当前位置: 首页>>代码示例>>Java>>正文


Java X509CertSelector.setSubject方法代码示例

本文整理汇总了Java中java.security.cert.X509CertSelector.setSubject方法的典型用法代码示例。如果您正苦于以下问题:Java X509CertSelector.setSubject方法的具体用法?Java X509CertSelector.setSubject怎么用?Java X509CertSelector.setSubject使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509CertSelector的用法示例。


在下文中一共展示了X509CertSelector.setSubject方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: testValidateMy

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Test
public void testValidateMy() throws Exception
{
    System.out.println("validateMy");

    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/my");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/my/myStore");
    ks.load(fis, "mystorepass".toCharArray());
    fis.close();

    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = Luis Goncalves,OU = CC,O = ISEL,C = PT"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();

    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, false, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 3);
}
 
开发者ID:luisgoncalves,项目名称:xades4j,代码行数:20,代码来源:PKIXCertificateValidationProviderTest.java

示例2: testValidateNist

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
@Test
public void testValidateNist() throws Exception
{
    System.out.println("validateNist");

    FileSystemDirectoryCertStore certStore = new FileSystemDirectoryCertStore("./src/test/cert/csrc.nist");
    KeyStore ks = KeyStore.getInstance("jks");
    FileInputStream fis = new FileInputStream("./src/test/cert/csrc.nist/trustAnchor");
    ks.load(fis, "password".toCharArray());
    fis.close();

    X509CertSelector certSelector = new X509CertSelector();
    certSelector.setSubject(new X500Principal("CN = User1-CP.02.01,OU = Testing,OU = DoD,O = U.S. Government,C = US"));
    Collection<X509Certificate> otherCerts = Collections.emptyList();

    PKIXCertificateValidationProvider instance = new PKIXCertificateValidationProvider(ks, true, certStore.getStore());
    ValidationData result = instance.validate(certSelector, new Date(), otherCerts);
    assertEquals(result.getCerts().size(), 4);
    assertEquals(result.getCrls().size(), 3);
}
 
开发者ID:luisgoncalves,项目名称:xades4j,代码行数:21,代码来源:PKIXCertificateValidationProviderTest.java

示例3: test_getSubject

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#getSubject()
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getSubject",
    args = {}
)
public void test_getSubject() {
    X500Principal sub1 = new X500Principal("O=First Org.");
    X500Principal sub2 = new X500Principal("O=Second Org.");
    X509CertSelector selector = new X509CertSelector();

    assertNull("Selector should return null", selector.getSubject());
    selector.setSubject(sub1);
    assertEquals("The returned subject should be equal to specified", sub1,
            selector.getSubject());
    assertFalse("The returned subject should differ", sub2.equals(selector
            .getSubject()));
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:22,代码来源:X509CertSelectorTest.java

示例4: test_getSubjectAsString

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#getSubjectAsString()
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getSubjectAsString",
    args = {}
)
public void test_getSubjectAsString() {
    String name1 = "O=First Org.";
    String name2 = "O=Second Org.";
    X500Principal sub1 = new X500Principal(name1);
    X500Principal sub2 = new X500Principal(name2);
    X509CertSelector selector = new X509CertSelector();

    assertNull("Selector should return null", selector.getSubjectAsString());
    selector.setSubject(sub1);
    assertEquals("The returned subject should be equal to specified",
            name1, selector.getSubjectAsString());
    assertFalse("The returned subject should differ", name2.equals(selector
            .getSubjectAsString()));
    selector.setSubject(sub2);
    assertEquals("The returned subject should be equal to specified",
            name2, selector.getSubjectAsString());
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:27,代码来源:X509CertSelectorTest.java

示例5: doBuild

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void doBuild(X509Certificate userCert) throws Exception {
        // get the set of trusted CA certificates (only one in this instance)
        HashSet trustAnchors = new HashSet();
        X509Certificate trustedCert = getTrustedCertificate();
        trustAnchors.add(new TrustAnchor(trustedCert, null));

