当前位置: 首页>>代码示例>>Java>>正文


Java X509Certificate.getSubjectX500Principal方法代码示例

本文整理汇总了Java中java.security.cert.X509Certificate.getSubjectX500Principal方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getSubjectX500Principal方法的具体用法?Java X509Certificate.getSubjectX500Principal怎么用?Java X509Certificate.getSubjectX500Principal使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在java.security.cert.X509Certificate的用法示例。


在下文中一共展示了X509Certificate.getSubjectX500Principal方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: verifyHostname

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/** Returns true if {@code certificate} matches {@code hostname}. */
private boolean verifyHostname(String hostname, X509Certificate certificate) {
  hostname = hostname.toLowerCase(Locale.US);
  boolean hasDns = false;
  List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME);
  for (int i = 0, size = altNames.size(); i < size; i++) {
    hasDns = true;
    if (verifyHostname(hostname, altNames.get(i))) {
      return true;
    }
  }

  if (!hasDns) {
    X500Principal principal = certificate.getSubjectX500Principal();
    // RFC 2818 advises using the most specific name for matching.
    String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
    if (cn != null) {
      return verifyHostname(hostname, cn);
    }
  }

  return false;
}
 
开发者ID:weiwenqiang,项目名称:GitHub,代码行数:24,代码来源:OkHostnameVerifier.java

示例2: verifyHostname

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Returns true if {@code certificate} matches {@code hostname}.
 */
private boolean verifyHostname(String hostname, X509Certificate certificate) {
    hostname = hostname.toLowerCase(Locale.US);
    boolean hasDns = false;
    List<String> altNames = getSubjectAltNames(certificate, ALT_DNS_NAME);
    for (int i = 0, size = altNames.size(); i < size; i++) {
        hasDns = true;
        if (verifyHostname(hostname, altNames.get(i))) {
            return true;
        }
    }

    if (!hasDns) {
        X500Principal principal = certificate.getSubjectX500Principal();
        // RFC 2818 advises using the most specific name for matching.
        String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
        if (cn != null) {
            return verifyHostname(hostname, cn);
        }
    }

    return false;
}
 
开发者ID:pCloud,项目名称:pcloud-networking-java,代码行数:26,代码来源:OkHostnameVerifier.java

示例3: updateState

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Internal method to manage state information at each iteration
 */
private void updateState(X509Certificate currCert)
    throws CertPathValidatorException
{
    PublicKey cKey = currCert.getPublicKey();
    if (debug != null) {
        debug.println("BasicChecker.updateState issuer: " +
            currCert.getIssuerX500Principal().toString() + "; subject: " +
            currCert.getSubjectX500Principal() + "; serial#: " +
            currCert.getSerialNumber().toString());
    }
    if (PKIX.isDSAPublicKeyWithoutParams(cKey)) {
        // cKey needs to inherit DSA parameters from prev key
        cKey = makeInheritedParamsKey(cKey, prevPubKey);
        if (debug != null) debug.println("BasicChecker.updateState Made " +
                                         "key with inherited params");
    }
    prevPubKey = cKey;
    prevSubject = currCert.getSubjectX500Principal();
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:23,代码来源:BasicChecker.java

示例4: isGoAgentCert

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isGoAgentCert(String certPath){
    try {
        X509Certificate cert = (X509Certificate) CertificateFactory
                .getInstance("X.509").generateCertificate(new FileInputStream(certPath));
        X500Principal subject = cert.getSubjectX500Principal();
        return subject.getName().toLowerCase().contains("goagent");
    }catch (Exception e){
        LogUtils.e("get subject fail", e);
    }
    return false;
}
 
开发者ID:XndroidDev,项目名称:Xndroid,代码行数:12,代码来源:XXnetManager.java

示例5: check

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void check(Certificate cert,
        Collection<String> unresolvedCritExts)
        throws CertPathValidatorException {

    X509Certificate currCert = (X509Certificate)cert;

    if (UntrustedCertificates.isUntrusted(currCert)) {
        if (debug != null) {
            debug.println("UntrustedChecker: untrusted certificate " +
                    currCert.getSubjectX500Principal());
        }

        throw new CertPathValidatorException(
            "Untrusted certificate: " + currCert.getSubjectX500Principal());
    }
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:18,代码来源:UntrustedChecker.java

