本文整理汇总了Java中java.security.cert.X509Certificate.getIssuerX500Principal方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getIssuerX500Principal方法的具体用法?Java X509Certificate.getIssuerX500Principal怎么用?Java X509Certificate.getIssuerX500Principal使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate的用法示例。
在下文中一共展示了X509Certificate.getIssuerX500Principal方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: findByIssuerAndSignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
X500Principal issuer = cert.getIssuerX500Principal();
Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(issuer);
if (subjectCaCerts == null) return null;
for (X509Certificate caCert : subjectCaCerts) {
PublicKey publicKey = caCert.getPublicKey();
try {
cert.verify(publicKey);
return caCert;
} catch (Exception ignored) {
}
}
return null;
}
示例2: verifySignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Verifies that the given certificate was signed using the private key that corresponds to the
* public key of the provided certificate.
*
* @param certificate The X509Certificate which is to be checked
* @param issuingCertificate The X.509 certificate which holds the public key corresponding to the private
* key with which the given certificate should have been signed
* @return True, if the verification was successful, false otherwise
*/
public static boolean verifySignature(X509Certificate certificate, X509Certificate issuingCertificate) {
X500Principal subject = certificate.getSubjectX500Principal();
X500Principal expectedIssuerSubject = certificate.getIssuerX500Principal();
X500Principal issuerSubject = issuingCertificate.getSubjectX500Principal();
PublicKey publicKeyForSignature = issuingCertificate.getPublicKey();
try {
certificate.verify(publicKeyForSignature);
return true;
} catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException |
NoSuchProviderException | SignatureException e) {
getLogger().warn("\n"
+ "\tSignature verification of certificate having distinguished name \n"
+ "\t'" + subject.getName() + "'\n"
+ "\twith certificate having distinguished name (the issuer) \n"
+ "\t'" + issuerSubject.getName() + "'\n"
+ "\tfailed. Expected issuer has distinguished name \n"
+ "\t'" + expectedIssuerSubject.getName() + "' (" + e.getClass().getSimpleName() + ")", e);
}
return false;
}
示例3: getSubCertificates
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Returns the intermediate certificates (sub CAs) from a given certificate chain.
*
* @param certChain The certificate chain given as an array of Certificate instances
* @return The sub certificates given as a list of byte arrays contained in a SubCertiticatesType instance
*/
public static SubCertificatesType getSubCertificates(Certificate[] certChain) {
SubCertificatesType subCertificates = new SubCertificatesType();
for (Certificate cert : certChain) {
X509Certificate x509Cert = (X509Certificate) cert;
// Check whether the pathLen constraint is set which indicates if this certificate is a CA
if (x509Cert.getBasicConstraints() != -1)
try {
subCertificates.getCertificate().add(x509Cert.getEncoded());
} catch (CertificateEncodingException e) {
X500Principal subject = x509Cert.getIssuerX500Principal();
getLogger().error("A CertificateEncodingException occurred while trying to get certificate " +
"with distinguished name '" + subject.getName().toString() + "'", e);
}
}
if (subCertificates.getCertificate().size() == 0) {
getLogger().warn("No intermediate CAs found in given certificate array");
}
return subCertificates;
}
示例4: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
Log.d("X509TrustManager" , "checkServerTrusted()");
X509Certificate certificate = chain[0];
X500Principal issuerPrincipal = certificate.getIssuerX500Principal();
Log.d("X509TrustManager" , "issuer name :" + issuerPrincipal.getName());
X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
Log.d("X509TrustManager" , "subject name :" + subjectPrincipal.getName());
}
示例5: verifyNameChaining
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Internal method to check that cert has a valid DN to be next in a chain