        // put together a CertStore (repository of the certificates and CRLs)
        ArrayList certs = new ArrayList();
        certs.add(trustedCert);
        certs.add(userCert);
        CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
        CertStore certStore = CertStore.getInstance("Collection", certStoreParams);

        // specify the target certificate via a CertSelector
        X509CertSelector certSelector = new X509CertSelector();
        certSelector.setCertificate(userCert);
        certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required

        // build a valid cerificate path
        CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
        PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
        certPathBuilderParams.addCertStore(certStore);
        certPathBuilderParams.setRevocationEnabled(false);
        CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);

        // get and show cert path
        CertPath certPath = result.getCertPath();
//        System.out.println(certPath.toString());
    }
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:30,代码来源:NoExtensions.java

示例6: testSubject

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void testSubject() throws IOException {
    System.out.println("X.509 Certificate Match on subject");
    // bad match
    X509CertSelector selector = new X509CertSelector();
    selector.setSubject("ou=bogus,ou=east,o=sun,c=us");
    checkMatch(selector, cert, false);

    // good match
    selector.setSubject(cert.getSubjectX500Principal().getName("RFC2253"));
    checkMatch(selector, cert, true);
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:12,代码来源:X509CertSelectorTest.java

示例7: test_getSubjectAsBytes

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#getSubjectAsBytes()
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getSubjectAsBytes",
    args = {}
)
public void test_getSubjectAsBytes() {
    byte[] name1 = new byte[]
    // manually obtained DER encoding of "O=First Org." issuer name;
    { 48, 21, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 70, 105, 114, 115,
            116, 32, 79, 114, 103, 46 };
    byte[] name2 = new byte[]
    // manually obtained DER encoding of "O=Second Org." issuer name;
    { 48, 22, 49, 20, 48, 18, 6, 3, 85, 4, 10, 19, 11, 83, 101, 99, 111,
            110, 100, 32, 79, 114, 103, 46 };

    X500Principal sub1 = new X500Principal(name1);
    X500Principal sub2 = new X500Principal(name2);
    X509CertSelector selector = new X509CertSelector();

    try {
        assertNull("Selector should return null", selector
                .getSubjectAsBytes());
        selector.setSubject(sub1);
        assertTrue("The returned issuer should be equal to specified",
                Arrays.equals(name1, selector.getSubjectAsBytes()));
        assertFalse("The returned issuer should differ", name2
                .equals(selector.getSubjectAsBytes()));
        selector.setSubject(sub2);
        assertTrue("The returned issuer should be equal to specified",
                Arrays.equals(name2, selector.getSubjectAsBytes()));
    } catch (IOException e) {
        fail("Unexpected IOException was thrown.");
    }
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:39,代码来源:X509CertSelectorTest.java

示例8: test_setSubjectLjavax_security_auth_x500_X500Principal

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
/**
 * @tests java.security.cert.X509CertSelector#setSubject(javax.security.auth.x500.X500Principal)
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "setSubject",
    args = {javax.security.auth.x500.X500Principal.class}
)
public void test_setSubjectLjavax_security_auth_x500_X500Principal()
        throws CertificateException {
    X500Principal sub1 = new X500Principal("O=First Org.");
    X500Principal sub2 = new X500Principal("O=Second Org.");
    TestCert cert1 = new TestCert(sub1);
    TestCert cert2 = new TestCert(sub2);
    X509CertSelector selector = new X509CertSelector();

    selector.setSubject((X500Principal) null);
    assertTrue("Any certificates should match "
            + "in the case of null subjcet criteria.", selector
            .match(cert1)
            && selector.match(cert2));
    selector.setSubject(sub1);
    assertTrue("The certificate should match the selection criteria.",
            selector.match(cert1));
    assertFalse("The certificate should not match the selection criteria.",
            selector.match(cert2));
    selector.setSubject(sub2);
    assertTrue("The certificate should match the selection criteria.",
            selector.match(cert2));
}
 
开发者ID:keplersj,项目名称:In-the-Box-Fork,代码行数:32,代码来源:X509CertSelectorTest.java

示例9: baseTest

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void baseTest()
    throws Exception
{
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

