本文整理汇总了Java中java.security.cert.X509Certificate.verify方法的典型用法代码示例。如果您正苦于以下问题:Java X509Certificate.verify方法的具体用法?Java X509Certificate.verify怎么用?Java X509Certificate.verify使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类java.security.cert.X509Certificate的用法示例。
在下文中一共展示了X509Certificate.verify方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: verifyCerts
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static void verifyCerts(Certificate[] certs) throws Exception {
int n = certs.length;
for (int i = 0; i < n - 1; i++) {
X509Certificate cert = (X509Certificate)certs[i];
X509Certificate issuer = (X509Certificate)certs[i + 1];
if (cert.getIssuerX500Principal().equals(issuer.getSubjectX500Principal()) == false) {
throw new Exception("Certificates do not chain");
}
cert.verify(issuer.getPublicKey());
System.out.println("Verified: " + cert.getSubjectX500Principal());
}
X509Certificate last = (X509Certificate)certs[n - 1];
// if self-signed, verify the final cert
if (last.getIssuerX500Principal().equals(last.getSubjectX500Principal())) {
last.verify(last.getPublicKey());
System.out.println("Verified: " + last.getSubjectX500Principal());
}
}
示例2: findByIssuerAndSignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
X500Principal issuer = cert.getIssuerX500Principal();
Set<X509Certificate> subjectCaCerts = subjectToCaCerts.get(issuer);
if (subjectCaCerts == null) return null;
for (X509Certificate caCert : subjectCaCerts) {
PublicKey publicKey = caCert.getPublicKey();
try {
cert.verify(publicKey);
return caCert;
} catch (Exception ignored) {
}
}
return null;
}
示例3: main
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void main(Provider p) throws Exception {
/*
* Use Solaris SPARC 11.2 or later to avoid an intermittent failure
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
"Solaris SPARC 11.2 or later, skipping");
return;
}
long start = System.currentTimeMillis();
Providers.setAt(p, 1);
try {
String PROVIDER = p.getName();
String javaHome = props.getProperty("java.home");
String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
KeyStore ks;
try (InputStream in = new FileInputStream(caCerts)) {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, null);
}
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String)e.nextElement();
if (ks.isCertificateEntry(alias)) {
System.out.println("* Testing " + alias + "...");
X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
PublicKey key = cert.getPublicKey();
String alg = key.getAlgorithm();
if (alg.equals("RSA")) {
System.out.println("Signature algorithm: " + cert.getSigAlgName());
cert.verify(key, PROVIDER);
} else {
System.out.println("Skipping cert with key: " + alg);
}
} else {
System.out.println("Skipping alias " + alias);
}
}
long stop = System.currentTimeMillis();
System.out.println("All tests passed (" + (stop - start) + " ms).");
} finally {
Security.removeProvider(p.getName());
}
}
示例4: verifySignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Verifies that the given certificate was signed using the private key that corresponds to the
* public key of the provided certificate.
*
* @param certificate The X509Certificate which is to be checked
* @param issuingCertificate The X.509 certificate which holds the public key corresponding to the private
* key with which the given certificate should have been signed
* @return True, if the verification was successful, false otherwise
*/
public static boolean verifySignature(X509Certificate certificate, X509Certificate issuingCertificate) {
X500Principal subject = certificate.getSubjectX500Principal();
X500Principal expectedIssuerSubject = certificate.getIssuerX500Principal();
X500Principal issuerSubject = issuingCertificate.getSubjectX500Principal();
PublicKey publicKeyForSignature = issuingCertificate.getPublicKey();
try {
certificate.verify(publicKeyForSignature);
return true;
} catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException |
NoSuchProviderException | SignatureException e) {
getLogger().warn("\n"
+ "\tSignature verification of certificate having distinguished name \n"
+ "\t'" + subject.getName() + "'\n"
+ "\twith certificate having distinguished name (the issuer) \n"
+ "\t'" + issuerSubject.getName() + "'\n"
+ "\tfailed. Expected issuer has distinguished name \n"
+ "\t'" + expectedIssuerSubject.getName() + "' (" + e.getClass().getSimpleName() + ")", e);
}
return false;
}
示例5: buildChain
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
示例6: checkServerTrusted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException {
if (x509Certificates == null) {
throw new IllegalArgumentException("Check Server x509Certificates is null");
}
if (x509Certificates.length < 0) {
throw new IllegalArgumentException("Check Server x509Certificates is empty");
}
try {
for (X509Certificate cert : x509Certificates) {
// Make sure that it hasn't expired.
