本文整理汇总了Java中java.security.cert.X509Certificate.getSubjectX500Principal方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getSubjectX500Principal方法的具体用法?Java X509Certificate.getSubjectX500Principal怎么用?Java X509Certificate.getSubjectX500Principal使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate
的用法示例。
在下文中一共展示了X509Certificate.getSubjectX500Principal方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifyHostname
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/** Returns true if {@code certificate} matches {@code hostname}. */
private boolean verifyHostname(String hostname, X509Certificate certificate) {
hostname = hostname.toLowerCase(Locale.US);
boolean hasDns = false;
List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME);
for (int i = 0, size = altNames.size(); i < size; i++) {
hasDns = true;
if (verifyHostname(hostname, altNames.get(i))) {
return true;
}
}
if (!hasDns) {
X500Principal principal = certificate.getSubjectX500Principal();
// RFC 2818 advises using the most specific name for matching.
String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
if (cn != null) {
return verifyHostname(hostname, cn);
}
}
return false;
}
示例2: verifyHostname
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Returns true if {@code certificate} matches {@code hostname}.
*/
private boolean verifyHostname(String hostname, X509Certificate certificate) {
hostname = hostname.toLowerCase(Locale.US);
boolean hasDns = false;
List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME);
for (int i = 0, size = altNames.size(); i < size; i++) {
hasDns = true;
if (verifyHostname(hostname, altNames.get(i))) {
return true;
}
}
if (!hasDns) {
X500Principal principal = certificate.getSubjectX500Principal();
// RFC 2818 advises using the most specific name for matching.
String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
if (cn != null) {
return verifyHostname(hostname, cn);
}
}
return false;
}
示例3: updateState
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Internal method to manage state information at each iteration
*/
private void updateState(X509Certificate currCert)
throws CertPathValidatorException
{
PublicKey cKey = currCert.getPublicKey();
if (debug != null) {
debug.println("BasicChecker.updateState issuer: " +
currCert.getIssuerX500Principal().toString() + "; subject: " +
currCert.getSubjectX500Principal() + "; serial#: " +
currCert.getSerialNumber().toString());
}
if (PKIX.isDSAPublicKeyWithoutParams(cKey)) {
// cKey needs to inherit DSA parameters from prev key
cKey = makeInheritedParamsKey(cKey, prevPubKey);
if (debug != null) debug.println("BasicChecker.updateState Made " +
"key with inherited params");
}
prevPubKey = cKey;
prevSubject = currCert.getSubjectX500Principal();
}
示例4: isGoAgentCert
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isGoAgentCert(String certPath){
try {
X509Certificate cert = (X509Certificate) CertificateFactory
.getInstance("X.509").generateCertificate(new FileInputStream(certPath));
X500Principal subject = cert.getSubjectX500Principal();
return subject.getName().toLowerCase().contains("goagent");
}catch (Exception e){
LogUtils.e("get subject fail", e);
}
return false;
}
示例5: check
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void check(Certificate cert,
Collection<String> unresolvedCritExts)
throws CertPathValidatorException {
X509Certificate currCert = (X509Certificate)cert;
if (UntrustedCertificates.isUntrusted(currCert)) {
if (debug != null) {
debug.println("UntrustedChecker: untrusted certificate " +
currCert.getSubjectX500Principal());
}
throw new CertPathValidatorException(
"Untrusted certificate: " + currCert.getSubjectX500Principal());
}
}
示例6: processSubjectDNCommonName
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Process name checking for a certificate subject DN's common name.
*
* @param certificate the certificate to process
* @param trustedNames the set of trusted names
*
* @return true if the subject DN common name matches the set of trusted names, false otherwise
*
*/
protected boolean processSubjectDNCommonName(X509Certificate certificate, Set<String> trustedNames) {
log.debug("Processing subject DN common name");
X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
List<String> commonNames = X509Util.getCommonNames(subjectPrincipal);
if (commonNames == null || commonNames.isEmpty()) {
return false;
}
// TODO We only check the first one returned by X509Util. Maybe we should check all,
// if there are multiple CN AVA's from the same (first) RDN.
