本文整理汇总了Java中java.security.cert.X509Certificate.getVersion方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.getVersion方法的具体用法?Java X509Certificate.getVersion怎么用?Java X509Certificate.getVersion使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate
的用法示例。
在下文中一共展示了X509Certificate.getVersion方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getSKIBytesFromCert
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Method getSKIBytesFromCert
*
* @param cert
* @return ski bytes from the given certificate
*
* @throws XMLSecurityException
* @see java.security.cert.X509Extension#getExtensionValue(java.lang.String)
*/
public static byte[] getSKIBytesFromCert(X509Certificate cert)
throws XMLSecurityException {
if (cert.getVersion() < 3) {
Object exArgs[] = { Integer.valueOf(cert.getVersion()) };
throw new XMLSecurityException("certificate.noSki.lowVersion", exArgs);
}
/*
* Gets the DER-encoded OCTET string for the extension value
* (extnValue) identified by the passed-in oid String. The oid
* string is represented by a set of positive whole numbers
* separated by periods.
*/
byte[] extensionValue = cert.getExtensionValue(XMLX509SKI.SKI_OID);
if (extensionValue == null) {
throw new XMLSecurityException("certificate.noSki.null");
}
/**
* Strip away first four bytes from the extensionValue
* The first two bytes are the tag and length of the extensionValue
* OCTET STRING, and the next two bytes are the tag and length of
* the ski OCTET STRING.
*/
byte skidValue[] = new byte[extensionValue.length - 4];
System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
if (log.isLoggable(java.util.logging.Level.FINE)) {
log.log(java.util.logging.Level.FINE, "Base64 of SKI is " + Base64.encode(skidValue));
}
return skidValue;
}
示例2: printX509Cert
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Prints a certificate in a human readable format.
*/
private void printX509Cert(X509Certificate cert, PrintStream out)
throws Exception
{
MessageFormat form = new MessageFormat
(rb.getString(".PATTERN.printX509Cert.with.weak"));
PublicKey pkey = cert.getPublicKey();
String sigName = cert.getSigAlgName();
// No need to warn about sigalg of a trust anchor
if (!isTrustedCert(cert)) {
sigName = withWeak(sigName);
}
Object[] source = {cert.getSubjectDN().toString(),
cert.getIssuerDN().toString(),
cert.getSerialNumber().toString(16),
cert.getNotBefore().toString(),
cert.getNotAfter().toString(),
getCertFingerPrint("SHA-1", cert),
getCertFingerPrint("SHA-256", cert),
sigName,
withWeak(pkey),
cert.getVersion()
};
out.println(form.format(source));
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME
+ "." +
X509CertImpl.INFO);
CertificateExtensions exts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
if (exts != null) {
printExtensions(rb.getString("Extensions."), exts, out);
}
}
}
示例3: checkBasicConstraints
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Internal method to check that a given cert meets basic constraints.
*/
private void checkBasicConstraints(X509Certificate currCert)
throws CertPathValidatorException
{
String msg = "basic constraints";
if (debug != null) {
debug.println("---checking " + msg + "...");
debug.println("i = " + i);
debug.println("maxPathLength = " + maxPathLength);
}
/* check if intermediate cert */
if (i < certPathLength) {
// RFC5280: If certificate i is a version 3 certificate, verify
// that the basicConstraints extension is present and that cA is
// set to TRUE. (If certificate i is a version 1 or version 2
// certificate, then the application MUST either verify that
// certificate i is a CA certificate through out-of-band means
// or reject the certificate. Conforming implementations may
// choose to reject all version 1 and version 2 intermediate
// certificates.)
//
// We choose to reject all version 1 and version 2 intermediate
// certificates except that it is self issued by the trust
// anchor in order to support key rollover or changes in
// certificate policies.
int pathLenConstraint = -1;
if (currCert.getVersion() < 3) { // version 1 or version 2
if (i == 1) { // issued by a trust anchor
if (X509CertImpl.isSelfIssued(currCert)) {
pathLenConstraint = Integer.MAX_VALUE;
}
}
} else {
pathLenConstraint = currCert.getBasicConstraints();
}
if (pathLenConstraint == -1) {
throw new CertPathValidatorException
(msg + " check failed: this is not a CA certificate",
null, null, -1, PKIXReason.NOT_CA_CERT);
}
if (!X509CertImpl.isSelfIssued(currCert)) {
if (maxPathLength <= 0) {
throw new CertPathValidatorException
(msg + " check failed: pathLenConstraint violated - "
+ "this cert must be the last cert in the "
+ "certification path", null, null, -1,
PKIXReason.PATH_TOO_LONG);
}
maxPathLength--;
}
if (pathLenConstraint < maxPathLength)
maxPathLength = pathLenConstraint;
}
if (debug != null) {
debug.println("after processing, maxPathLength = " + maxPathLength);
debug.println(msg + " verified.");
}
}
示例4: printX509Cert
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Prints a certificate in a human readable format.
