本文整理汇总了Java中java.security.cert.X509CertSelector.setIssuer方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setIssuer方法的具体用法?Java X509CertSelector.setIssuer怎么用?Java X509CertSelector.setIssuer使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509CertSelector
的用法示例。
在下文中一共展示了X509CertSelector.setIssuer方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: test_getIssuer
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getIssuer()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getIssuer",
args = {}
)
public void test_getIssuer() {
X500Principal iss1 = new X500Principal("O=First Org.");
X500Principal iss2 = new X500Principal("O=Second Org.");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getIssuer());
selector.setIssuer(iss1);
assertEquals("The returned issuer should be equal to specified", iss1,
selector.getIssuer());
assertFalse("The returned issuer should differ", iss2.equals(selector
.getIssuer()));
}
示例2: test_getIssuerAsString
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getIssuerAsString()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getIssuerAsString",
args = {}
)
public void test_getIssuerAsString() {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getIssuerAsString());
selector.setIssuer(iss1);
assertEquals("The returned issuer should be equal to specified", name1,
selector.getIssuerAsString());
assertFalse("The returned issuer should differ", name2.equals(selector
.getIssuerAsString()));
selector.setIssuer(iss2);
assertEquals("The returned issuer should be equal to specified", name2,
selector.getIssuerAsString());
}
示例3: testGetTargetCertConstraints02
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* Test #2 for <code>getTargetCertConstraints()</code> method<br>
* Assertion: note that the <code>CertSelector</code> returned
* is cloned to protect against subsequent modifications
* @throws InvalidAlgorithmParameterException
* @throws IOException
*/
public final void testGetTargetCertConstraints02() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
X509CertSelector x509cs = new X509CertSelector();
PKIXParameters p = new PKIXParameters(taSet);
p.setTargetCertConstraints(x509cs);
// get cert selector
X509CertSelector cs1 = (X509CertSelector)p.getTargetCertConstraints();
// modify returned selector
cs1.setIssuer(testIssuer);
// get cert selector again
X509CertSelector cs2 = (X509CertSelector)p.getTargetCertConstraints();
// check that selector is not the same
assertNotSame("notTheSame", cs1, cs2);
// check that selector's internal state has
// not been changed by above modification
assertFalse("stateNotChanged", testIssuer.equals(cs2.getIssuerAsString()));
}
示例4: testSetTargetCertConstraints01
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* Test for <code>setTargetCertConstraints(CertSelector)</code> method<br>
* Assertion: sets the required constraints on the target certificate.
* The constraints are specified as an instance of CertSelector<br>
* Assertion: ... If <code>null</code>, no constraints are defined
* @throws IOException
* @throws InvalidAlgorithmParameterException
*/
public final void testSetTargetCertConstraints01() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
X509CertSelector x509cs = new X509CertSelector();
x509cs.setIssuer(testIssuer);
PKIXParameters p = new PKIXParameters(taSet);
p.setTargetCertConstraints(x509cs);
assertEquals("set",
testIssuer,
((X509CertSelector)p.getTargetCertConstraints()).getIssuerAsString());
p.setTargetCertConstraints(null);
assertNull("unset", p.getTargetCertConstraints());
}
示例5: testSetTargetCertConstraints02
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* Test #2 for <code>setTargetCertConstraints(CertSelector)</code> method<br>
* Assertion: ... the CertSelector specified is cloned to protect against
* subsequent modifications
* @throws IOException
* @throws InvalidAlgorithmParameterException
*/
public final void testSetTargetCertConstraints02() throws Exception {
Set taSet = TestUtils.getTrustAnchorSet();
if (taSet == null) {
fail(getName() + ": not performed (could not create test TrustAnchor set)");
}
X509CertSelector x509cs = new X509CertSelector();
PKIXParameters p = new PKIXParameters(taSet);
p.setTargetCertConstraints(x509cs);
// modify selector
x509cs.setIssuer(testIssuer);
// get selector
X509CertSelector x509cs1 = (X509CertSelector)p.getTargetCertConstraints();
// check that selector's internal state has
// not been changed by above modification
assertFalse(testIssuer.equals(x509cs1.getIssuerAsString()));
}
示例6: checkCertPath
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private PKIXCertPathBuilderResult checkCertPath(SignerId signerId, Store certs)
throws IOException, GeneralSecurityException
{
CertStore store = new JcaCertStoreBuilder().setProvider("BC").addCertificates(certs).build();
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setIssuer(signerId.getIssuer().getEncoded());
targetConstraints.setSerialNumber(signerId.getSerialNumber());
PKIXBuilderParameters params = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(trustAnchor, null)), targetConstraints);
params.addCertStore(store);
params.setRevocationEnabled(false); // TODO: CRLs?
