Java X509Certificate.getInstance方法代码示例

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 *
 * @param sessionId The SSL session ID
 * @param cypherSuite The cypher suite name
 * @param certificate A string representation of the client certificate
 * @throws java.security.cert.CertificateException If the client cert could not be decoded
 * @throws CertificateException If the client cert could not be decoded
 */
public BasicSSLSessionInfo(byte[] sessionId, String cypherSuite, String certificate) throws java.security.cert.CertificateException, CertificateException {
    this.sessionId = sessionId;
    this.cypherSuite = cypherSuite;

    if (certificate != null) {
        java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
        byte[] certificateBytes = certificate.getBytes(US_ASCII);
        ByteArrayInputStream stream = new ByteArrayInputStream(certificateBytes);
        peerCertificate = cf.generateCertificate(stream);
        this.certificate = X509Certificate.getInstance(certificateBytes);
    } else {
        this.peerCertificate = null;
        this.certificate = null;
    }
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
@Test(description = "Handle request with device type URI with Mutual Auth Header",
        dependsOnMethods = "testHandleSuccessRequestProxyMutualAuthHeader")
public void testHandleSuccessRequestMutualAuthHeader() throws Exception {
    HashMap<String, String> transportHeaders = new HashMap<>();
    transportHeaders.put(AuthConstants.MUTUAL_AUTH_HEADER, "Test Header");
    setMockClient();
    this.mockClient.setResponse(getAccessTokenReponse());
    this.mockClient.setResponse(getValidationResponse());
    MessageContext messageContext = createSynapseMessageContext("<empty/>", this.synapseConfiguration,
            transportHeaders, "https://test.com/testservice/api/testdevice");
    org.apache.axis2.context.MessageContext axisMC = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
    String certStr = getContent(TestUtils.getAbsolutePathOfConfig("ra_cert.pem"));
    X509Certificate cert = X509Certificate.getInstance(new ByteArrayInputStream(certStr.
            getBytes(StandardCharsets.UTF_8.name())));
    axisMC.setProperty(AuthConstants.CLIENT_CERTIFICATE, new X509Certificate[]{cert});
    boolean response = this.handler.handleRequest(messageContext);
    Assert.assertTrue(response);
    this.mockClient.reset();
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Checks whether any active users' certificates are beyond the expiration threshold.
 */
@TransactionAttribute
public void checkCertificates() {

    List<UserAuthentication> auths = userAuthDao.findAll();

    Calendar cal = Calendar.getInstance();
    cal.add(Calendar.DATE, configuration.getCertificateCheckThreshold());
    Date cutoff = cal.getTime();

    for (UserAuthentication auth : auths) {
        if (auth.getActive() && auth.getCertificate() != null) {
            try {
                X509Certificate certificate = X509Certificate
                        .getInstance(Base64.decodeBase64(auth.getCertificate()));
                if (cutoff.after(certificate.getNotAfter())) {
                    notifyExpirationCheckFail(auth.getUser().getUsername());
                }
            } catch (CertificateException e) {
                logger.warn("Certificate could not be read", e);
            }
        }
    }
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
    // these are lazy created to reduce memory overhead
    X509Certificate[] c = x509PeerCerts;
    if (c == null) {
        if (SSL.isInInit(ssl) != 0) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        byte[][] chain = SSL.getPeerCertChain(ssl);
        if (chain == null) {
            throw new SSLPeerUnverifiedException("peer not verified");
        }
        X509Certificate[] peerCerts = new X509Certificate[chain.length];
        for (int i = 0; i < peerCerts.length; i++) {
            try {
                peerCerts[i] = X509Certificate.getInstance(chain[i]);
            } catch (CertificateException e) {
                throw new IllegalStateException(e);
            }
        }
        c = x509PeerCerts = peerCerts;
    }
    return c;
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
public CertificateMeta parse() throws IOException, CertificateException {
  X509Certificate certificate = X509Certificate.getInstance(Utils.toByteArray(in));
  CertificateMeta.Builder builder = CertificateMeta.newCertificateMeta();
  byte[] bytes = certificate.getEncoded();
  String certMd5 = md5Digest(bytes);
  String publicKeyString = byteToHexString(bytes);
  String certBase64Md5 = md5Digest(publicKeyString);
  builder.data(bytes);
  builder.certBase64Md5(certBase64Md5);
  builder.certMd5(certMd5);
  builder.startDate(certificate.getNotBefore());
  builder.endDate(certificate.getNotAfter());
  builder.signAlgorithm(certificate.getSigAlgName());
  builder.signAlgorithmOID(certificate.getSigAlgOID());
  return builder.build();
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
public mySSLSession(Certificate[] xc) throws CertificateEncodingException, CertificateException {
    certs = xc;
    xCerts = new X509Certificate[xc.length];
    int i = 0;
    for (Certificate cert : xc) {
        xCerts[i++] = X509Certificate.getInstance(cert.getEncoded());
    }
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
@Override
public X509Certificate[] getPeerCertificateChain() {
	if (peerCertificates == null) {
		return null;
	}
	X509Certificate[] chain = new X509Certificate[peerCertificates.length];
	try {
		for (int i = 0; i < peerCertificates.length; i ++) {
			chain[i] = X509Certificate.getInstance(peerCertificates[i].getEncoded());
		}
	} catch (CertificateException | GeneralSecurityException e) {
		Log.w(e.getMessage());
	}
	return chain;
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
public CertInfo(String certPath) {
    try {
        FileInputStream file = new FileInputStream(certPath);
        X509Certificate cert = X509Certificate.getInstance(file);
        this.certs = new X509Certificate[]{cert};
    } catch(FileNotFoundException|CertificateException e) {
        logger.error(e.getMessage(), e);
    }
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Scenario:
 *   - Select client key alias `gateway2`.
 *   - Mutual trust exists between gateway and API
 *   - We must use the `gateway2` cert NOT `gateway`.
 * @throws CertificateException the certificate exception
 * @throws IOException the IO exception
 */
@Test
public void shouldSucceedWhenValidKeyAlias() throws CertificateException, IOException  {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "password");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "password");
    config.put(TLSOptions.TLS_KEYPASSWORD, "password");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");