示例6: processSubjectDNCommonName

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Process name checking for a certificate subject DN's common name.
 * 
 * @param certificate the certificate to process
 * @param trustedNames the set of trusted names
 * 
 * @return true if the subject DN common name matches the set of trusted names, false otherwise
 * 
 */
protected boolean processSubjectDNCommonName(X509Certificate certificate, Set<String> trustedNames) {
    log.debug("Processing subject DN common name");
    X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
    List<String> commonNames = X509Util.getCommonNames(subjectPrincipal);
    if (commonNames == null || commonNames.isEmpty()) {
        return false;
    }
    // TODO We only check the first one returned by X509Util. Maybe we should check all,
    // if there are multiple CN AVA's from the same (first) RDN.
    String commonName = commonNames.get(0);
    log.debug("Extracted common name from certificate: {}", commonName);

    if (DatatypeHelper.isEmpty(commonName)) {
        return false;
    }
    if (trustedNames.contains(commonName)) {
        log.debug("Matched subject DN common name to trusted names: {}", commonName);
        return true;
    } else {
        return false;
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:32,代码来源:BasicX509CredentialNameEvaluator.java

示例7: verifyHostName

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Returns true if {@code certificate} matches {@code hostName}.
 */
private boolean verifyHostName(String hostName, X509Certificate certificate) {
  hostName = hostName.toLowerCase(Locale.US);
  boolean hasDns = false;
  for (String altName : getSubjectAltNames(certificate, ALT_DNS_NAME)) {
    hasDns = true;
    if (verifyHostName(hostName, altName)) {
      return true;
    }
  }

  if (!hasDns) {
    X500Principal principal = certificate.getSubjectX500Principal();
    // RFC 2818 advises using the most specific name for matching.
    String cn = new DistinguishedNameParser(principal).findMostSpecific("cn");
    if (cn != null) {
      return verifyHostName(hostName, cn);
    }
  }

  return false;
}
 
开发者ID:aabognah,项目名称:LoRaWAN-Smart-Parking,代码行数:25,代码来源:OkHostnameVerifier.java

示例8: BasicTrustRootIndex

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public BasicTrustRootIndex(X509Certificate... caCerts) {
  subjectToCaCerts = new LinkedHashMap<>();
  for (X509Certificate caCert : caCerts) {
    X500Principal subject = caCert.getSubjectX500Principal();
    Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(subject);
    if (subjectCaCerts == null) {
      subjectCaCerts = new LinkedHashSet<>(1);
      subjectToCaCerts.put(subject, subjectCaCerts);
    }
    subjectCaCerts.add(caCert);
  }
}
 
开发者ID:weiwenqiang,项目名称:GitHub,代码行数:13,代码来源:TrustRootIndex.java

示例9: main

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static void main(String[] args) throws Exception {
    // reset the security property to make sure that the algorithms
    // and keys used in this test are not disabled.
    Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");

    X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
    TrustAnchor anchor = new TrustAnchor
        (rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
    X509CertSelector sel = new X509CertSelector();
    sel.setBasicConstraints(-2);
    PKIXBuilderParameters params = new PKIXBuilderParameters
        (Collections.singleton(anchor), sel);
    params.setRevocationEnabled(false);
    X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
    X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
    ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
    certs.add(caCert);
    certs.add(eeCert);
    CollectionCertStoreParameters ccsp =
        new CollectionCertStoreParameters(certs);
    CertStore cs = CertStore.getInstance("Collection", ccsp);
    params.addCertStore(cs);
    PKIXCertPathBuilderResult res = CertUtils.build(params);
    CertPath cp = res.getCertPath();
    // check that first certificate is an EE cert
    List<? extends Certificate> certList = cp.getCertificates();
    X509Certificate cert = (X509Certificate) certList.get(0);
    if (cert.getBasicConstraints() != -1) {
        throw new Exception("Target certificate is not an EE certificate");
    }
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:32,代码来源:BuildEEBasicConstraints.java

