当前位置: 首页>>代码示例>>Java>>正文


Java X509Certificate.checkValidity方法代码示例

本文整理汇总了Java中java.security.cert.X509Certificate.checkValidity方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.checkValidity方法的具体用法?Java X509Certificate.checkValidity怎么用?Java X509Certificate.checkValidity使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509Certificate的用法示例。


在下文中一共展示了X509Certificate.checkValidity方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: validate

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Validate the X509Certificate received.
 *
 * @param cert the cert
 * @throws GeneralSecurityException the general security exception
 */
private void validate(final X509Certificate cert) throws GeneralSecurityException {
    cert.checkValidity();
    this.revocationChecker.check(cert);

    final int pathLength = cert.getBasicConstraints();
    if (pathLength < 0) {
        if (!isCertificateAllowed(cert)) {
            throw new FailedLoginException(
                    "Certificate subject does not match pattern " + this.regExSubjectDnPattern.pattern());
        }
        if (this.checkKeyUsage && !isValidKeyUsage(cert)) {
            throw new FailedLoginException(
                    "Certificate keyUsage constraint forbids SSL client authentication.");
        }
    } else {
        // Check pathLength for CA cert
        if (pathLength == Integer.MAX_VALUE && !this.maxPathLengthAllowUnspecified) {
            throw new FailedLoginException("Unlimited certificate path length not allowed by configuration.");
        } else if (pathLength > this.maxPathLength && pathLength < Integer.MAX_VALUE) {
            throw new FailedLoginException(String.format(
                    "Certificate path length %s exceeds maximum value %s.", pathLength, this.maxPathLength));
        }
    }
}
 
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:31,代码来源:X509CredentialsAuthenticationHandler.java

示例2: verifyCertificate

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
	 * 检查证书链
	 * 
	 * @param rootCerts
	 *            根证书
	 * @param cert
	 *            待验证的证书
	 * @return
	 */
	public static boolean verifyCertificate(X509Certificate cert) {
		
		if ( null == cert) {
			LogUtil.writeErrorLog("cert must Not null");
			return false;
		}
		try {
			cert.checkValidity();//验证有效期
//			cert.verify(middleCert.getPublicKey());
			if(!verifyCertificateChain(cert)){
				return false;
			}
		} catch (Exception e) {
			LogUtil.writeErrorLog("verifyCertificate fail", e);
			return false;
		}
		
		if(SDKConfig.getConfig().isIfValidateCNName()){
			// 验证公钥是否属于银联
			if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))) {
				LogUtil.writeErrorLog("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
				return false;
			}
		} else {
			// 验证公钥是否属于银联
			if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert)) 
					&& !"00040000:SIGN".equals(CertUtil.getIdentitiesFromCertficate(cert))) {
				LogUtil.writeErrorLog("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
				return false;
			}
		}
		return true;		
	}
 
开发者ID:Javen205,项目名称:IJPay,代码行数:43,代码来源:CertUtil.java

示例3: verifyCertificate

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
	 * 检查证书链
	 *
	 * @param cert
	 *            待验证的证书
	 * @return
	 */
	public static boolean verifyCertificate(X509Certificate cert) {
		
		if ( null == cert) {
			log.error("cert must Not null");
			return false;
		}
		try {
			cert.checkValidity();//验证有效期
//			cert.verify(middleCert.getPublicKey());
			if(!verifyCertificateChain(cert)){
				return false;
			}
		} catch (Exception e) {
			log.error("verifyCertificate fail", e);
			return false;
		}
		
		if(SDKConfig.getConfig().isIfValidateCNName()){
			// 验证公钥是否属于银联
			if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert))) {
				log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
				return false;
			}
		} else {
			// 验证公钥是否属于银联
			if(!UNIONPAY_CNNAME.equals(CertUtil.getIdentitiesFromCertficate(cert)) 
					&& !"00040000:SIGN".equals(CertUtil.getIdentitiesFromCertficate(cert))) {
				log.error("cer owner is not CUP:" + CertUtil.getIdentitiesFromCertficate(cert));
				return false;
			}
		}
		return true;		
	}
 
