当前位置: 首页>>代码示例>>Java>>正文


Java X509Certificate.getIssuerX500Principal方法代码示例

本文整理汇总了Java中java.security.cert.X509Certificate.getIssuerX500Principal方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getIssuerX500Principal方法的具体用法?Java X509Certificate.getIssuerX500Principal怎么用?Java X509Certificate.getIssuerX500Principal使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509Certificate的用法示例。


在下文中一共展示了X509Certificate.getIssuerX500Principal方法的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: findByIssuerAndSignature

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
  X500Principal issuer = cert.getIssuerX500Principal();
  Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(issuer);
  if (subjectCaCerts == null) return null;

  for (X509Certificate caCert : subjectCaCerts) {
    PublicKey publicKey = caCert.getPublicKey();
    try {
      cert.verify(publicKey);
      return caCert;
    } catch (Exception ignored) {
    }
  }

  return null;
}
 
开发者ID:weiwenqiang,项目名称:GitHub,代码行数:17,代码来源:TrustRootIndex.java

示例2: verifySignature

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Verifies that the given certificate was signed using the private key that corresponds to the 
 * public key of the provided certificate.
 * 
 * @param certificate The X509Certificate which is to be checked
 * @param issuingCertificate The X.509 certificate which holds the public key corresponding to the private 
 * 		  key with which the given certificate should have been signed
 * @return True, if the verification was successful, false otherwise
 */
public static boolean verifySignature(X509Certificate certificate, X509Certificate issuingCertificate) {
	X500Principal subject = certificate.getSubjectX500Principal();
	X500Principal expectedIssuerSubject = certificate.getIssuerX500Principal();
	X500Principal issuerSubject = issuingCertificate.getSubjectX500Principal();
	PublicKey publicKeyForSignature = issuingCertificate.getPublicKey();
	
	try {
		certificate.verify(publicKeyForSignature);
		return true;
	} catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException | 
			 NoSuchProviderException | SignatureException e) {
		getLogger().warn("\n"
					   + "\tSignature verification of certificate having distinguished name \n" 
					   + "\t'" + subject.getName() + "'\n" 
					   + "\twith certificate having distinguished name (the issuer) \n" 
					   + "\t'" + issuerSubject.getName() + "'\n"
					   + "\tfailed. Expected issuer has distinguished name \n"
					   + "\t'" + expectedIssuerSubject.getName() + "' (" + e.getClass().getSimpleName() + ")", e);
	} 
	
	return false;
}
 
开发者ID:V2GClarity,项目名称:RISE-V2G,代码行数:32,代码来源:SecurityUtils.java

示例3: getSubCertificates

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Returns the intermediate certificates (sub CAs) from a given certificate chain.
 * 
 * @param certChain The certificate chain given as an array of Certificate instances
 * @return The sub certificates given as a list of byte arrays contained in a SubCertiticatesType instance
 */
public static SubCertificatesType getSubCertificates(Certificate[] certChain) {
	SubCertificatesType subCertificates = new SubCertificatesType();
	
	for (Certificate cert : certChain) {
		X509Certificate x509Cert = (X509Certificate) cert;
		// Check whether the pathLen constraint is set which indicates if this certificate is a CA
		if (x509Cert.getBasicConstraints() != -1)
			try {
				subCertificates.getCertificate().add(x509Cert.getEncoded());
			} catch (CertificateEncodingException e) {
				X500Principal subject = x509Cert.getIssuerX500Principal();
				getLogger().error("A CertificateEncodingException occurred while trying to get certificate " +
								  "with distinguished name '" + subject.getName().toString() + "'", e);
			}
	}
	
	if (subCertificates.getCertificate().size() == 0) {
		getLogger().warn("No intermediate CAs found in given certificate array");
	}
	
	return subCertificates;
}
 
开发者ID:V2GClarity,项目名称:RISE-V2G,代码行数:29,代码来源:SecurityUtils.java

示例4: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    Log.d("X509TrustManager" , "checkServerTrusted()");
    X509Certificate certificate = chain[0];
    X500Principal issuerPrincipal = certificate.getIssuerX500Principal();
    Log.d("X509TrustManager" , "issuer name :" + issuerPrincipal.getName());
    X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
    Log.d("X509TrustManager" , "subject name :" + subjectPrincipal.getName());

}
 
开发者ID:MarcusMa,项目名称:MyCreditCardDemo,代码行数:11,代码来源:HttpRequestManager.java

示例5: verifyNameChaining

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Internal method to check that cert has a valid DN to be next in a chain
 */
private void verifyNameChaining(X509Certificate cert)
    throws CertPathValidatorException
{
    if (prevSubject != null) {

        String msg = "subject/issuer name chaining";
        if (debug != null)
            debug.println("---checking " + msg + "...");

        X500Principal currIssuer = cert.getIssuerX500Principal();

