本文整理汇总了Java中java.security.cert.X509Certificate.checkValidity方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.checkValidity方法的具体用法?Java X509Certificate.checkValidity怎么用?Java X509Certificate.checkValidity使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate
的用法示例。
在下文中一共展示了X509Certificate.checkValidity方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Validate the X509Certificate received.
*
* @param cert the cert
* @throws GeneralSecurityException the general security exception
*/
private void validate(final X509Certificate cert) throws GeneralSecurityException {
cert.checkValidity();
this.revocationChecker.check(cert);
final int pathLength = cert.getBasicConstraints();
if (pathLength < 0) {
if (!isCertificateAllowed(cert)) {
throw new FailedLoginException(
"Certificate subject does not match pattern " + this.regExSubjectDnPattern.pattern());
}
if (this.checkKeyUsage && !isValidKeyUsage(cert)) {
throw new FailedLoginException(
"Certificate keyUsage constraint forbids SSL client authentication.");
}
} else {
// Check pathLength for CA cert
if (pathLength == Integer.MAX_VALUE && !this.maxPathLengthAllowUnspecified) {
throw new FailedLoginException("Unlimited certificate path length not allowed by configuration.");
} else if (pathLength > this.maxPathLength && pathLength < Integer.MAX_VALUE) {
throw new FailedLoginException(String.format(
"Certificate path length %s exceeds maximum value %s.", pathLength, this.maxPathLength));
}
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:31,代码来源:X509CredentialsAuthenticationHandler.java
示例2: verifyCertificate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* 检查证书链
*
* @param rootCerts
* 根证书
* @param cert
* 待验证的证书
* @return
*/
public static boolean verifyCertificate(X509Certificate cert) {
if ( null == cert) {
LogUtil.writeErrorLog("cert must Not null");
return false;
}
try {
cert.checkValidity();//验证有效期
// cert.verify(middleCert.getPublicKey());
if(!verifyCertificateChain(cert)){
return false;
}
} catch (Exception e) {
LogUtil.writeErrorLog("verifyCertificate fail", e);
return false;
}
if(SDKConfig.getConfig().isIfValidateCNName()){
// 验证公钥是否属于银联
if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))) {
LogUtil.writeErrorLog("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
return false;
}
} else {
// 验证公钥是否属于银联
if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))
&& !"00040000:SIGN".equals(CertUtil.getIdentitiesFromCertficate(cert))) {
LogUtil.writeErrorLog("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
return false;
}
}
return true;
}
示例3: verifyCertificate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* 检查证书链
*
* @param cert
* 待验证的证书
* @return
*/
public static boolean verifyCertificate(X509Certificate cert) {
if ( null == cert) {
log.error("cert must Not null");
return false;
}
try {
cert.checkValidity();//验证有效期
// cert.verify(middleCert.getPublicKey());
if(!verifyCertificateChain(cert)){
return false;
}
} catch (Exception e) {
log.error("verifyCertificate fail", e);
return false;
}
if(SDKConfig.getConfig().isIfValidateCNName()){
// 验证公钥是否属于银联
if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))) {
log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
return false;
}
} else {
// 验证公钥是否属于银联
if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))
&& !"00040000:SIGN".equals(CertUtil.getIdentitiesFromCertficate(cert))) {
log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
return false;
}
}
return true;
}
示例4: verify
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* verify that the given certificate successfully handles and confirms
* the signature associated with this signer and, if a signingTime
* attribute is available, that the certificate was valid at the time the
* signature was generated.