cert.checkValidity();
//和App预埋的证书做对比
cert.verify(mCertificate.getPublicKey());
}
} catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) {
e.printStackTrace();
}
}
示例7: verifySignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/** Returns true if {@code toVerify} was signed by {@code signingCert}'s public key. */
private boolean verifySignature(X509Certificate toVerify, X509Certificate signingCert) {
if (!toVerify.getIssuerDN().equals(signingCert.getSubjectDN())) return false;
try {
toVerify.verify(signingCert.getPublicKey());
return true;
} catch (GeneralSecurityException verifyFailed) {
return false;
}
}
示例8: verifySignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private boolean verifySignature(X509Certificate toVerify, X509Certificate signingCert) {
if (!toVerify.getIssuerDN().equals(signingCert.getSubjectDN())) {
return false;
}
try {
toVerify.verify(signingCert.getPublicKey());
return true;
} catch (GeneralSecurityException e) {
return false;
}
}
示例9: verifyX509Certificate
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey,
String sigProvider)
throws GeneralSecurityException
{
if (sigProvider == null)
{
cert.verify(publicKey);
}
else
{
cert.verify(publicKey, sigProvider);
}
}
示例10: checkIsSelfSigned
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static boolean checkIsSelfSigned(X509Certificate cert){
try{
cert.verify(cert.getPublicKey());
return true;
}catch(Exception ex){}
return false;
}
示例11: getCaCertOf
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static X509Certificate getCaCertOf(X509Certificate cert,
Set<? extends Certificate> caCerts) throws CertificateEncodingException {
ParamUtil.requireNonNull("cert", cert);
if (isSelfSigned(cert)) {
return null;
}
for (Certificate caCert : caCerts) {
if (!(caCert instanceof X509Certificate)) {
continue;
}
X509Certificate x509CaCert = (X509Certificate) caCert;
if (!issues(x509CaCert, cert)) {
continue;
}
try {
cert.verify(x509CaCert.getPublicKey());
return x509CaCert;
} catch (Exception ex) {
LOG.warn("could not verify certificate: {}", ex.getMessage());
}
}
return null;
}
示例12: signedBy
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public static boolean signedBy(X509Certificate end, X509Certificate ca) {
if (!ca.getSubjectX500Principal().equals(end.getIssuerX500Principal())) {
return false;
}
try {
end.verify(ca.getPublicKey());
return true;
} catch (Exception e) {
return false;
}
}
示例13: isValidLink
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
private static boolean isValidLink(X509Certificate parent, X509Certificate child) {
if (!parent.getSubjectX500Principal().equals(child.getIssuerX500Principal())) {
return false;
}
try {
child.verify(parent.getPublicKey());
return true;
} catch (GeneralSecurityException e) {
return false;
}
}
示例14: isPathCompleted
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
* Verifies whether the input certificate completes the path.
* Checks the cert against each trust anchor that was specified, in order,
* and returns true as soon as it finds a valid anchor.
* Returns true if the cert matches a trust anchor specified as a
* certificate or if the cert verifies with a trust anchor that
* was specified as a trusted {pubkey, caname} pair. Returns false if none
* of the trust anchors are valid for this cert.
*
* @param cert the certificate to test
* @return a boolean value indicating whether the cert completes the path.
*/
@Override
boolean isPathCompleted(X509Certificate cert) {
for (TrustAnchor anchor : trustAnchors) {
if (anchor.getTrustedCert() != null) {
if (cert.equals(anchor.getTrustedCert())) {
this.trustAnchor = anchor;
return true;
} else {
continue;
}
}
X500Principal principal = anchor.getCA();
PublicKey publicKey = anchor.getCAPublicKey();
if (principal != null && publicKey != null &&
principal.equals(cert.getSubjectX500Principal())) {
if (publicKey.equals(cert.getPublicKey())) {
// the cert itself is a trust anchor
this.trustAnchor = anchor;
return true;
}
// else, it is a self-issued certificate of the anchor
}
// Check subject/issuer name chaining
if (principal == null ||
!principal.equals(cert.getIssuerX500Principal())) {
continue;
}
// skip anchor if it contains a DSA key with no DSA params
if (PKIX.isDSAPublicKeyWithoutParams(publicKey)) {
continue;
}
/*
* Check signature
*/
try {
cert.verify(publicKey, buildParams.sigProvider());
} catch (InvalidKeyException ike) {
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() invalid "
+ "DSA key found");
}
continue;
} catch (GeneralSecurityException e){
if (debug != null) {
debug.println("ForwardBuilder.isPathCompleted() " +
"unexpected exception");
e.printStackTrace();
}
continue;
}
this.trustAnchor = anchor;
return true;
}
return false;
}
示例15: findByIssuerAndSignature
import java.security.cert.X509Certificate; //导入方法依赖的package包/类
public X509Certificate findByIssuerAndSignature(X509Certificate cert) {
List<X509Certificate> subjectCaCerts = (List) this.subjectToCaCerts.get(cert
.getIssuerX500Principal());
if (subjectCaCerts == null) {
return null;
}
for (X509Certificate caCert : subjectCaCerts) {
try {
cert.verify(caCert.getPublicKey());
return caCert;
} catch (Exception e) {
}
}
return null;
}