        // reject null or empty issuer DNs
        if (X500Name.asX500Name(currIssuer).isEmpty()) {
            throw new CertPathValidatorException
                (msg + " check failed: " +
                 "empty/null issuer DN in certificate is invalid", null,
                 null, -1, PKIXReason.NAME_CHAINING);
        }

        if (!(currIssuer.equals(prevSubject))) {
            throw new CertPathValidatorException
                (msg + " check failed", null, null, -1,
                 PKIXReason.NAME_CHAINING);
        }

        if (debug != null)
            debug.println(msg + " verified.");
    }
}
 
开发者ID:AdoptOpenJDK,项目名称:openjdk-jdk10,代码行数:33,代码来源:BasicChecker.java

示例6: isIdentityEquivalent

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isIdentityEquivalent(X509Certificate thisCert,
        X509Certificate prevCert) {
    if (thisCert.equals(prevCert)) {
        return true;
    }

    // check the iPAddress field in subjectAltName extension
    Object thisIPAddress = getSubjectAltName(thisCert, 7);  // 7: iPAddress
    Object prevIPAddress = getSubjectAltName(prevCert, 7);
    if (thisIPAddress != null && prevIPAddress!= null) {
        // only allow the exactly match
        return Objects.equals(thisIPAddress, prevIPAddress);
    }

    // check the dNSName field in subjectAltName extension
    Object thisDNSName = getSubjectAltName(thisCert, 2);    // 2: dNSName
    Object prevDNSName = getSubjectAltName(prevCert, 2);
    if (thisDNSName != null && prevDNSName!= null) {
        // only allow the exactly match
        return Objects.equals(thisDNSName, prevDNSName);
    }

    // check the certificate subject and issuer
    X500Principal thisSubject = thisCert.getSubjectX500Principal();
    X500Principal prevSubject = prevCert.getSubjectX500Principal();
    X500Principal thisIssuer = thisCert.getIssuerX500Principal();
    X500Principal prevIssuer = prevCert.getIssuerX500Principal();
    if (!thisSubject.getName().isEmpty() &&
            !prevSubject.getName().isEmpty() &&
            thisSubject.equals(prevSubject) &&
            thisIssuer.equals(prevIssuer)) {
        return true;
    }

    return false;
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:37,代码来源:ClientHandshaker.java

示例7: getID

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * build [alias + issuer + serialNumber] string from a cert
 */
private String getID(String alias, X509Certificate cert) {
    X500Principal issuer = cert.getIssuerX500Principal();
    BigInteger serialNum = cert.getSerialNumber();

    return alias +
            ALIAS_SEP +
            issuer.getName(X500Principal.CANONICAL) +
            ALIAS_SEP +
            serialNum.toString();
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:14,代码来源:P11KeyStore.java

示例8: chooseAlias

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private String chooseAlias(String[] keyTypes, Principal[] issuers) {
    if (keyTypes == null || keyTypes.length == 0) {
        return null;
    }
    final X509Certificate cert = mChain[0];
    final String certKeyAlg = cert.getPublicKey().getAlgorithm();
    final String certSigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
    for (String keyAlgorithm : keyTypes) {
        if (keyAlgorithm == null) {
            continue;
        }
        final String sigAlgorithm;
        // handle cases like EC_EC and EC_RSA
        int index = keyAlgorithm.indexOf('_');
        if (index == -1) {
            sigAlgorithm = null;
        } else {
            sigAlgorithm = keyAlgorithm.substring(index + 1);
            keyAlgorithm = keyAlgorithm.substring(0, index);
        }
        // key algorithm does not match
        if (!certKeyAlg.equals(keyAlgorithm)) {
            continue;
        }
        /*
         * TODO find a more reliable test for signature
         * algorithm. Unfortunately value varies with
         * provider. For example for "EC" it could be
         * "SHA1WithECDSA" or simply "ECDSA".
         */
        // sig algorithm does not match
        if (sigAlgorithm != null && certSigAlg != null
                && !certSigAlg.contains(sigAlgorithm)) {
            continue;
        }
        // no issuers to match
        if (issuers == null || issuers.length == 0) {
            return mAlias;
        }
        List<Principal> issuersList = Arrays.asList(issuers);
        // check that a certificate in the chain was issued by one of the specified issuers
        for (X509Certificate certFromChain : mChain) {
            /*
             * Note use of X500Principal from
             * getIssuerX500Principal as opposed to Principal
             * from getIssuerDN. Principal.equals test does
             * not work in the case where
             * xcertFromChain.getIssuerDN is a bouncycastle
             * org.bouncycastle.jce.X509Principal.
             */
            X500Principal issuerFromChain = certFromChain.getIssuerX500Principal();
            if (issuersList.contains(issuerFromChain)) {
                return mAlias;
            }
        }
        Timber.w("Client certificate %s not issued by any of the requested issuers", mAlias);
        return null;
    }
    Timber.w("Client certificate %s does not match any of the requested key types", mAlias);
    return null;
}
 
开发者ID:philipwhiuk,项目名称:q-mail,代码行数:62,代码来源:KeyChainKeyManager.java

示例9: getCertificateIssuer

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private X500Principal getCertificateIssuer(X509Certificate cert)
{
    return cert.getIssuerX500Principal();
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:5,代码来源:LDAPStoreHelper.java