String commonName = commonNames.get(0);
log.debug("Extracted common name from certificate: {}", commonName);
if (DatatypeHelper.isEmpty(commonName)) {
return false;
}
if (trustedNames.contains(commonName)) {
log.debug("Matched subject DN common name to trusted names: {}", commonName);
return true;
} else {
return false;
}
}
示例7: verifyHostName
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Returns true if {@code certificate} matches {@code hostName}.
*/
private boolean verifyHostName(String hostName, X509Certificate certificate) {
hostName = hostName.toLowerCase(Locale.US);
boolean hasDns = false;
for (String altName : getSubjectAltNames(certificate, ALT_DNS_NAME)) {
hasDns = true;
if (verifyHostName(hostName, altName)) {
return true;
}
}
if (!hasDns) {
X500Principal principal = certificate.getSubjectX500Principal();
// RFC 2818 advises using the most specific name for matching.
String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
if (cn != null) {
return verifyHostName(hostName, cn);
}
}
return false;
}
示例8: BasicTrustRootIndex
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public BasicTrustRootIndex(X509Certificate... caCerts) {
subjectToCaCerts = new LinkedHashMap<>();
for (X509Certificate caCert : caCerts) {
X500Principal subject = caCert.getSubjectX500Principal();
Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(subject);
if (subjectCaCerts == null) {
subjectCaCerts = new LinkedHashSet<>(1);
subjectToCaCerts.put(subject, subjectCaCerts);
}
subjectCaCerts.add(caCert);
}
}
示例9: main
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
示例10: SimpleOCSPServer
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Construct a SimpleOCSPServer using specific network parameters,
* keystore, password, and alias.
*
* @param addr the address to bind the server to. A value of {@code null}
* means the server will bind to all interfaces.
* @param port the port to listen on. A value of {@code 0} will mean that
* the server will randomly pick an open ephemeral port to bind to.
* @param ks the keystore to be used
* @param password the password to access key material in the keystore
* @param issuerAlias the alias of the issuer certificate
* @param signerAlias the alias of the signer certificate and key. A
* value of {@code null} means that the {@code issuerAlias} will be used
* to look up the signer key.
*
* @throws GeneralSecurityException if there are problems accessing the
* keystore or finding objects within the keystore.
* @throws IOException if a {@code ResponderId} cannot be generated from
* the signer certificate.
*/
public SimpleOCSPServer(InetAddress addr, int port, KeyStore ks,
String password, String issuerAlias, String signerAlias)
throws GeneralSecurityException, IOException {
Objects.requireNonNull(ks, "Null keystore provided");
Objects.requireNonNull(issuerAlias, "Null issuerName provided");
utcDateFmt.setTimeZone(TimeZone.getTimeZone("GMT"));
keystore = ks;
issuerCert = (X509Certificate)ks.getCertificate(issuerAlias);
if (issuerCert == null) {
throw new IllegalArgumentException("Certificate for alias " +
issuerAlias + " not found");
}
if (signerAlias != null) {
signerCert = (X509Certificate)ks.getCertificate(signerAlias);
if (signerCert == null) {
throw new IllegalArgumentException("Certificate for alias " +
signerAlias + " not found");
}
signerKey = (PrivateKey)ks.getKey(signerAlias,
password.toCharArray());
if (signerKey == null) {
throw new IllegalArgumentException("PrivateKey for alias " +
signerAlias + " not found");
}
} else {
signerCert = issuerCert;
signerKey = (PrivateKey)ks.getKey(issuerAlias,
password.toCharArray());
if (signerKey == null) {
throw new IllegalArgumentException("PrivateKey for alias " +
issuerAlias + " not found");
}
}
sigAlgId = AlgorithmId.get("Sha256withRSA");
respId = new ResponderId(signerCert.getSubjectX500Principal());
listenAddress = addr;
listenPort = port;
}
示例11: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
Log.d("X509TrustManager" , "checkServerTrusted()");
X509Certificate certificate = chain[0];
X500Principal issuerPrincipal = certificate.getIssuerX500Principal();
Log.d("X509TrustManager" , "issuer name :" + issuerPrincipal.getName());
