本文整理汇总了Java中java.security.cert.X509Certificate.equals方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.equals方法的具体用法?Java X509Certificate.equals怎么用?Java X509Certificate.equals使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate的用法示例。
在下文中一共展示了X509Certificate.equals方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: processAttrCert4
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static void processAttrCert4(X509Certificate acIssuerCert,
ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
{
Set set = pkixParams.getTrustedACIssuers();
boolean trusted = false;
for (Iterator it = set.iterator(); it.hasNext();)
{
TrustAnchor anchor = (TrustAnchor) it.next();
if (acIssuerCert.getSubjectX500Principal().getName("RFC2253")
.equals(anchor.getCAName())
|| acIssuerCert.equals(anchor.getTrustedCert()))
{
trusted = true;
}
}
if (!trusted)
{
throw new CertPathValidatorException(
"Attribute certificate issuer is not directly trusted.");
}
}
示例2: validate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Evaluate trust.
*
* @param untrustedCertificate the untrusted certificate to evaluate
* @param trustedCertificates basis for trust
* @return true if trust can be established, false otherwise
*/
public boolean validate(X509Certificate untrustedCertificate, Iterable<X509Certificate> trustedCertificates) {
for (X509Certificate trustedCertificate : trustedCertificates) {
if (untrustedCertificate.equals(trustedCertificate)) {
return true;
}
}
return false;
}
示例3: isIdentityEquivalent
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isIdentityEquivalent(X509Certificate thisCert,
X509Certificate prevCert) {
if (thisCert.equals(prevCert)) {
return true;
}
// check the iPAddress field in subjectAltName extension
Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
Object prevIPAddress = getSubjectAltName(prevCert, 7);
if (thisIPAddress != null && prevIPAddress!= null) {
// only allow the exactly match
return Objects.equals(thisIPAddress, prevIPAddress);
}
// check the dNSName field in subjectAltName extension
Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
Object prevDNSName = getSubjectAltName(prevCert, 2);
if (thisDNSName != null && prevDNSName!= null) {
// only allow the exactly match
return Objects.equals(thisDNSName, prevDNSName);
}
// check the certificate subject and issuer
X500Principal thisSubject = thisCert.getSubjectX500Principal();
X500Principal prevSubject = prevCert.getSubjectX500Principal();
X500Principal thisIssuer = thisCert.getIssuerX500Principal();
X500Principal prevIssuer = prevCert.getIssuerX500Principal();
if (!thisSubject.getName().isEmpty() &&
!prevSubject.getName().isEmpty() &&
thisSubject.equals(prevSubject) &&
thisIssuer.equals(prevIssuer)) {
return true;
}
return false;
}
示例4: isPathCompleted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
cert.verify(publicKey, buildParams.sigProvider());
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
示例5: clean
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public List<Certificate> clean(List<Certificate> chain) throws SSLPeerUnverifiedException {
Deque<Certificate> queue = new ArrayDeque(chain);
List<Certificate> result = new ArrayList();
result.add(queue.removeFirst());
boolean foundTrustedCertificate = false;
int c = 0;
while (c < 9) {
X509Certificate toVerify = (X509Certificate) result.get(result.size() - 1);
X509Certificate trustedCert = this.trustRootIndex.findByIssuerAndSignature(toVerify);
if (trustedCert != null) {
if (result.size() > 1 || !toVerify.equals(trustedCert)) {
result.add(trustedCert);
}
if (!verifySignature(trustedCert, trustedCert)) {
foundTrustedCertificate = true;
c++;
}
} else {
Iterator<Certificate> i = queue.iterator();
while (i.hasNext()) {
X509Certificate signingCert = (X509Certificate) i.next();
if (verifySignature(toVerify, signingCert)) {
i.remove();
result.add(signingCert);
c++;
}
}
if (!foundTrustedCertificate) {
throw new SSLPeerUnverifiedException("Failed to find a trusted cert that " +
"signed " + toVerify);
}
}
return result;
}
throw new SSLPeerUnverifiedException("Certificate chain too long: " + result);
}
示例6: clean
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Returns a cleaned chain for {@code chain}.
*
* <p>This method throws if the complete chain to a trusted CA certificate cannot be constructed.
* This is unexpected unless the trust root index in this class has a different trust manager than
* what was used to establish {@code chain}.
*/
@Override public List<Certificate> clean(List<Certificate> chain, String hostname)
throws SSLPeerUnverifiedException {
Deque<Certificate> queue = new ArrayDeque<>(chain);
List<Certificate> result = new ArrayList<>();
result.add(queue.removeFirst());
boolean foundTrustedCertificate = false;
followIssuerChain:
for (int c = 0; c < MAX_SIGNERS; c++) {
X509Certificate toVerify = (X509Certificate) result.get(result.size() - 1);
// If this cert has been signed by a trusted cert, use that. Add the trusted certificate to
// the end of the chain unless it's already present. (That would happen if the first
// certificate in the chain is itself a self-signed and trusted CA certificate.)
X509Certificate trustedCert = trustRootIndex.findByIssuerAndSignature(toVerify);
if (trustedCert != null) {
if (result.size() > 1 || !toVerify.equals(trustedCert)) {
result.add(trustedCert);
}
if (verifySignature(trustedCert, trustedCert)) {
return result; // The self-signed cert is a root CA. We're done.
}
foundTrustedCertificate = true;
continue;
}
// Search for the certificate in the chain that signed this certificate. This is typically
// the next element in the chain, but it could be any element.
for (Iterator<Certificate> i = queue.iterator(); i.hasNext(); ) {
X509Certificate signingCert = (X509Certificate) i.next();
if (verifySignature(toVerify, signingCert)) {
i.remove();
result.add(signingCert);
continue followIssuerChain;
}
}
// We've reached the end of the chain. If any cert in the chain is trusted, we're done.
if (foundTrustedCertificate) {
return result;
}
// The last link isn't trusted. Fail.
throw new SSLPeerUnverifiedException(
"Failed to find a trusted cert that signed " + toVerify);
}
throw new SSLPeerUnverifiedException("Certificate chain too long: " + result);
}