示例10: getCompleteCRLs

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Fetches complete CRLs according to RFC 3280.
 *
 * @param dp          The distribution point for which the complete CRL
 * @param cert        The <code>X509Certificate</code> or
 *                    {@link org.bouncycastle.x509.X509AttributeCertificate} for
 *                    which the CRL should be searched.
 * @param currentDate The date for which the delta CRLs must be valid.
 * @param paramsPKIX  The extended PKIX parameters.
 * @return A <code>Set</code> of <code>X509CRL</code>s with complete
 *         CRLs.
 * @throws AnnotatedException if an exception occurs while picking the CRLs
 * or no CRLs are found.
 */
protected static Set getCompleteCRLs(DistributionPoint dp, Object cert,
                                     Date currentDate, ExtendedPKIXParameters paramsPKIX)
    throws AnnotatedException
{
    X509CRLStoreSelector crlselect = new X509CRLStoreSelector();
    try
    {
        Set issuers = new HashSet();
        if (cert instanceof X509AttributeCertificate)
        {
            issuers.add(((X509AttributeCertificate)cert)
                .getIssuer().getPrincipals()[0]);
        }
        else
        {
            issuers.add(getEncodedIssuerPrincipal(cert));
        }
        CertPathValidatorUtilities.getCRLIssuersFromDistributionPoint(dp, issuers, crlselect, paramsPKIX);
    }
    catch (AnnotatedException e)
    {
        throw new AnnotatedException(
            "Could not get issuer information from distribution point.", e);
    }
    if (cert instanceof X509Certificate)
    {
        crlselect.setCertificateChecking((X509Certificate)cert);
    }
    else if (cert instanceof X509AttributeCertificate)
    {
        crlselect.setAttrCertificateChecking((X509AttributeCertificate)cert);
    }


    crlselect.setCompleteCRLEnabled(true);

    Set crls = CRL_UTIL.findCRLs(crlselect, paramsPKIX, currentDate);

    if (crls.isEmpty())
    {
        if (cert instanceof X509AttributeCertificate)
        {
            X509AttributeCertificate aCert = (X509AttributeCertificate)cert;

            throw new AnnotatedException("No CRLs found for issuer \"" + aCert.getIssuer().getPrincipals()[0] + "\"");
        }
        else
        {
            X509Certificate xCert = (X509Certificate)cert;

            throw new AnnotatedException("No CRLs found for issuer \"" + xCert.getIssuerX500Principal() + "\"");
        }
    }
    return crls;
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:70,代码来源:CertPathValidatorUtilities.java

示例11: X509IssuerSerial

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Construct an X509IssuerSerial from an X509Certificate.
 */
X509IssuerSerial(X509Certificate cert) {
    this(cert.getIssuerX500Principal(), cert.getSerialNumber());
}
 
开发者ID:AdoptOpenJDK,项目名称:openjdk-jdk10,代码行数:7,代码来源:X509CRLImpl.java

示例12: updateState

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Update the state with the next certificate added to the path.
 *
 * @param cert the certificate which is used to update the state
 */
@Override
public void updateState(X509Certificate cert)
    throws CertificateException, IOException, CertPathValidatorException {

    if (cert == null)
        return;

    X509CertImpl icert = X509CertImpl.toImpl(cert);

    /* see if certificate key has null parameters */
    if (PKIX.isDSAPublicKeyWithoutParams(icert.getPublicKey())) {
        keyParamsNeededFlag = true;
    }

    /* update certificate */
    this.cert = icert;

    /* update issuer DN */
    issuerDN = cert.getIssuerX500Principal();

    if (!X509CertImpl.isSelfIssued(cert)) {

        /*
         * update traversedCACerts only if this is a non-self-issued
         * intermediate CA cert
         */
        if (!init && cert.getBasicConstraints() != -1) {
            traversedCACerts++;
        }
    }

    /* update subjectNamesTraversed only if this is the EE cert or if
       this cert is not self-issued */
    if (init || !X509CertImpl.isSelfIssued(cert)){
        X500Principal subjName = cert.getSubjectX500Principal();
        subjectNamesTraversed.add(X500Name.asX500Name(subjName));

        try {
            SubjectAlternativeNameExtension subjAltNameExt
                = icert.getSubjectAlternativeNameExtension();
            if (subjAltNameExt != null) {
                GeneralNames gNames = subjAltNameExt.get(
                        SubjectAlternativeNameExtension.SUBJECT_NAME);
                for (GeneralName gName : gNames.names()) {
                    subjectNamesTraversed.add(gName.getName());
                }
            }
        } catch (IOException e) {
            if (debug != null) {
                debug.println("ForwardState.updateState() unexpected "
                    + "exception");
                e.printStackTrace();
            }
            throw new CertPathValidatorException(e);
        }
    }

    init = false;
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:65,代码来源:ForwardState.java


注:本文中的java.security.cert.X509Certificate.getIssuerX500Principal方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。