本文整理汇总了Java中java.security.cert.X509Certificate.getKeyUsage方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getKeyUsage方法的具体用法?Java X509Certificate.getKeyUsage怎么用?Java X509Certificate.getKeyUsage使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate的用法示例。
在下文中一共展示了X509Certificate.getKeyUsage方法的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isValidKeyUsage
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Checks if is valid key usage. <p>
* KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
* keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
* keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
*
* @param certificate the certificate
* @return true, if valid key usage
*/
private boolean isValidKeyUsage(final X509Certificate certificate) {
logger.debug("Checking certificate keyUsage extension");
final boolean[] keyUsage = certificate.getKeyUsage();
if (keyUsage == null) {
logger.warn("Configuration specifies checkKeyUsage but keyUsage extension not found in certificate.");
return !this.requireKeyUsage;
}
final boolean valid;
if (isCritical(certificate, KEY_USAGE_OID) || this.requireKeyUsage) {
logger.debug("KeyUsage extension is marked critical or required by configuration.");
valid = keyUsage[0];
} else {
logger.debug(
"KeyUsage digitalSignature=%s, Returning true since keyUsage validation not required by configuration.");
valid = true;
}
return valid;
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:29,代码来源:X509CredentialsAuthenticationHandler.java
示例2: isValidKeyUsage
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Checks if is valid key usage. <p>
* KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
* keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
* keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
*
* @param certificate the certificate
* @return true, if valid key usage
*/
private boolean isValidKeyUsage(final X509Certificate certificate) {
LOGGER.debug("Checking certificate keyUsage extension");
final boolean[] keyUsage = certificate.getKeyUsage();
if (keyUsage == null) {
LOGGER.warn("Configuration specifies checkKeyUsage but keyUsage extension not found in certificate.");
return !this.requireKeyUsage;
}
final boolean valid;
if (isCritical(certificate, KEY_USAGE_OID) || this.requireKeyUsage) {
LOGGER.debug("KeyUsage extension is marked critical or required by configuration.");
valid = keyUsage[0];
} else {
LOGGER.debug(
"KeyUsage digitalSignature=%s, Returning true since keyUsage validation not required by configuration.");
valid = true;
}
return valid;
}
示例3: prepareNextCertN
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
示例4: isValidKeyUsage
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private boolean isValidKeyUsage(final X509Certificate certificate) {
logger.debug("Checking certificate keyUsage extension");
/*
* KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1),
* keyEncipherment (2), dataEncipherment (3), keyAgreement (4),
* keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
*/
final boolean[] keyUsage = certificate.getKeyUsage();
if (keyUsage == null) {
logger.warn("Configuration specifies checkKeyUsage but keyUsage extension not found in certificate.");
return !this.requireKeyUsage;
}
final boolean valid;
if (isCritical(certificate, KEY_USAGE_OID) || this.requireKeyUsage) {
logger.debug("KeyUsage extension is marked critical or required by configuration.");
valid = keyUsage[0];
} else {
logger.debug(
"KeyUsage digitalSignature=%s, Returning true since keyUsage validation not required by configuration.");
valid = true;
}
return valid;
}
示例5: certSelect
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Searches the specified keystore for a certificate that matches the
* specified X509Certificate and contains a public key that is compatible
* with the specified SignatureMethod.
*
* @return a KeySelectorResult containing the cert's public key if there
* is a match; otherwise null
*/
private KeySelectorResult certSelect(X509Certificate xcert,
SignatureMethod sm) throws KeyStoreException {
// skip non-signer certs
boolean[] keyUsage = xcert.getKeyUsage();
if (keyUsage != null && keyUsage[0] == false) {
return null;
}
String alias = ks.getCertificateAlias(xcert);
if (alias != null) {
PublicKey pk = ks.getCertificate(alias).getPublicKey();
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
}
}
return null;
}
示例6: KeyUsage
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/** Construye una identificador de uso de certificados a partir de un certificado X.509.