*/
private void verifyNameChaining(X509Certificate cert)
throws CertPathValidatorException
{
if (prevSubject != null) {
String msg = "subject/issuer name chaining";
if (debug != null)
debug.println("---checking " + msg + "...");
X500Principal currIssuer = cert.getIssuerX500Principal();
// reject null or empty issuer DNs
if (X500Name.asX500Name(currIssuer).isEmpty()) {
throw new CertPathValidatorException
(msg + " check failed: " +
"empty/null issuer DN in certificate is invalid", null,
null, -1, PKIXReason.NAME_CHAINING);
}
if (!(currIssuer.equals(prevSubject))) {
throw new CertPathValidatorException
(msg + " check failed", null, null, -1,
PKIXReason.NAME_CHAINING);
}
if (debug != null)
debug.println(msg + " verified.");
}
}
示例6: isIdentityEquivalent
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isIdentityEquivalent(X509Certificate thisCert,
X509Certificate prevCert) {
if (thisCert.equals(prevCert)) {
return true;
}
// check the iPAddress field in subjectAltName extension
Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
Object prevIPAddress = getSubjectAltName(prevCert, 7);
if (thisIPAddress != null && prevIPAddress!= null) {
// only allow the exactly match
return Objects.equals(thisIPAddress, prevIPAddress);
}
// check the dNSName field in subjectAltName extension
Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
Object prevDNSName = getSubjectAltName(prevCert, 2);
if (thisDNSName != null && prevDNSName!= null) {
// only allow the exactly match
return Objects.equals(thisDNSName, prevDNSName);
}
// check the certificate subject and issuer
X500Principal thisSubject = thisCert.getSubjectX500Principal();
X500Principal prevSubject = prevCert.getSubjectX500Principal();
X500Principal thisIssuer = thisCert.getIssuerX500Principal();
X500Principal prevIssuer = prevCert.getIssuerX500Principal();
if (!thisSubject.getName().isEmpty() &&
!prevSubject.getName().isEmpty() &&
thisSubject.equals(prevSubject) &&
thisIssuer.equals(prevIssuer)) {
return true;
}
return false;
}
示例7: getID
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* build [alias + issuer + serialNumber] string from a cert
*/
private String getID(String alias, X509Certificate cert) {
X500Principal issuer = cert.getIssuerX500Principal();
BigInteger serialNum = cert.getSerialNumber();
return alias +
ALIAS_SEP +
issuer.getName(X500Principal.CANONICAL) +
ALIAS_SEP +
serialNum.toString();
}
示例8: chooseAlias
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private String chooseAlias(String[] keyTypes, Principal[] issuers) {
if (keyTypes == null || keyTypes.length == 0) {
return null;
}
final X509Certificate cert = mChain[0];
final String certKeyAlg = cert.getPublicKey().getAlgorithm();
final String certSigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
for (String keyAlgorithm : keyTypes) {
if (keyAlgorithm == null) {
continue;
}
final String sigAlgorithm;
// handle cases like EC_EC and EC_RSA
int index = keyAlgorithm.indexOf('_');
if (index == -1) {
sigAlgorithm = null;
} else {
sigAlgorithm = keyAlgorithm.substring(index + 1);
keyAlgorithm = keyAlgorithm.substring(0, index);
}
// key algorithm does not match
if (!certKeyAlg.equals(keyAlgorithm)) {
continue;
}
/*
* TODO find a more reliable test for signature
* algorithm. Unfortunately value varies with
* provider. For example for "EC" it could be
* "SHA1WithECDSA" or simply "ECDSA".
*/
// sig algorithm does not match
if (sigAlgorithm != null && certSigAlg != null
&& !certSigAlg.contains(sigAlgorithm)) {
continue;
}
// no issuers to match
if (issuers == null || issuers.length == 0) {
return mAlias;
}
List<Principal> issuersList = Arrays.asList(issuers);
// check that a certificate in the chain was issued by one of the specified issuers
for (X509Certificate certFromChain : mChain) {
/*
* Note use of X500Principal from
* getIssuerX500Principal as opposed to Principal
* from getIssuerDN. Principal.equals test does
* not work in the case where
* xcertFromChain.getIssuerDN is a bouncycastle
* org.bouncycastle.jce.X509Principal.