return (PKIXCertPathBuilderResult)pathBuilder.build(params);
}
示例7: testIssuer
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testIssuer() throws IOException {
System.out.println("X.509 Certificate Match on issuer");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setIssuer("ou=bogus,ou=east,o=sun,c=us");
checkMatch(selector, cert, false);
// good match
selector.setIssuer((cert.getIssuerX500Principal()).getName("RFC2253"));
checkMatch(selector, cert, true);
}
示例8: initCertPathSSCertChain
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void initCertPathSSCertChain() throws CertificateException,
InvalidAlgorithmParameterException, NoSuchAlgorithmException,
IOException {
// create certificates and CRLs
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bi = new ByteArrayInputStream(rootCert.getBytes());
rootCertificateSS = (X509Certificate) cf.generateCertificate(bi);
bi = new ByteArrayInputStream(endCert.getBytes());
endCertificate = (X509Certificate) cf.generateCertificate(bi);
BigInteger revokedSerialNumber = BigInteger.valueOf(1);
crl = new MyCRL("X.509");
// X509CRL rootCRL = X509CRL;
// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
// .getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List<Object> list = new ArrayList<Object>();
list.add(rootCertificateSS);
list.add(endCertificate);
CollectionCertStoreParameters params = new CollectionCertStoreParameters(
list);
store = CertStore.getInstance("Collection", params);
theCertSelector = new X509CertSelector();
theCertSelector.setCertificate(endCertificate);
theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
.getEncoded());
// build the path
builder = CertPathBuilder.getInstance("PKIX");
}
示例9: test_getIssuerAsBytes
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getIssuerAsBytes()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getIssuerAsBytes",
args = {}
)
public void test_getIssuerAsBytes() {
byte[] name1 = new byte[]
// manually obtained DER encoding of "O=First Org." issuer name;
{ 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
116, 32, 79, 114, 103, 46 };
byte[] name2 = new byte[]
// manually obtained DER encoding of "O=Second Org." issuer name;
{ 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
110, 100, 32, 79, 114, 103, 46 };
X500Principal iss1 = new X500Principal(name1);
X500Principal iss2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
try {
assertNull("Selector should return null", selector
.getIssuerAsBytes());
selector.setIssuer(iss1);
assertTrue("The returned issuer should be equal to specified",
Arrays.equals(name1, selector.getIssuerAsBytes()));
assertFalse("The returned issuer should differ", name2
.equals(selector.getIssuerAsBytes()));
selector.setIssuer(iss2);
assertTrue("The returned issuer should be equal to specified",
Arrays.equals(name2, selector.getIssuerAsBytes()));
} catch (IOException e) {
fail("Unexpected IOException was thrown.");
}
}
示例10: test_setIssuerLjavax_security_auth_x500_X500Principal
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#setIssuer(javax.security.auth.x500.X500Principal)
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "setIssuer",
args = {javax.security.auth.x500.X500Principal.class}
)
public void test_setIssuerLjavax_security_auth_x500_X500Principal()
throws CertificateException {
X500Principal iss1 = new X500Principal("O=First Org.");
X500Principal iss2 = new X500Principal("O=Second Org.");
TestCert cert1 = new TestCert(iss1);
TestCert cert2 = new TestCert(iss2);
X509CertSelector selector = new X509CertSelector();
selector.setIssuer((X500Principal) null);
assertTrue("Any certificates should match "
+ "in the case of null issuer criteria.", selector.match(cert1)
&& selector.match(cert2));
selector.setIssuer(iss1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert2));
selector.setIssuer(iss2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert2));
