本文整理汇总了Java中java.security.cert.X509CertSelector.setSubject方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setSubject方法的具体用法?Java X509CertSelector.setSubject怎么用?Java X509CertSelector.setSubject使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509CertSelector
的用法示例。
在下文中一共展示了X509CertSelector.setSubject方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testValidateMy
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Test
public void testValidateMy() throws Exception
{
System.out.println("validateMy");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
ks.load(fis, "mystorepass".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 3);
}
示例2: testValidateNist
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Test
public void testValidateNist() throws Exception
{
System.out.println("validateNist");
FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
KeyStore ks = KeyStore.getInstance("jks");
FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
ks.load(fis, "password".toCharArray());
fis.close();
X509CertSelector certSelector = new X509CertSelector();
certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
Collection<X509Certificate> otherCerts = Collections.emptyList();
PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
assertEquals(result.getCerts().size(), 4);
assertEquals(result.getCrls().size(), 3);
}
示例3: test_getSubject
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getSubject()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getSubject",
args = {}
)
public void test_getSubject() {
X500Principal sub1 = new X500Principal("O=First Org.");
X500Principal sub2 = new X500Principal("O=Second Org.");
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSubject());
selector.setSubject(sub1);
assertEquals("The returned subject should be equal to specified", sub1,
selector.getSubject());
assertFalse("The returned subject should differ", sub2.equals(selector
.getSubject()));
}
示例4: test_getSubjectAsString
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getSubjectAsString()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getSubjectAsString",
args = {}
)
public void test_getSubjectAsString() {
String name1 = "O=First Org.";
String name2 = "O=Second Org.";
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
assertNull("Selector should return null", selector.getSubjectAsString());
selector.setSubject(sub1);
assertEquals("The returned subject should be equal to specified",
name1, selector.getSubjectAsString());
assertFalse("The returned subject should differ", name2.equals(selector
.getSubjectAsString()));
selector.setSubject(sub2);
assertEquals("The returned subject should be equal to specified",
name2, selector.getSubjectAsString());
}
示例5: doBuild
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
示例6: testSubject
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testSubject() throws IOException {
System.out.println("X.509 Certificate Match on subject");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSubject("ou=bogus,ou=east,o=sun,c=us");
checkMatch(selector, cert, false);
// good match
selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253"));
checkMatch(selector, cert, true);
}
示例7: test_getSubjectAsBytes
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#getSubjectAsBytes()
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "getSubjectAsBytes",
args = {}
)
public void test_getSubjectAsBytes() {
byte[] name1 = new byte[]
// manually obtained DER encoding of "O=First Org." issuer name;
{ 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
116, 32, 79, 114, 103, 46 };
byte[] name2 = new byte[]
// manually obtained DER encoding of "O=Second Org." issuer name;
{ 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
110, 100, 32, 79, 114, 103, 46 };
X500Principal sub1 = new X500Principal(name1);
X500Principal sub2 = new X500Principal(name2);
X509CertSelector selector = new X509CertSelector();
try {
assertNull("Selector should return null", selector
.getSubjectAsBytes());
selector.setSubject(sub1);
assertTrue("The returned issuer should be equal to specified",
Arrays.equals(name1, selector.getSubjectAsBytes()));
assertFalse("The returned issuer should differ", name2
.equals(selector.getSubjectAsBytes()));
selector.setSubject(sub2);
assertTrue("The returned issuer should be equal to specified",
Arrays.equals(name2, selector.getSubjectAsBytes()));
} catch (IOException e) {
fail("Unexpected IOException was thrown.");
}
}
示例8: test_setSubjectLjavax_security_auth_x500_X500Principal
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
* @tests java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal)
*/
@TestTargetNew(
level = TestLevel.COMPLETE,
notes = "",
method = "setSubject",
args = {javax.security.auth.x500.X500Principal.class}
)
public void test_setSubjectLjavax_security_auth_x500_X500Principal()
throws CertificateException {
X500Principal sub1 = new X500Principal("O=First Org.");
X500Principal sub2 = new X500Principal("O=Second Org.");
TestCert cert1 = new TestCert(sub1);
TestCert cert2 = new TestCert(sub2);
X509CertSelector selector = new X509CertSelector();
selector.setSubject((X500Principal) null);
assertTrue("Any certificates should match "
+ "in the case of null subjcet criteria.", selector
.match(cert1)
&& selector.match(cert2));
selector.setSubject(sub1);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert1));
assertFalse("The certificate should not match the selection criteria.",
selector.match(cert2));
selector.setSubject(sub2);
assertTrue("The certificate should match the selection criteria.",
selector.match(cert2));
}
示例9: baseTest
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void baseTest()
throws Exception