*/
private void printX509Cert(X509Certificate cert, PrintStream out)
throws Exception
{
/*
out.println("Owner: "
+ cert.getSubjectDN().toString()
+ "\n"
+ "Issuer: "
+ cert.getIssuerDN().toString()
+ "\n"
+ "Serial number: " + cert.getSerialNumber().toString(16)
+ "\n"
+ "Valid from: " + cert.getNotBefore().toString()
+ " until: " + cert.getNotAfter().toString()
+ "\n"
+ "Certificate fingerprints:\n"
+ "\t MD5: " + getCertFingerPrint("MD5", cert)
+ "\n"
+ "\t SHA1: " + getCertFingerPrint("SHA1", cert));
*/
MessageFormat form = new MessageFormat
(rb.getString(".PATTERN.printX509Cert"));
Object[] source = {cert.getSubjectDN().toString(),
cert.getIssuerDN().toString(),
cert.getSerialNumber().toString(16),
cert.getNotBefore().toString(),
cert.getNotAfter().toString(),
getCertFingerPrint("MD5", cert),
getCertFingerPrint("SHA1", cert),
getCertFingerPrint("SHA-256", cert),
cert.getSigAlgName(),
cert.getVersion()
};
out.println(form.format(source));
if (cert instanceof X509CertImpl) {
X509CertImpl impl = (X509CertImpl)cert;
X509CertInfo certInfo = (X509CertInfo)impl.get(X509CertImpl.NAME
+ "." +
X509CertImpl.INFO);
CertificateExtensions exts = (CertificateExtensions)
certInfo.get(X509CertInfo.EXTENSIONS);
if (exts != null) {
printExtensions(rb.getString("Extensions."), exts, out);
}
}
}
示例5: checkBasicConstraints
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Internal method to check that a given cert meets basic constraints.
*/
private void checkBasicConstraints(X509Certificate currCert)
throws CertPathValidatorException
{
String msg = "basic constraints";
if (debug != null) {
debug.println("---checking " + msg + "...");
debug.println("i = " + i +
", maxPathLength = " + maxPathLength);
}
/* check if intermediate cert */
if (i < certPathLength) {
// RFC5280: If certificate i is a version 3 certificate, verify
// that the basicConstraints extension is present and that cA is
// set to TRUE. (If certificate i is a version 1 or version 2
// certificate, then the application MUST either verify that
// certificate i is a CA certificate through out-of-band means
// or reject the certificate. Conforming implementations may
// choose to reject all version 1 and version 2 intermediate
// certificates.)
//
// We choose to reject all version 1 and version 2 intermediate
// certificates except that it is self issued by the trust
// anchor in order to support key rollover or changes in
// certificate policies.
int pathLenConstraint = -1;
if (currCert.getVersion() < 3) { // version 1 or version 2
if (i == 1) { // issued by a trust anchor
if (X509CertImpl.isSelfIssued(currCert)) {
pathLenConstraint = Integer.MAX_VALUE;
}
}
} else {
pathLenConstraint = currCert.getBasicConstraints();
}
if (pathLenConstraint == -1) {
throw new CertPathValidatorException
(msg + " check failed: this is not a CA certificate",
null, null, -1, PKIXReason.NOT_CA_CERT);
}
if (!X509CertImpl.isSelfIssued(currCert)) {
if (maxPathLength <= 0) {
throw new CertPathValidatorException
(msg + " check failed: pathLenConstraint violated - "
+ "this cert must be the last cert in the "
+ "certification path", null, null, -1,
PKIXReason.PATH_TOO_LONG);
}
maxPathLength--;
}
if (pathLenConstraint < maxPathLength)
maxPathLength = pathLenConstraint;
}
if (debug != null) {
debug.println("after processing, maxPathLength = " + maxPathLength);
debug.println(msg + " verified.");
}
}