开发者ID:howe,项目名称:nutz-pay,代码行数:41,代码来源:CertUtil.java

示例4: verify

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * verify that the given certificate successfully handles and confirms
 * the signature associated with this signer and, if a signingTime
 * attribute is available, that the certificate was valid at the time the
 * signature was generated.
 * @deprecated use verify(ContentVerifierProvider)
 */
public boolean verify(
    X509Certificate cert,
    Provider        sigProvider)
    throws NoSuchAlgorithmException,
        CertificateExpiredException, CertificateNotYetValidException,
        CMSException
{
    Time signingTime = getSigningTime();
    if (signingTime != null)
    {
        cert.checkValidity(signingTime.getDate());
    }

    return doVerify(cert.getPublicKey(), sigProvider); 
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:23,代码来源:SignerInformation.java

示例5: getCertificateValidityString

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static String getCertificateValidityString(X509Certificate cert, Resources res) {
    try {
        cert.checkValidity();
    } catch (CertificateExpiredException ce) {
        return "EXPIRED: ";
    } catch (CertificateNotYetValidException cny) {
        return "NOT YET VALID: ";
    }
    Date certNotAfter = cert.getNotAfter();
    Date now = new Date();
    long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
    // More than 72h left, display days
    // More than 3 months display months
    if (timeLeft > 90l * 24 * 3600 * 1000) {
        long months = getMonthsDifference(now, certNotAfter);
        return res.getString(R.string.months_left, months);
    } else if (timeLeft > 72 * 3600 * 1000) {
        long days = timeLeft / (24 * 3600 * 1000);
        return res.getString(R.string.days_left, days);
    } else {
        long hours = timeLeft / (3600 * 1000);
        return res.getString(R.string.hours_left, hours);
    }
}
 
开发者ID:akashdeepsingh9988,项目名称:Cybernet-VPN,代码行数:25,代码来源:X509Utils.java

示例6: isValid

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public boolean isValid ()
{
    for ( final X509Certificate cert : this.certificates )
    {
        try
        {
            cert.checkValidity ();
            return true;
        }
        catch ( final Exception e )
        {
        }

    }
    return false;
}
 
开发者ID:eclipse,项目名称:neoscada,代码行数:17,代码来源:X509CA.java

示例7: validate

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private void validate(final X509Certificate cert) throws GeneralSecurityException {
    cert.checkValidity();
    this.revocationChecker.check(cert);

    int pathLength = cert.getBasicConstraints();
    if (pathLength < 0) {
        if (!isCertificateAllowed(cert)) {
            throw new FailedLoginException(
                    "Certificate subject does not match pattern " + this.regExSubjectDnPattern.pattern());
        }
        if (this.checkKeyUsage && !isValidKeyUsage(cert)) {
            throw new FailedLoginException(
                    "Certificate keyUsage constraint forbids SSL client authentication.");
        }
    } else {
        // Check pathLength for CA cert
        if (pathLength == Integer.MAX_VALUE && this.maxPathLengthAllowUnspecified != true) {
            throw new FailedLoginException("Unlimited certificate path length not allowed by configuration.");
        } else if (pathLength > this.maxPathLength && pathLength < Integer.MAX_VALUE) {
            throw new FailedLoginException(String.format(
                    "Certificate path length %s exceeds maximum value %s.", pathLength, this.maxPathLength));
        }
    }
}
 
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:25,代码来源:X509CredentialsAuthenticationHandler.java