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
// initialise CertStore
X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
X509CRL interCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
List list = new ArrayList();
list.add(rootCert);
list.add(interCert);
list.add(finalCert);
list.add(rootCrl);
list.add(interCrl);
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
Calendar validDate = Calendar.getInstance();
validDate.set(2008,8,4,14,49,10);
//Searching for rootCert by subjectDN without CRL
Set trust = new HashSet();
trust.add(new TrustAnchor(rootCert, null));
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
params.addCertStore(store);
params.setDate(validDate.getTime());
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
CertPath path = result.getCertPath();
if (path.getCertificates().size() != 2)
{
fail("wrong number of certs in baseTest path");
}
}
示例10: getTrustAnchors
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
{
Collection trustColl = new ArrayList();
Iterator it = trustanchors.iterator();
X509CertSelector certSelectX509 = new X509CertSelector();
try
{
certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (ext != null)
{
ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(ext);
AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets()));
certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
byte[] keyID = authID.getKeyIdentifier();
if (keyID != null)
{
certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
}
}
}
catch (IOException ex)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
throw new CertPathReviewerException(msg);
}
while (it.hasNext())
{
TrustAnchor trust = (TrustAnchor) it.next();
if (trust.getTrustedCert() != null)
{
if (certSelectX509.match(trust.getTrustedCert()))
{
trustColl.add(trust);
}
}
else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
{
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName))
{
trustColl.add(trust);
}
}
}
return trustColl;
}
示例11: testCtorByPKIXBuilderParams
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void testCtorByPKIXBuilderParams(Set<X509Certificate> certSet)
throws Exception {
Set<TrustAnchor> taSet = makeTrustAnchorSet(certSet);
Validator valOK;
Validator valNoGood;
X509Certificate[] chain = new X509Certificate[1];
Set<X509Certificate> intermeds = new HashSet<>();
// Case 7: Make a PKIXValidator with valid arguments
// Expected result: Well-formed PKIXValidator object
System.out.println("Constructor test 7: Valid inputs");
// Set up the PKIXBuilderParameters
X509CertSelector sel = new X509CertSelector();
sel.setSubject("CN=User");
PKIXBuilderParameters pbParams = new PKIXBuilderParameters(taSet, sel);
pbParams.setRevocationEnabled(false);
pbParams.setDate(new Date(1426399200000L)); // 03-15-2014 6:00:00 GMT
valOK = Validator.getInstance(Validator.TYPE_PKIX,
Validator.VAR_GENERIC, pbParams);
// Convert our user cert from PEM format, then do the same for
// its intermediate signer and add that as a helper for path building
chain[0] = makeCertFromPEM(USER);
intermeds.add(makeCertFromPEM(INTERMED));
showValidatedChain(valOK, chain, intermeds);
// Case 8: Make a PKIXValidator but provide a null PKIXBuilderParameters
// Expected result: throw NullPointerException
System.out.println("Constructor test 8: null params");
try {
valNoGood = Validator.getInstance(Validator.TYPE_PKIX,
Validator.VAR_GENERIC, (PKIXBuilderParameters)null);
// Throw something non Runtime-related to indicate we shouldn't
// have succeeded on construction.
throw new IOException(
"Constructor did not throw NullPointerException");
} catch (NullPointerException npe) {
System.out.println("\tCaught RuntimeException (" + npe.toString() +
") [PASS])");
}
}
示例12: processKeyInfo
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
static KeyInfoRes processKeyInfo(
KeyInfo keyInfo) throws CertificateValidationException
{
if (null == keyInfo || !keyInfo.containsX509Data())
{
throw new InvalidKeyInfoDataException("No X509Data to identify the leaf certificate");
}
List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
XMLX509IssuerSerial issuerSerial = null;
X509CertSelector certSelector = new X509CertSelector();
// XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
// that appear MUST refer to the certificate or certificates containing the
// validation key."
// "All certificates appearing in an X509Data element MUST relate to the
// validation key by either containing it or being part of a certification
// chain that terminates in a certificate containing the validation key".
// Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
// first to be found is used to select the leaf certificate. If none of those
// elements is present, the first ds:X509Certificate is assumed as the signing
// certificate.
boolean hasSelectionCriteria = false;
try
{
for (int i = 0; i < keyInfo.lengthX509Data(); ++i)
{
X509Data x509Data = keyInfo.itemX509Data(i);
if(!hasSelectionCriteria)
{
if (x509Data.containsIssuerSerial())
{
issuerSerial = x509Data.itemIssuerSerial(0);
certSelector.setIssuer(new X500Principal(issuerSerial.getIssuerName()));
certSelector.setSerialNumber(issuerSerial.getSerialNumber());
hasSelectionCriteria = true;
}
else if (x509Data.containsSubjectName())
{
certSelector.setSubject(new X500Principal(x509Data.itemSubjectName(0).getSubjectName()));
hasSelectionCriteria = true;
}
}
// Collect all certificates as they may be needed to build the cert path.
if (x509Data.containsCertificate())
{
for (int j = 0; j < x509Data.lengthCertificate(); ++j)
{
keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
}
}
}
if(!hasSelectionCriteria)
{
if(keyInfoCerts.isEmpty())
{
// No criteria to select the leaf certificate.
