本文整理汇总了Java中javax.net.ssl.X509TrustManager.checkClientTrusted方法的典型用法代码示例。如果您正苦于以下问题:Java X509TrustManager.checkClientTrusted方法的具体用法?Java X509TrustManager.checkClientTrusted怎么用?Java X509TrustManager.checkClientTrusted使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类javax.net.ssl.X509TrustManager
的用法示例。
在下文中一共展示了X509TrustManager.checkClientTrusted方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: checkClientTrusted
import javax.net.ssl.X509TrustManager; //导入方法依赖的package包/类
@Override
public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
for (final X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkClientTrusted(chain, authType);
return;
} catch (final CertificateException e) {
LOGGER.debug(e.getMessage(), e);
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:13,代码来源:FileTrustStoreSslSocketFactory.java
示例2: checkClientTrusted
import javax.net.ssl.X509TrustManager; //导入方法依赖的package包/类
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkClientTrusted(chain, authType);
} else {
throw new CertificateException("Unknown client chain certificate: " +
chain[0].toString());
}
}
示例3: checkClientTrusted
import javax.net.ssl.X509TrustManager; //导入方法依赖的package包/类
@Override
public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
CertificateException catchException = null;
for (X509TrustManager tm : trustManagers) {
try {
tm.checkClientTrusted(certificates, authType);
return;
} catch (CertificateException e) {
catchException = e;
}
}
throw catchException;
}
示例4: validateCertificateChain
import javax.net.ssl.X509TrustManager; //导入方法依赖的package包/类
/**
* Performs Certificate Chain Validation on provided certificates. The method verifies if the client certificates provided are generated from root certificates
* trusted by application.
*
* @param clientCerts Collection of X509Certificates provided in request
* @param trustCerts Collection of X509Certificates trusted by application
* @param authType Auth Type for Certificate
* @return true if client and server are chained together, false otherwise
* @throws PayPalRESTException
*/
public static boolean validateCertificateChain(Collection<X509Certificate> clientCerts, Collection<X509Certificate> trustCerts, String authType) throws PayPalRESTException {
TrustManager trustManagers[];
X509Certificate[] clientChain;
try {
clientChain = clientCerts.toArray(new X509Certificate[0]);
List<X509Certificate> list = Arrays.asList(clientChain);
clientChain = list.toArray(new X509Certificate[0]);
// Create a Keystore and load the Root CA Cert
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, "".toCharArray());
// Iterate through each certificate and add to keystore
int i = 0;
for (Iterator<X509Certificate> payPalCertificate = trustCerts.iterator(); payPalCertificate.hasNext(); ) {
X509Certificate x509Certificate = (X509Certificate) payPalCertificate.next();
keyStore.setCertificateEntry("paypalCert" + i, x509Certificate);
i++;
}
// Create TrustManager
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
trustManagers = trustManagerFactory.getTrustManagers();
} catch (Exception ex) {
throw new PayPalRESTException(ex);
}
// For Each TrustManager of type X509
for (TrustManager trustManager : trustManagers) {
if (trustManager instanceof X509TrustManager) {
X509TrustManager pkixTrustManager = (X509TrustManager) trustManager;
// Check the trust manager if server is trusted
try {
pkixTrustManager.checkClientTrusted(clientChain, (authType == null || authType == "") ? "RSA" : authType);
// Checks that the certificate is currently valid. It is if the current date and time are within the validity period given in the certificate.
for (X509Certificate cert : clientChain) {
cert.checkValidity();
// Check for CN name matching
String dn = cert.getSubjectX500Principal().getName();
String[] tokens = dn.split(",");
boolean hasPaypalCn = false;
for (String token : tokens) {
if (token.startsWith("CN=messageverificationcerts") && token.endsWith(".paypal.com")) {
hasPaypalCn = true;
}
}
if (!hasPaypalCn) {
throw new PayPalRESTException("CN of client certificate does not match with trusted CN");
}
}
// If everything looks good, return true
return true;
} catch (CertificateException e) {
throw new PayPalRESTException(e);
}
}
}
return false;
}