示例10: SimpleOCSPServer

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Construct a SimpleOCSPServer using specific network parameters,
 * keystore, password, and alias.
 *
 * @param addr the address to bind the server to.  A value of {@code null}
 * means the server will bind to all interfaces.
 * @param port the port to listen on.  A value of {@code 0} will mean that
 * the server will randomly pick an open ephemeral port to bind to.
 * @param ks the keystore to be used
 * @param password the password to access key material in the keystore
 * @param issuerAlias the alias of the issuer certificate
 * @param signerAlias the alias of the signer certificate and key.  A
 * value of {@code null} means that the {@code issuerAlias} will be used
 * to look up the signer key.
 *
 * @throws GeneralSecurityException if there are problems accessing the
 * keystore or finding objects within the keystore.
 * @throws IOException if a {@code ResponderId} cannot be generated from
 * the signer certificate.
 */
public SimpleOCSPServer(InetAddress addr, int port, KeyStore ks,
        String password, String issuerAlias, String signerAlias)
        throws GeneralSecurityException, IOException {
    Objects.requireNonNull(ks, "Null keystore provided");
    Objects.requireNonNull(issuerAlias, "Null issuerName provided");

    utcDateFmt.setTimeZone(TimeZone.getTimeZone("GMT"));

    keystore = ks;
    issuerCert = (X509Certificate)ks.getCertificate(issuerAlias);
    if (issuerCert == null) {
        throw new IllegalArgumentException("Certificate for alias " +
                issuerAlias + " not found");
    }

    if (signerAlias != null) {
        signerCert = (X509Certificate)ks.getCertificate(signerAlias);
        if (signerCert == null) {
            throw new IllegalArgumentException("Certificate for alias " +
                signerAlias + " not found");
        }
        signerKey = (PrivateKey)ks.getKey(signerAlias,
                password.toCharArray());
        if (signerKey == null) {
            throw new IllegalArgumentException("PrivateKey for alias " +
                signerAlias + " not found");
        }
    } else {
        signerCert = issuerCert;
        signerKey = (PrivateKey)ks.getKey(issuerAlias,
                password.toCharArray());
        if (signerKey == null) {
            throw new IllegalArgumentException("PrivateKey for alias " +
                issuerAlias + " not found");
        }
    }

    sigAlgId = AlgorithmId.get("Sha256withRSA");
    respId = new ResponderId(signerCert.getSubjectX500Principal());
    listenAddress = addr;
    listenPort = port;
}
 
开发者ID:AdoptOpenJDK,项目名称:openjdk-jdk10,代码行数:63,代码来源:SimpleOCSPServer.java

示例11: checkServerTrusted

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    Log.d("X509TrustManager" , "checkServerTrusted()");
    X509Certificate certificate = chain[0];
    X500Principal issuerPrincipal = certificate.getIssuerX500Principal();
    Log.d("X509TrustManager" , "issuer name :" + issuerPrincipal.getName());
    X500Principal subjectPrincipal = certificate.getSubjectX500Principal();
    Log.d("X509TrustManager" , "subject name :" + subjectPrincipal.getName());

}
 
开发者ID:MarcusMa,项目名称:MyCreditCardDemo,代码行数:11,代码来源:HttpRequestManager.java

示例12: isIdentityEquivalent

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isIdentityEquivalent(X509Certificate thisCert,
        X509Certificate prevCert) {
    if (thisCert.equals(prevCert)) {
        return true;
    }

    // check the iPAddress field in subjectAltName extension
    Object thisIPAddress = getSubjectAltName(thisCert, 7);  // 7: iPAddress
    Object prevIPAddress = getSubjectAltName(prevCert, 7);
    if (thisIPAddress != null && prevIPAddress!= null) {
        // only allow the exactly match
        return Objects.equals(thisIPAddress, prevIPAddress);
    }

    // check the dNSName field in subjectAltName extension
    Object thisDNSName = getSubjectAltName(thisCert, 2);    // 2: dNSName
    Object prevDNSName = getSubjectAltName(prevCert, 2);
    if (thisDNSName != null && prevDNSName!= null) {
        // only allow the exactly match
        return Objects.equals(thisDNSName, prevDNSName);
    }