* @param cert Certificado de origen. */
public KeyUsage(final X509Certificate cert) {
if (cert == null) {
throw new IllegalArgumentException(
"El certificado de origen no puede ser nulo" //$NON-NLS-1$
);
}
final boolean[] ke = cert.getKeyUsage();
if (ke == null) {
this.usage = null;
return;
}
if (ke.length != KEYUSAGE_NBITS) {
throw new IllegalArgumentException(
"El certificado de origen tiene un KeyUsage con un numero de posiciones no soportado: " + ke.length //$NON-NLS-1$
);
}
this.usage = new Boolean[KEYUSAGE_NBITS];
for (int i=0; i<KEYUSAGE_NBITS; i++) {
this.usage[i] = Boolean.valueOf(ke[i]);
}
}
示例7: processAttrCert3
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static void processAttrCert3(X509Certificate acIssuerCert,
ExtendedPKIXParameters pkixParams) throws CertPathValidatorException
{
if (acIssuerCert.getKeyUsage() != null
&& (!acIssuerCert.getKeyUsage()[0] && !acIssuerCert.getKeyUsage()[1]))
{
throw new CertPathValidatorException(
"Attribute certificate issuer public key cannot be used to validate digital signatures.");
}
if (acIssuerCert.getBasicConstraints() != -1)
{
throw new CertPathValidatorException(
"Attribute certificate issuer is also a public key certificate issuer.");
}
}
示例8: getCertificateList
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public ArrayList<CertificateData> getCertificateList(long slotID) throws Exception, Error{
ArrayList<CertificateData> ret = new ArrayList<CertificateData>();
session = getSlot(slotID).getToken().openSession(Token.SessionType.SERIAL_SESSION, Token.SessionReadWriteBehavior.RO_SESSION, null, null);
try {
session.findObjectsInit(new X509PublicKeyCertificate());
iaik.pkcs.pkcs11.objects.Object[] publicKeyCertificateObjectList = session.findObjects(1024);
for(iaik.pkcs.pkcs11.objects.Object publicKeyCertificateObject : publicKeyCertificateObjectList){
X509PublicKeyCertificate publicKeyCertificate = (X509PublicKeyCertificate) publicKeyCertificateObject;
byte[] id = publicKeyCertificate.getId().getByteArrayValue();
byte[] label = publicKeyCertificate.getLabel().toString(false).getBytes();
byte[] certBytes = publicKeyCertificate.getValue().getByteArrayValue();
X509Certificate cert = X509Utils.getX509Certificate(certBytes);
if(!(cert.getKeyUsage()[0] || cert.getKeyUsage()[1]))
continue;
CertificateData cd = new CertificateData();
cd.certID = id;
cd.certLABEL = label;
cd.cert = cert;
ret.add(cd);
}
return ret;
} finally {
session.closeSession();
session = null;
}
}
示例9: getCertificateList
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public ArrayList<CertificateData> getCertificateList(long slotID) throws Exception{
ArrayList<CertificateData> ret = new ArrayList<CertificateData>();
long sessionID = CE.OpenSession(slotID, (CK_SESSION_INFO.CKF_RW_SESSION | CK_SESSION_INFO.CKF_SERIAL_SESSION), null, null);
try {
long[] objectIdList = CE.FindObjects(sessionID, new CKA[]{ new CKA(CKA.CLASS, CKO.CERTIFICATE)});
for(long objectId:objectIdList){
CKA[] ckaId = new CKA[]{ new CKA(CKA.ID, new byte[255])};
CE.GetAttributeValue(sessionID, objectId, ckaId);
byte[] id = StringUtils.trim(ckaId[0].getValue());
CKA[] ckaLabel = new CKA[]{ new CKA(CKA.LABEL, new byte[255])};
CE.GetAttributeValue(sessionID, objectId, ckaLabel);
byte[] label = StringUtils.trim(ckaLabel[0].getValue());
CKA[] ckaValue = new CKA[]{ new CKA(CKA.VALUE, new byte[2048])};
CE.GetAttributeValue(sessionID, objectId, ckaValue);
X509Certificate cert = X509Utils.getX509Certificate(ckaValue[0].getValue());
if(!(cert.getKeyUsage()[0] || cert.getKeyUsage()[1]))
continue;
CertificateData cd = new CertificateData();
cd.certID = id;
cd.certLABEL = label;
cd.cert = cert;
ret.add(cd);
}
return ret;
} finally {
CE.CloseSession(sessionID);
}
}
示例10: hasKeyusage
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static boolean hasKeyusage(X509Certificate cert, KeyUsage usage) {
ParamUtil.requireNonNull("cert", cert);
boolean[] keyusage = cert.getKeyUsage();
if (keyusage != null && keyusage.length > usage.bit()) {
return keyusage[usage.bit()];
}
return false;
}
示例11: isSigningCertificate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private void isSigningCertificate(X509Certificate certificate)
throws KeySelectorException {
boolean[] keyUsage = certificate.getKeyUsage();
if (keyUsage != null && keyUsage[0] == false) {
throw new KeySelectorException(
"X509 content is not a signing certificate");
}
}
示例12: checkIsForSigning
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static boolean checkIsForSigning(X509Certificate cert){
if(cert.getKeyUsage()[0])
return true;
return false;
}
示例13: checkIsNonRepudiation
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static boolean checkIsNonRepudiation(X509Certificate cert){
if(cert.getKeyUsage()[1])
return true;
return false;
}