*/
X500Principal issuerFromChain = certFromChain.getIssuerX500Principal();
if (issuersList.contains(issuerFromChain)) {
return mAlias;
}
}
Timber.w("Client certificate %s not issued by any of the requested issuers", mAlias);
return null;
}
Timber.w("Client certificate %s does not match any of the requested key types", mAlias);
return null;
}
示例9: getCertificateIssuer
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private X500Principal getCertificateIssuer(X509Certificate cert)
{
return cert.getIssuerX500Principal();
}
示例10: getCompleteCRLs
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Fetches complete CRLs according to RFC 3280.
*
* @param dp The distribution point for which the complete CRL
* @param cert The <code>X509Certificate</code> or
* {@link org.bouncycastle.x509.X509AttributeCertificate} for
* which the CRL should be searched.
* @param currentDate The date for which the delta CRLs must be valid.
* @param paramsPKIX The extended PKIX parameters.
* @return A <code>Set</code> of <code>X509CRL</code>s with complete
* CRLs.
* @throws AnnotatedException if an exception occurs while picking the CRLs
* or no CRLs are found.
*/
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert,
Date currentDate, ExtendedPKIXParameters paramsPKIX)
throws AnnotatedException
{
X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
try
{
Set issuers = new HashSet();
if (cert instanceof X509AttributeCertificate)
{
issuers.add(((X509AttributeCertificate)cert)
.getIssuer().getPrincipals()[0]);
}
else
{
issuers.add(getEncodedIssuerPrincipal(cert));
}
CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
}
catch (AnnotatedException e)
{
throw new AnnotatedException(
"Could not get issuer information from distribution point.", e);
}
if (cert instanceof X509Certificate)
{
crlselect.setCertificateChecking((X509Certificate)cert);
}
else if (cert instanceof X509AttributeCertificate)
{
crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
}
crlselect.setCompleteCRLEnabled(true);
Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);
if (crls.isEmpty())
{
if (cert instanceof X509AttributeCertificate)
{
X509AttributeCertificate aCert = (X509AttributeCertificate)cert;
throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
}
else
{
X509Certificate xCert = (X509Certificate)cert;
throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
}
}
return crls;
}
示例11: X509IssuerSerial
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Construct an X509IssuerSerial from an X509Certificate.
*/
X509IssuerSerial(X509Certificate cert) {
this(cert.getIssuerX500Principal(), cert.getSerialNumber());
}
示例12: updateState
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Update the state with the next certificate added to the path.
*
* @param cert the certificate which is used to update the state
*/
@Override
public void updateState(X509Certificate cert)
throws CertificateException, IOException, CertPathValidatorException {
if (cert == null)
return;
X509CertImpl icert = X509CertImpl.toImpl(cert);
/* see if certificate key has null parameters */
if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
keyParamsNeededFlag = true;
}
/* update certificate */
this.cert = icert;
/* update issuer DN */
issuerDN = cert.getIssuerX500Principal();
if (!X509CertImpl.isSelfIssued(cert)) {
/*
* update traversedCACerts only if this is a non-self-issued
* intermediate CA cert
*/
if (!init && cert.getBasicConstraints() != -1) {
traversedCACerts++;
}
}
/* update subjectNamesTraversed only if this is the EE cert or if
this cert is not self-issued */
if (init || !X509CertImpl.isSelfIssued(cert)){
X500Principal subjName = cert.getSubjectX500Principal();
subjectNamesTraversed.add(X500Name.asX500Name(subjName));
try {
SubjectAlternativeNameExtension subjAltNameExt
= icert.getSubjectAlternativeNameExtension();
if (subjAltNameExt != null) {
GeneralNames gNames = subjAltNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
for (GeneralName gName : gNames.names()) {
subjectNamesTraversed.add(gName.getName());
}
}
} catch (IOException e) {
if (debug != null) {
debug.println("ForwardState.updateState() unexpected "
+ "exception");
e.printStackTrace();
}
throw new CertPathValidatorException(e);
}
}
init = false;
}