* @deprecated use verify(ContentVerifierProvider)
*/
public boolean verify(
X509Certificate cert,
Provider sigProvider)
throws NoSuchAlgorithmException,
CertificateExpiredException, CertificateNotYetValidException,
CMSException
{
Time signingTime = getSigningTime();
if (signingTime != null)
{
cert.checkValidity(signingTime.getDate());
}
return doVerify(cert.getPublicKey(), sigProvider);
}
示例5: getCertificateValidityString
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
try {
cert.checkValidity();
} catch (CertificateExpiredException ce) {
return "EXPIRED: ";
} catch (CertificateNotYetValidException cny) {
return "NOT YET VALID: ";
}
Date certNotAfter = cert.getNotAfter();
Date now = new Date();
long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
// More than 72h left, display days
// More than 3 months display months
if (timeLeft > 90l * 24 * 3600 * 1000) {
long months = getMonthsDifference(now, certNotAfter);
return res.getString(R.string.months_left, months);
} else if (timeLeft > 72 * 3600 * 1000) {
long days = timeLeft / (24 * 3600 * 1000);
return res.getString(R.string.days_left, days);
} else {
long hours = timeLeft / (3600 * 1000);
return res.getString(R.string.hours_left, hours);
}
}
示例6: isValid
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public boolean isValid ()
{
for ( final X509Certificate cert : this.certificates )
{
try
{
cert.checkValidity ();
return true;
}
catch ( final Exception e )
{
}
}
return false;
}
示例7: validate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private void validate(final X509Certificate cert) throws GeneralSecurityException {
cert.checkValidity();
this.revocationChecker.check(cert);
int pathLength = cert.getBasicConstraints();
if (pathLength < 0) {
if (!isCertificateAllowed(cert)) {
throw new FailedLoginException(
"Certificate subject does not match pattern " + this.regExSubjectDnPattern.pattern());
}
if (this.checkKeyUsage && !isValidKeyUsage(cert)) {
throw new FailedLoginException(
"Certificate keyUsage constraint forbids SSL client authentication.");
}
} else {
// Check pathLength for CA cert
if (pathLength == Integer.MAX_VALUE && this.maxPathLengthAllowUnspecified != true) {
throw new FailedLoginException("Unlimited certificate path length not allowed by configuration.");
} else if (pathLength > this.maxPathLength && pathLength < Integer.MAX_VALUE) {
throw new FailedLoginException(String.format(
"Certificate path length %s exceeds maximum value %s.", pathLength, this.maxPathLength));
}
}
}
示例8: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
this.trustManager.checkServerTrusted(chain, authType);
} catch (CertificateException cx) {
try {
X509Certificate x509Certificate = chain[0];
x509Certificate.checkValidity();
long unixTimestamp = Instant.now().getEpochSecond();
CertificateResolverModel resolverModel = new CertificateResolverModel(
x509Certificate, String.valueOf(unixTimestamp), getSha1Fingerprint(x509Certificate));
if (this.listener != null) {
this.listener.intercept(resolverModel);
}
} catch (NoSuchAlgorithmException e) {
LOG.error("Cannot generate SHA1 fingerprint for certificate", e);
}
throw cx;
}
}
示例9: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
if (x509Certificates == null) {
throw new IllegalArgumentException("Check Server x509Certificates is null");
}
if (x509Certificates.length < 0) {
throw new IllegalArgumentException("Check Server x509Certificates is empty");
}
try {
for (X509Certificate cert : x509Certificates) {
// Make sure that it hasn't expired.
cert.checkValidity();
//和App预埋的证书做对比
cert.verify(mCertificate.getPublicKey());
}
} catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) {
e.printStackTrace();
}
}
示例10: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
for (X509Certificate certificate : chain) {
certificate.checkValidity(); //检查证书是否过期,签名是否通过等
}
} catch (Exception e) {
throw new CertificateException(e);
}
}
示例11: validateCertificates
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* @throws CertificateException if the certificate has expired or if the certificate is not yet valid.
*/
@Override
public void validateCertificates(X509Certificate[] serverCertificates) throws CertificateException {
for (X509Certificate certificate : serverCertificates) {
certificate.checkValidity();
}
}
示例12: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException {
Date today = new Date();
for (X509Certificate certificate : certs) {
certificate.checkValidity(today);
}
}
示例13: createAcIssuerCert
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* we generate the AC issuer's certificate
*/
public static X509Certificate createAcIssuerCert(
PublicKey pubKey,
PrivateKey privKey)
throws Exception
{
//
// signers name
//
String issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
//
// subjects name - the same as we are self signed.
//
String subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";
//
// create the certificate - version 1
//
v1CertGen.setSerialNumber(BigInteger.valueOf(10));
v1CertGen.setIssuerDN(new X509Principal(issuer));
v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
v1CertGen.setSubjectDN(new X509Principal(subject));
v1CertGen.setPublicKey(pubKey);
v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate cert = v1CertGen.generate(privKey);
cert.checkValidity(new Date());
cert.verify(pubKey);
return cert;
}
示例14: checkClientTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkClientTrusted(X509Certificate[] certs, String arg1) throws CertificateException {
Date today = new Date();
for (X509Certificate certificate : certs) {
certificate.checkValidity(today);
}
}
示例15: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException
{
for (X509Certificate certificate : certificates)
{
certificate.checkValidity();
}
}