}
示例11: setupEnvironment
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void setupEnvironment() throws Exception {
// create certificates and CRLs
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ByteArrayInputStream bi = new ByteArrayInputStream(TestUtils.rootCert.getBytes());
rootCertificate = (X509Certificate) cf.generateCertificate(bi);
bi = new ByteArrayInputStream(TestUtils.endCert.getBytes());
endCertificate = (X509Certificate) cf.generateCertificate(bi);
BigInteger revokedSerialNumber = BigInteger.valueOf(1);
crl = new MyCRL("X.509");
// X509CRL rootCRL = X509CRL;
// X509CRL interCRL = X509CRLExample.createCRL(interCert, interPair
// .getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List<Object> list = new ArrayList<Object>();
list.add(rootCertificate);
list.add(endCertificate);
// CollectionCertStoreParameters params = new CollectionCertStoreParameters(
// list);
// CertStore store = CertStore.getInstance("Collection", params);
//
theCertSelector = new X509CertSelector();
theCertSelector.setCertificate(endCertificate);
theCertSelector.setIssuer(endCertificate.getIssuerX500Principal()
.getEncoded());
// build the path
builder = CertPathBuilder.getInstance("PKIX");
}
示例12: if
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingEECerts
(ReverseState currentState, List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException {
/*
* Compose a CertSelector to filter out
* certs which do not satisfy requirements.
*
* First, retrieve clone of current target cert constraints, and
* then add more selection criteria based on current validation state.
*/
X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone();
/*
* Match on issuer (subject of previous cert)
*/
sel.setIssuer(currentState.subjectDN);
/*
* Match on certificate validity date.
*/
sel.setCertificateValid(buildParams.date());
/*
* Policy processing optimizations
*/
if (currentState.explicitPolicy == 0)
sel.setPolicy(getMatchingPolicies());
/*
* If previous cert has a subject key identifier extension,
* use it to match on authority key identifier extension.
*/
/*if (currentState.subjKeyId != null) {
AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
(KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
null, null);
sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
}*/
/*
* Require EE certs
*/
sel.setBasicConstraints(-2);
/* Retrieve matching certs from CertStores */
HashSet<X509Certificate> eeCerts = new HashSet<>();
addMatchingCerts(sel, certStores, eeCerts, true);
if (debug != null) {
debug.println("ReverseBuilder.getMatchingEECerts got "
+ eeCerts.size() + " certs.");
}
return eeCerts;
}
示例13: X509CertSelector
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingCACerts
(ReverseState currentState, List<CertStore> certStores)
throws CertificateException, CertStoreException, IOException {
/*
* Compose a CertSelector to filter out
* certs which do not satisfy requirements.
*/
X509CertSelector sel = new X509CertSelector();
/*
* Match on issuer (subject of previous cert)
*/
sel.setIssuer(currentState.subjectDN);
/*
* Match on certificate validity date.
*/
sel.setCertificateValid(buildParams.date());
/*
* Match on target subject name (checks that current cert's
* name constraints permit it to certify target).
* (4 is the integer type for DIRECTORY name).
*/
byte[] subject = targetCertConstraints.getSubjectAsBytes();
if (subject != null) {
sel.addPathToName(4, subject);
} else {
X509Certificate cert = targetCertConstraints.getCertificate();
if (cert != null) {
sel.addPathToName(4,
cert.getSubjectX500Principal().getEncoded());
}
}
/*
* Policy processing optimizations
*/
if (currentState.explicitPolicy == 0)
sel.setPolicy(getMatchingPolicies());
/*
* If previous cert has a subject key identifier extension,
* use it to match on authority key identifier extension.
