCerts = new HashSet<>();
for (int i=1; i<chain.length -1; i++)
{
intermediateCerts.add( chain[ i ] );
}
CertStore intermediateCertStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder
.build(pkixParams);
return result;
}
示例13: verifyCertificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* Attempts to build a certification chain for given certificate to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
*/
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts)
throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setBasicConstraints(-2);
selector.setCertificate(certificate);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Turn off default revocation-checking mechanism
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
// Additional check to Verify cert path
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
return certPathBuilderResult;
}
示例14: verifyCertificate
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* Attempts to build a certification chain for given certificate and to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
* @param cert - certificate for validation
* @param trustedRootCerts - set of trusted root CA certificates
* @param intermediateCerts - set of intermediate certificates
* @return the certification chain (if verification is successful)
* @throws GeneralSecurityException - if the verification is not successful
* (e.g. certification path cannot be built or some certificate in the
* chain is expired)
*/
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams =
new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(intermediateCerts), "BC");
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
示例15: validateTrustChain
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void validateTrustChain(X509Certificate certificate,
List<X509Certificate> chain,
Set<X509Certificate> trustedCertificates,
Set<X509Certificate> authorityCertificates) throws UaException {
boolean certificateTrusted = trustedCertificates.stream()
.anyMatch(c -> Arrays.equals(certificate.getSignature(), c.getSignature()));
if (certificateTrusted) return;
try {
Set<TrustAnchor> trustAnchors = new HashSet<>();
authorityCertificates.forEach(ca -> trustAnchors.add(new TrustAnchor(ca, null)));
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(certificate);
PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);
params.setRevocationEnabled(false);
CertStore intermediateCertStore =
CertStore.getInstance("Collection", new CollectionCertStoreParameters(chain));
params.addCertStore(intermediateCertStore);
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);
LOGGER.debug("Validated certificate chain: {}", result.getCertPath());
} catch (Throwable t) {
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
}