        // initialise CertStore
    X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
    X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
    X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
    X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
    X509CRL interCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
    List list = new ArrayList();
    list.add(rootCert);
    list.add(interCert);
    list.add(finalCert);
    list.add(rootCrl);
    list.add(interCrl);
    CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
    Calendar validDate = Calendar.getInstance();
    validDate.set(2008,8,4,14,49,10);

        //Searching for rootCert by subjectDN without CRL
    Set trust = new HashSet();
    trust.add(new TrustAnchor(rootCert, null));

    CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
    PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
    params.addCertStore(store);
    params.setDate(validDate.getTime());
    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
    CertPath                  path = result.getCertPath();

    if (path.getCertificates().size() != 2)
    {
        fail("wrong number of certs in baseTest path");
    }
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:41,代码来源:CertPathBuilderTest.java

示例10: getTrustAnchors

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
{
    Collection trustColl = new ArrayList();
    Iterator it = trustanchors.iterator();
    
    X509CertSelector certSelectX509 = new X509CertSelector();

    try
    {
        certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
        byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());

        if (ext != null)
        {
            ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(ext);
            AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets()));

            certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
            byte[] keyID = authID.getKeyIdentifier();
            if (keyID != null)
            {
                certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
            }
        }
    }
    catch (IOException ex)
    {
        ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
        throw new CertPathReviewerException(msg);
    }

    while (it.hasNext())
    {
        TrustAnchor trust = (TrustAnchor) it.next();
        if (trust.getTrustedCert() != null)
        {
            if (certSelectX509.match(trust.getTrustedCert()))
            {
                trustColl.add(trust);
            }
        }
        else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
        {
            X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
            X500Principal caName = new X500Principal(trust.getCAName());
            if (certIssuer.equals(caName))
            {
                trustColl.add(trust);
            }
        }
    }
    return trustColl;
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:54,代码来源:PKIXCertPathReviewer.java

示例11: testCtorByPKIXBuilderParams

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
public static void testCtorByPKIXBuilderParams(Set<X509Certificate> certSet)
        throws Exception {
    Set<TrustAnchor> taSet = makeTrustAnchorSet(certSet);
    Validator valOK;
    Validator valNoGood;
    X509Certificate[] chain = new X509Certificate[1];
    Set<X509Certificate> intermeds = new HashSet<>();

    // Case 7: Make a PKIXValidator with valid arguments
    // Expected result: Well-formed PKIXValidator object
    System.out.println("Constructor test 7: Valid inputs");

    // Set up the PKIXBuilderParameters
    X509CertSelector sel = new X509CertSelector();
    sel.setSubject("CN=User");
    PKIXBuilderParameters pbParams = new PKIXBuilderParameters(taSet, sel);
    pbParams.setRevocationEnabled(false);
    pbParams.setDate(new Date(1426399200000L)); // 03-15-2014 6:00:00 GMT

    valOK = Validator.getInstance(Validator.TYPE_PKIX,
            Validator.VAR_GENERIC, pbParams);

    // Convert our user cert from PEM format, then do the same for
    // its intermediate signer and add that as a helper for path building
    chain[0] = makeCertFromPEM(USER);
    intermeds.add(makeCertFromPEM(INTERMED));

    showValidatedChain(valOK, chain, intermeds);

    // Case 8: Make a PKIXValidator but provide a null PKIXBuilderParameters
    // Expected result: throw NullPointerException
    System.out.println("Constructor test 8: null params");
    try {
        valNoGood = Validator.getInstance(Validator.TYPE_PKIX,
                Validator.VAR_GENERIC, (PKIXBuilderParameters)null);
        // Throw something non Runtime-related to indicate we shouldn't
        // have succeeded on construction.
        throw new IOException(
                "Constructor did not throw NullPointerException");
    } catch (NullPointerException npe) {
        System.out.println("\tCaught RuntimeException (" + npe.toString() +
                ") [PASS])");
    }
}
 