X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
Log.d("X509TrustManager" , "subject name :" + subjectPrincipal.getName());
}
示例12: isIdentityEquivalent
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isIdentityEquivalent(X509Certificate thisCert,
X509Certificate prevCert) {
if (thisCert.equals(prevCert)) {
return true;
}
// check the iPAddress field in subjectAltName extension
Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
Object prevIPAddress = getSubjectAltName(prevCert, 7);
if (thisIPAddress != null && prevIPAddress!= null) {
// only allow the exactly match
return Objects.equals(thisIPAddress, prevIPAddress);
}
// check the dNSName field in subjectAltName extension
Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
Object prevDNSName = getSubjectAltName(prevCert, 2);
if (thisDNSName != null && prevDNSName!= null) {
// only allow the exactly match
return Objects.equals(thisDNSName, prevDNSName);
}
// check the certificate subject and issuer
X500Principal thisSubject = thisCert.getSubjectX500Principal();
X500Principal prevSubject = prevCert.getSubjectX500Principal();
X500Principal thisIssuer = thisCert.getIssuerX500Principal();
X500Principal prevIssuer = prevCert.getIssuerX500Principal();
if (!thisSubject.getName().isEmpty() &&
!prevSubject.getName().isEmpty() &&
thisSubject.equals(prevSubject) &&
thisIssuer.equals(prevIssuer)) {
return true;
}
return false;
}
示例13: JcaX509v2CRLBuilder
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public JcaX509v2CRLBuilder(X509Certificate issuerCert, Date now)
{
this(issuerCert.getSubjectX500Principal(), now);
}
示例14: getSubjectPrincipal
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static X500Principal getSubjectPrincipal(X509Certificate cert)
{
return cert.getSubjectX500Principal();
}
示例15: verify
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* check whether a certificate conforms to these NameConstraints.
* This involves verifying that the subject name and subjectAltName
* extension (critical or noncritical) is consistent with the permitted
* subtrees state variables. Also verify that the subject name and
* subjectAltName extension (critical or noncritical) is consistent with
* the excluded subtrees state variables.
*
* @param cert X509Certificate to be verified
* @returns true if certificate verifies successfully
* @throws IOException on error
*/
public boolean verify(X509Certificate cert) throws IOException {
if (cert == null) {
throw new IOException("Certificate is null");
}
// Calculate hasMin and hasMax booleans (if necessary)
if (!minMaxValid) {
calcMinMax();
}
if (hasMin) {
throw new IOException("Non-zero minimum BaseDistance in"
+ " name constraints not supported");
}
if (hasMax) {
throw new IOException("Maximum BaseDistance in"
+ " name constraints not supported");
}
X500Principal subjectPrincipal = cert.getSubjectX500Principal();
X500Name subject = X500Name.asX500Name(subjectPrincipal);
if (subject.isEmpty() == false) {
if (verify(subject) == false) {
return false;
}
}
GeneralNames altNames = null;
// extract altNames
try {
// extract extensions, if any, from certInfo
// following returns null if certificate contains no extensions
X509CertImpl certImpl = X509CertImpl.toImpl(cert);
SubjectAlternativeNameExtension altNameExt =
certImpl.getSubjectAlternativeNameExtension();
if (altNameExt != null) {
// extract altNames from extension; this call does not
// return an IOException on null altnames
altNames = altNameExt.get(
SubjectAlternativeNameExtension.SUBJECT_NAME);
}
} catch (CertificateException ce) {
throw new IOException("Unable to extract extensions from " +
"certificate: " + ce.getMessage());
}
// If there are no subjectAlternativeNames, perform the special-case
// check where if the subjectName contains any EMAILADDRESS
// attributes, they must be checked against RFC822 constraints.
// If that passes, we're fine.
if (altNames == null) {
return verifyRFC822SpecialCase(subject);
}
// verify each subjectAltName
for (int i = 0; i < altNames.size(); i++) {
GeneralNameInterface altGNI = altNames.get(i).getName();
if (!verify(altGNI)) {
return false;
}
}
// All tests passed.
return true;
}