    // check the certificate subject and issuer
    X500Principal thisSubject = thisCert.getSubjectX500Principal();
    X500Principal prevSubject = prevCert.getSubjectX500Principal();
    X500Principal thisIssuer = thisCert.getIssuerX500Principal();
    X500Principal prevIssuer = prevCert.getIssuerX500Principal();
    if (!thisSubject.getName().isEmpty() &&
            !prevSubject.getName().isEmpty() &&
            thisSubject.equals(prevSubject) &&
            thisIssuer.equals(prevIssuer)) {
        return true;
    }

    return false;
}
 
开发者ID:SunburstApps,项目名称:OpenJSharp,代码行数:37,代码来源:ClientHandshaker.java

示例13: JcaX509v2CRLBuilder

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public JcaX509v2CRLBuilder(X509Certificate issuerCert, Date now)
{
    this(issuerCert.getSubjectX500Principal(), now);
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:5,代码来源:JcaX509v2CRLBuilder.java

示例14: getSubjectPrincipal

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static X500Principal getSubjectPrincipal(X509Certificate cert)
{
    return cert.getSubjectX500Principal();
}
 
开发者ID:Appdome,项目名称:ipack,代码行数:5,代码来源:CertPathValidatorUtilities.java

示例15: verify

import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * check whether a certificate conforms to these NameConstraints.
 * This involves verifying that the subject name and subjectAltName
 * extension (critical or noncritical) is consistent with the permitted
 * subtrees state variables.  Also verify that the subject name and
 * subjectAltName extension (critical or noncritical) is consistent with
 * the excluded subtrees state variables.
 *
 * @param cert X509Certificate to be verified
 * @returns true if certificate verifies successfully
 * @throws IOException on error
 */
public boolean verify(X509Certificate cert) throws IOException {

    if (cert == null) {
        throw new IOException("Certificate is null");
    }

    // Calculate hasMin and hasMax booleans (if necessary)
    if (!minMaxValid) {
        calcMinMax();
    }

    if (hasMin) {
        throw new IOException("Non-zero minimum BaseDistance in"
                            + " name constraints not supported");
    }

    if (hasMax) {
        throw new IOException("Maximum BaseDistance in"
                            + " name constraints not supported");
    }

    X500Principal subjectPrincipal = cert.getSubjectX500Principal();
    X500Name subject = X500Name.asX500Name(subjectPrincipal);

    if (subject.isEmpty() == false) {
        if (verify(subject) == false) {
            return false;
        }
    }

    GeneralNames altNames = null;
    // extract altNames
    try {
        // extract extensions, if any, from certInfo
        // following returns null if certificate contains no extensions
        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
        SubjectAlternativeNameExtension altNameExt =
            certImpl.getSubjectAlternativeNameExtension();
        if (altNameExt != null) {
            // extract altNames from extension; this call does not
            // return an IOException on null altnames
            altNames = altNameExt.get(
                    SubjectAlternativeNameExtension.SUBJECT_NAME);
        }
    } catch (CertificateException ce) {
        throw new IOException("Unable to extract extensions from " +
                    "certificate: " + ce.getMessage());
    }

    // If there are no subjectAlternativeNames, perform the special-case
    // check where if the subjectName contains any EMAILADDRESS
    // attributes, they must be checked against RFC822 constraints.
    // If that passes, we're fine.
    if (altNames == null) {
        return verifyRFC822SpecialCase(subject);
    }

    // verify each subjectAltName
    for (int i = 0; i < altNames.size(); i++) {
        GeneralNameInterface altGNI = altNames.get(i).getName();
        if (!verify(altGNI)) {
            return false;
        }
    }

    // All tests passed.
    return true;
}
 
开发者ID:lambdalab-mirror,项目名称:jdk8u-jdk,代码行数:81,代码来源:NameConstraintsExtension.java


注:本文中的java.security.cert.X509Certificate.getSubjectX500Principal方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。