开发者ID:AdoptOpenJDK,项目名称:openjdk-jdk10,代码行数:45,代码来源:ConstructorTest.java

示例12: processKeyInfo

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
static KeyInfoRes processKeyInfo(
        KeyInfo keyInfo) throws CertificateValidationException
{
    if (null == keyInfo || !keyInfo.containsX509Data())
    {
        throw new InvalidKeyInfoDataException("No X509Data to identify the leaf certificate");
    }

    List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
    XMLX509IssuerSerial issuerSerial = null;
    X509CertSelector certSelector = new X509CertSelector();

    // XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
    // that appear MUST refer to the certificate or certificates containing the
    // validation key."
    // "All certificates appearing in an X509Data element MUST relate to the
    // validation key by either containing it or being part of a certification
    // chain that terminates in a certificate containing the validation key".

    // Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
    // first to be found is used to select the leaf certificate. If none of those
    // elements is present, the first ds:X509Certificate is assumed as the signing
    // certificate.
    boolean hasSelectionCriteria = false;

    try
    {
        for (int i = 0; i < keyInfo.lengthX509Data(); ++i)
        {
            X509Data x509Data = keyInfo.itemX509Data(i);

            if(!hasSelectionCriteria)
            {
                if (x509Data.containsIssuerSerial())
                {
                    issuerSerial = x509Data.itemIssuerSerial(0);
                    certSelector.setIssuer(new X500Principal(issuerSerial.getIssuerName()));
                    certSelector.setSerialNumber(issuerSerial.getSerialNumber());
                    hasSelectionCriteria = true;
                }
                else if (x509Data.containsSubjectName())
                {
                    certSelector.setSubject(new X500Principal(x509Data.itemSubjectName(0).getSubjectName()));
                    hasSelectionCriteria = true;
                }
            }

            // Collect all certificates as they may be needed to build the cert path.
            if (x509Data.containsCertificate())
            {
                for (int j = 0; j < x509Data.lengthCertificate(); ++j)
                {
                    keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
                }
            }
        }

        if(!hasSelectionCriteria)
        {
            if(keyInfoCerts.isEmpty())
            {
                // No criteria to select the leaf certificate.
                // Improvement: search the SigningCertiticate property and try to
                // find the "bottom" certificate.
                throw new InvalidKeyInfoDataException("No criteria to select the leaf certificate");
            }
            certSelector.setCertificate(keyInfoCerts.get(0));
        }
    }
    catch (XMLSecurityException ex)
    {
        throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
    }

    return new KeyInfoRes(keyInfoCerts, certSelector, issuerSerial);
}
 
开发者ID:luisgoncalves,项目名称:xades4j,代码行数:77,代码来源:SignatureUtils.java

示例13: test

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void test(String _name, String[] _data, Set _ipolset,
        boolean _explicit, boolean _accept, boolean _debug)
{

    testCount++;
    boolean _pass = true;

    try
    {
        CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
        X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
        X509CertSelector _select = new X509CertSelector();
        _select.setSubject(_ee.getSubjectX500Principal().getEncoded());

        PKIXBuilderParameters _param = new PKIXBuilderParameters(
                trustedSet, _select);
        _param.setExplicitPolicyRequired(_explicit);
        _param.addCertStore(makeCertStore(_data));
        _param.setRevocationEnabled(true);
        if (_ipolset != null)
        {
            _param.setInitialPolicies(_ipolset);
        }

        CertPathBuilderResult _result = _cpb.build(_param);

        if (!_accept)
        {
            System.out.println("Accept when it should reject");
            _pass = false;
            testFail.addElement(_name);
        }
    }
    catch (Exception ex)
    {
        if (_accept)
        {
            System.out.println("Reject when it should accept");
            _pass = false;
            testFail.addElement(_name);
        }
    }

    resultBuf.append("NISTCertPathTest -- ").append(_name).append(": ")
            .append(_pass ? "\n" : "Failed.\n");
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:47,代码来源:NISTCertPathTest.java

示例14: basicTest

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void basicTest()
    throws Exception
{
    CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");