示例8: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    try {
        this.trustManager.checkServerTrusted(chain, authType);
    } catch (CertificateException cx) {
        try {
            X509Certificate x509Certificate = chain[0];
            x509Certificate.checkValidity();
            long unixTimestamp = Instant.now().getEpochSecond();
            CertificateResolverModel resolverModel = new CertificateResolverModel(
                    x509Certificate, String.valueOf(unixTimestamp), getSha1Fingerprint(x509Certificate));
            if (this.listener != null) {
                this.listener.intercept(resolverModel);
            }
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Cannot generate SHA1 fingerprint for certificate", e);
        }
        throw cx;
    }
}
 
开发者ID:opensecuritycontroller,项目名称:osc-core,代码行数:21,代码来源:X509TrustManagerFactory.java

示例9: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
    if (x509Certificates == null) {
        throw new IllegalArgumentException("Check Server x509Certificates is null");
    }

    if (x509Certificates.length < 0) {
        throw new IllegalArgumentException("Check Server x509Certificates is empty");
    }

    try {
        for (X509Certificate cert : x509Certificates) {
            // Make sure that it hasn't expired.
            cert.checkValidity();
            //和App预埋的证书做对比
            cert.verify(mCertificate.getPublicKey());
        }
    } catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) {
        e.printStackTrace();
    }
}
 
开发者ID:guiying712,项目名称:AndroidModulePattern,代码行数:22,代码来源:HttpsUtils.java

示例10: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    try {
        for (X509Certificate certificate : chain) {
            certificate.checkValidity(); //检查证书是否过期,签名是否通过等
        }
    } catch (Exception e) {
        throw new CertificateException(e);
    }
}
 
开发者ID:weiwenqiang,项目名称:GitHub,代码行数:11,代码来源:GApp.java

示例11: validateCertificates

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * @throws CertificateException if the certificate has expired or if the certificate is not yet valid.
 */
@Override
public void validateCertificates(X509Certificate[] serverCertificates) throws CertificateException {
    for (X509Certificate certificate : serverCertificates) {
        certificate.checkValidity();
    }
}
 
开发者ID:octaware,项目名称:super-volley,代码行数:10,代码来源:CertificateValidityValidator.java

示例12: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException {
    Date today = new Date();
    for (X509Certificate certificate : certs) {
        certificate.checkValidity(today);
    }
}
 
开发者ID:XndroidDev,项目名称:Xndroid,代码行数:8,代码来源:SHelper.java

示例13: createAcIssuerCert

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * we generate the AC issuer's certificate
 */
public static X509Certificate createAcIssuerCert(
    PublicKey       pubKey,
    PrivateKey      privKey)
    throws Exception
{
    //
    // signers name 
    //
    String  issuer = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";

    //
    // subjects name - the same as we are self signed.
    //
    String  subject = "C=AU, O=The Legion of the Bouncy Castle, OU=Bouncy Primary Certificate";

    //
    // create the certificate - version 1
    //

    v1CertGen.setSerialNumber(BigInteger.valueOf(10));
    v1CertGen.setIssuerDN(new X509Principal(issuer));
    v1CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
    v1CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 30)));
    v1CertGen.setSubjectDN(new X509Principal(subject));
    v1CertGen.setPublicKey(pubKey);
    v1CertGen.setSignatureAlgorithm("SHA1WithRSAEncryption");

    X509Certificate cert = v1CertGen.generate(privKey);

    cert.checkValidity(new Date());

    cert.verify(pubKey);

    return cert;
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:39,代码来源:AttrCertExample.java

示例14: checkClientTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkClientTrusted(X509Certificate[] certs, String arg1) throws CertificateException {
    Date today = new Date();
    for (X509Certificate certificate : certs) {
        certificate.checkValidity(today);
    }
}
 
开发者ID:XndroidDev,项目名称:Xndroid,代码行数:8,代码来源:SHelper.java

示例15: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException
{
    for (X509Certificate certificate : certificates)
    {
        certificate.checkValidity();
    }
}
 
开发者ID:archos-sa,项目名称:aos-FileCoreLibrary,代码行数:8,代码来源:FTPSTrustManager.java


注:本文中的java.security.cert.X509Certificate.checkValidity方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。