*/
/*if (currentState.subjKeyId != null) {
AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
(KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
null, null);
sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
}*/
/*
* Require CA certs
*/
sel.setBasicConstraints(0);
/* Retrieve matching certs from CertStores */
ArrayList<X509Certificate> reverseCerts = new ArrayList<>();
addMatchingCerts(sel, certStores, reverseCerts, true);
/* Sort remaining certs using name constraints */
Collections.sort(reverseCerts, new PKIXCertComparator());
if (debug != null)
debug.println("ReverseBuilder.getMatchingCACerts got " +
reverseCerts.size() + " certs.");
return reverseCerts;
}
示例14: processKeyInfo
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
static KeyInfoRes processKeyInfo(
KeyInfo keyInfo) throws CertificateValidationException
{
if (null == keyInfo || !keyInfo.containsX509Data())
{
throw new InvalidKeyInfoDataException("No X509Data to identify the leaf certificate");
}
List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
XMLX509IssuerSerial issuerSerial = null;
X509CertSelector certSelector = new X509CertSelector();
// XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
// that appear MUST refer to the certificate or certificates containing the
// validation key."
// "All certificates appearing in an X509Data element MUST relate to the
// validation key by either containing it or being part of a certification
// chain that terminates in a certificate containing the validation key".
// Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
// first to be found is used to select the leaf certificate. If none of those
// elements is present, the first ds:X509Certificate is assumed as the signing
// certificate.
boolean hasSelectionCriteria = false;
try
{
for (int i = 0; i < keyInfo.lengthX509Data(); ++i)
{
X509Data x509Data = keyInfo.itemX509Data(i);
if(!hasSelectionCriteria)
{
if (x509Data.containsIssuerSerial())
{
issuerSerial = x509Data.itemIssuerSerial(0);
certSelector.setIssuer(new X500Principal(issuerSerial.getIssuerName()));
certSelector.setSerialNumber(issuerSerial.getSerialNumber());
hasSelectionCriteria = true;
}
else if (x509Data.containsSubjectName())
{
certSelector.setSubject(new X500Principal(x509Data.itemSubjectName(0).getSubjectName()));
hasSelectionCriteria = true;
}
}
// Collect all certificates as they may be needed to build the cert path.
if (x509Data.containsCertificate())
{
for (int j = 0; j < x509Data.lengthCertificate(); ++j)
{
keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
}
}
}
if(!hasSelectionCriteria)
{
if(keyInfoCerts.isEmpty())
{
// No criteria to select the leaf certificate.
// Improvement: search the SigningCertiticate property and try to
// find the "bottom" certificate.
throw new InvalidKeyInfoDataException("No criteria to select the leaf certificate");
}
certSelector.setCertificate(keyInfoCerts.get(0));
}
}
catch (XMLSecurityException ex)
{
throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
}
return new KeyInfoRes(keyInfoCerts, certSelector, issuerSerial);
}
示例15: if
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private Collection<X509Certificate> getMatchingEECerts
(ReverseState currentState, List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException {
/*
* Compose a CertSelector to filter out
* certs which do not satisfy requirements.
*
* First, retrieve clone of current target cert constraints,
* and then add more selection criteria based on current validation state.
*/
X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone();
/*
* Match on issuer (subject of previous cert)
*/
sel.setIssuer(currentState.subjectDN);
/*
* Match on certificate validity date.
*/
sel.setCertificateValid(date);
/*
* Policy processing optimizations
*/
if (currentState.explicitPolicy == 0)
sel.setPolicy(getMatchingPolicies());
/*
* If previous cert has a subject key identifier extension,
* use it to match on authority key identifier extension.
*/
/*if (currentState.subjKeyId != null) {
AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
(KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
null, null);
sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
}*/
/*
* Require EE certs
*/
sel.setBasicConstraints(-2);
/* Retrieve matching certs from CertStores */
HashSet<X509Certificate> eeCerts = new HashSet<X509Certificate>();
addMatchingCerts(sel, certStores, eeCerts, true);
if (debug != null) {
debug.println("ReverseBuilder.getMatchingEECerts got " + eeCerts.size()
+ " certs.");
}
return eeCerts;
}