    config.put(TLSOptions.TLS_KEYALIASES, "gateway2");

    InputStream inStream = new FileInputStream(getResourcePath("2waytest/basic_mutual_auth_2/gateway2.cer"));
    final X509Certificate expectedCert = X509Certificate.getInstance(inStream);
    inStream.close();

    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false);
    IApiConnection connection = connector.connect(request,
            new IAsyncResultHandler<IApiConnectionResponse>() {

                @Override
                public void handle(IAsyncResult<IApiConnectionResponse> result) {
                    if (result.isError())
                        throw new RuntimeException(result.getError());

                    Assert.assertTrue(result.isSuccess());
                    // Assert that the expected certificate (associated with the private key by virtue)
                    // was the one used.
                    Assert.assertEquals(expectedCert.getSerialNumber(), clientSerial);
                }
            });

    connection.end();
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
/**
 * Scenario:
 *   - First alias invalid, second valid.
 *   - Mutual trust exists between gateway and API.
 *   - We must fall back to the valid alias.
 * @throws CertificateException the certificate exception
 * @throws IOException the IO exception
 */
@Test
public void shouldFallbackWhenMultipleAliasesAvailable() throws CertificateException, IOException  {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "password");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "password");
    config.put(TLSOptions.TLS_KEYPASSWORD, "password");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    // Only gateway2 is valid. `unrelated` is real but not trusted by API. others don't exist.
    config.put(TLSOptions.TLS_KEYALIASES, "unrelated, owt, or, nowt, gateway2, sonorous, unrelated");

    InputStream inStream = new FileInputStream(getResourcePath("2waytest/basic_mutual_auth_2/gateway2.cer"));
    final X509Certificate expectedCert = X509Certificate.getInstance(inStream);
    inStream.close();

    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false);
    IApiConnection connection = connector.connect(request,
            new IAsyncResultHandler<IApiConnectionResponse>() {

                @Override
                public void handle(IAsyncResult<IApiConnectionResponse> result) {
                    if (result.isError())
                        throw new RuntimeException(result.getError());

                    Assert.assertTrue(result.isSuccess());
                    // Assert that the expected certificate (associated with the private key by virtue)
                    // was the one used.
                    Assert.assertEquals(expectedCert.getSerialNumber(), clientSerial);
                }
            });

    connection.end();
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
private X509Certificate getCertificate(Client client) throws CertificateException, KeyStoreException, NoSuchProviderException, java.security.cert.CertificateException, NoSuchAlgorithmException, IOException {
	KeyStore keyStore = KeyStore.getInstance("pkcs12", "SunJSSE");
	keyStore.load(getClass().getResourceAsStream(client.path), client.password);

	return X509Certificate.getInstance(keyStore.getCertificate(keyStore.aliases().nextElement()).getEncoded());
}
 

import javax.security.cert.X509Certificate; //导入方法依赖的package包/类
private X509Certificate generateCertificate(String cert) throws CertificateException {
    return X509Certificate.getInstance(cert.getBytes(StandardCharsets.US_ASCII));
}