    X509Certificate rootCert = (X509Certificate)cf
            .generateCertificate(new ByteArrayInputStream(
                    CertPathTest.rootCertBin));
    X509Certificate interCert = (X509Certificate)cf
            .generateCertificate(new ByteArrayInputStream(
                    CertPathTest.interCertBin));
    X509Certificate finalCert = (X509Certificate)cf
            .generateCertificate(new ByteArrayInputStream(
                    CertPathTest.finalCertBin));
    X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(
            CertPathTest.rootCrlBin));
    X509CRL interCrl = (X509CRL)cf
            .generateCRL(new ByteArrayInputStream(
                    CertPathTest.interCrlBin));

    // Testing CollectionCertStore generation from List
    List list = new ArrayList();
    list.add(rootCert);
    list.add(interCert);
    list.add(finalCert);
    list.add(rootCrl);
    list.add(interCrl);
    CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
    CertStore store1 = CertStore.getInstance("Collection", ccsp, "BC");
    CertStore store2 = CertStore.getInstance("Collection", ccsp, "BC");

    List storeList = new ArrayList();
    storeList.add(store1);
    storeList.add(store2);
    CertStore store = CertStore.getInstance("Multi", new MultiCertStoreParameters(storeList));

    // Searching for rootCert by subjectDN
    X509CertSelector targetConstraints = new X509CertSelector();
    targetConstraints.setSubject(rootCert.getSubjectX500Principal().getName());
    Collection certs = store.getCertificates(targetConstraints);

    if (certs.size() != 2 || !certs.contains(rootCert))
    {
        fail("2 rootCerts not found by subjectDN");
    }

    store = CertStore.getInstance("Multi", new MultiCertStoreParameters(storeList, false));
    certs = store.getCertificates(targetConstraints);
    
    if (certs.size() != 1 || !certs.contains(rootCert))
    {
        fail("1 rootCert not found by subjectDN");
    }
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:55,代码来源:MultiCertStoreTest.java

示例15: v0Test

import java.security.cert.X509CertSelector; //导入方法依赖的package包/类
private void v0Test()
    throws Exception
{
    // create certificates and CRLs
    KeyPair         rootPair = TestUtils.generateRSAKeyPair();
    KeyPair         interPair = TestUtils.generateRSAKeyPair();
    KeyPair         endPair = TestUtils.generateRSAKeyPair();

    X509Certificate rootCert = TestUtils.generateRootCert(rootPair);
    X509Certificate interCert = TestUtils.generateIntermediateCert(interPair.getPublic(), rootPair.getPrivate(), rootCert);
    X509Certificate endCert = TestUtils.generateEndEntityCert(endPair.getPublic(), interPair.getPrivate(), interCert);

    BigInteger      revokedSerialNumber = BigInteger.valueOf(2);
    X509CRL         rootCRL = TestUtils.createCRL(rootCert, rootPair.getPrivate(), revokedSerialNumber);
    X509CRL         interCRL = TestUtils.createCRL(interCert, interPair.getPrivate(), revokedSerialNumber);

    // create CertStore to support path building
    List list = new ArrayList();

    list.add(rootCert);
    list.add(interCert);
    list.add(endCert);
    list.add(rootCRL);
    list.add(interCRL);

    CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
    CertStore                     store = CertStore.getInstance("Collection", params);

    // build the path
    CertPathBuilder  builder = CertPathBuilder.getInstance("PKIX", "BC");
    X509CertSelector pathConstraints = new X509CertSelector();

    pathConstraints.setSubject(endCert.getSubjectX500Principal().getEncoded());

    PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCert, null)), pathConstraints);

    buildParams.addCertStore(store);
    buildParams.setDate(new Date());

    PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult)builder.build(buildParams);
    CertPath                  path = result.getCertPath();

    if (path.getCertificates().size() != 2)
    {
        fail("wrong number of certs in v0Test path");
    }
}
 
开发者ID:NoYouShutup,项目名称:CryptMeme,代码行数:48,代码来源:CertPathBuilderTest.java


注:本文中的java.security.cert.X509CertSelector.setSubject方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。