// Improvement: search the SigningCertiticate property and try to
// find the "bottom" certificate.
throw new InvalidKeyInfoDataException("No criteria to select the leaf certificate");
}
certSelector.setCertificate(keyInfoCerts.get(0));
}
}
catch (XMLSecurityException ex)
{
throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
}
return new KeyInfoRes(keyInfoCerts, certSelector, issuerSerial);
}
示例13: test
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void test(String _name, String[] _data, Set _ipolset,
boolean _explicit, boolean _accept, boolean _debug)
{
testCount++;
boolean _pass = true;
try
{
CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
X509CertSelector _select = new X509CertSelector();
_select.setSubject(_ee.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters _param = new PKIXBuilderParameters(
trustedSet, _select);
_param.setExplicitPolicyRequired(_explicit);
_param.addCertStore(makeCertStore(_data));
_param.setRevocationEnabled(true);
if (_ipolset != null)
{
_param.setInitialPolicies(_ipolset);
}
CertPathBuilderResult _result = _cpb.build(_param);
if (!_accept)
{
System.out.println("Accept when it should reject");
_pass = false;
testFail.addElement(_name);
}
}
catch (Exception ex)
{
if (_accept)
{
System.out.println("Reject when it should accept");
_pass = false;
testFail.addElement(_name);
}
}
resultBuf.append("NISTCertPathTest -- ").append(_name).append(": ")
.append(_pass ? "\n" : "Failed.\n");
}
示例14: basicTest
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void basicTest()
throws Exception
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
X509Certificate rootCert = (X509Certificate)cf
.generateCertificate(new ByteArrayInputStream(
CertPathTest.rootCertBin));
X509Certificate interCert = (X509Certificate)cf
.generateCertificate(new ByteArrayInputStream(
CertPathTest.interCertBin));
X509Certificate finalCert = (X509Certificate)cf
.generateCertificate(new ByteArrayInputStream(
CertPathTest.finalCertBin));
X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
CertPathTest.rootCrlBin));
X509CRL interCrl = (X509CRL)cf
.generateCRL(new ByteArrayInputStream(
CertPathTest.interCrlBin));
// Testing CollectionCertStore generation from List
List list = new ArrayList();
list.add(rootCert);
list.add(interCert);
list.add(finalCert);
list.add(rootCrl);
list.add(interCrl);
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
CertStore store1 = CertStore.getInstance("Collection", ccsp, "BC");
CertStore store2 = CertStore.getInstance("Collection", ccsp, "BC");
List storeList = new ArrayList();
storeList.add(store1);
storeList.add(store2);
CertStore store = CertStore.getInstance("Multi", new MultiCertStoreParameters(storeList));
// Searching for rootCert by subjectDN
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setSubject(rootCert.getSubjectX500Principal().getName());
Collection certs = store.getCertificates(targetConstraints);
if (certs.size() != 2 || !certs.contains(rootCert))
{
fail("2 rootCerts not found by subjectDN");
}
store = CertStore.getInstance("Multi", new MultiCertStoreParameters(storeList, false));
certs = store.getCertificates(targetConstraints);
if (certs.size() != 1 || !certs.contains(rootCert))
{
fail("1 rootCert not found by subjectDN");
}
}
示例15: v0Test
import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void v0Test()
throws Exception
{
// create certificates and CRLs
KeyPair rootPair = TestUtils.generateRSAKeyPair();
KeyPair interPair = TestUtils.generateRSAKeyPair();
KeyPair endPair = TestUtils.generateRSAKeyPair();
X509Certificate rootCert = TestUtils.generateRootCert(rootPair);
X509Certificate interCert = TestUtils.generateIntermediateCert(interPair.getPublic(), rootPair.getPrivate(), rootCert);
X509Certificate endCert = TestUtils.generateEndEntityCert(endPair.getPublic(), interPair.getPrivate(), interCert);
BigInteger revokedSerialNumber = BigInteger.valueOf(2);
X509CRL rootCRL = TestUtils.createCRL(rootCert, rootPair.getPrivate(), revokedSerialNumber);
X509CRL interCRL = TestUtils.createCRL(interCert, interPair.getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List list = new ArrayList();
list.add(rootCert);
list.add(interCert);
list.add(endCert);
list.add(rootCRL);
list.add(interCRL);
CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
CertStore store = CertStore.getInstance("Collection", params);
// build the path
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
X509CertSelector pathConstraints = new X509CertSelector();
pathConstraints.setSubject(endCert.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCert, null)), pathConstraints);
buildParams.addCertStore(store);
buildParams.setDate(new Date());
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult)builder.build(buildParams);
CertPath path = result.getCertPath();
if (path.getCertificates().size() != 2)
{
fail("wrong number of certs in v0Test path");
}
}