本文整理汇总了Java中org.globus.gsi.TrustedCertificates.getCertificate方法的典型用法代码示例。如果您正苦于以下问题:Java TrustedCertificates.getCertificate方法的具体用法?Java TrustedCertificates.getCertificate怎么用?Java TrustedCertificates.getCertificate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.globus.gsi.TrustedCertificates
的用法示例。
在下文中一共展示了TrustedCertificates.getCertificate方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getCaCert
import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected X509Certificate getCaCert(X509Certificate userCert) throws InvalidSecurityContextException {
TrustedCertificates tc = TrustedCertificates.getDefaultTrustedCertificates();
X509Certificate caCert = tc.getCertificate(userCert.getIssuerDN().getName());
if (caCert == null) {
logger.warn("Cannot find root CA certificate for proxy");
logger.warn("DNs of trusted certificates:");
X509Certificate[] roots = tc.getCertificates();
for (X509Certificate root : roots) {
logger.warn("\t" + root.getSubjectDN());
}
throw new InvalidSecurityContextException("Failed to find root CA certificate (" + userCert.getIssuerDN().getName() + ")");
}
else {
return caCert;
}
}
示例2: getCertificateType
import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
/**
* Returns certificate type of the given certificate.
* This function calls {@link #getCertificateType(TBSCertificateStructure)
* getCertificateType} to get the certificate type. In case
* the certificate type was initially determined as
* {@link GSIConstants#EEC GSIConstants.EEC} it is checked
* against the trusted certificate list to see if it really
* is a CA certificate. If the certificate is present in the
* trusted certificate list the certificate type is changed
* to {@link GSIConstants#CA GSIConstants.CA}. Otherwise, it is
* left as it is (This is useful in cases where a valid CA
* certificate does not have a BasicConstraints extension)
*
* @param crt the certificate to get the type of.
* @param trustedCerts the trusted certificates to double check the
* {@link GSIConstants#EEC GSIConstants.EEC}
* certificate against. If null, a default
* set of trusted certificate will be loaded
* from a standard location.
* @return the certificate type. The certificate type is determined
* by rules described above.
* @exception IOException if something goes wrong.
* @exception CertificateException for proxy certificates, if
* the issuer DN of the certificate does not match
* the subject DN of the certificate without the
* last <I>CN</I> component. Also, for GSI-3 proxies
* when the <code>ProxyCertInfo</code> extension is
* not marked as critical.
*/
public static int getCertificateType(TBSCertificateStructure crt,
TrustedCertificates trustedCerts)
throws CertificateException, IOException {
int type = getCertificateType(crt);
// check subject of the cert in trusted cert list
// to make sure the cert is not a ca cert
if (type == GSIConstants.EEC) {
if (trustedCerts == null) {
trustedCerts =
TrustedCertificates.getDefaultTrustedCertificates();
}
if (trustedCerts != null &&
trustedCerts.getCertificate(crt.getSubject().toString()) != null) {
type = GSIConstants.CA;
}
}
return type;
}
示例3: checkCRL
import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected void checkCRL(X509Certificate cert,
CertificateRevocationLists crlsList,
TrustedCertificates trustedCerts)
throws ProxyPathValidatorException {
if (crlsList == null) {
return;
}
logger.debug("checkCRLs: enter");
// Should not happen, just a sanity check.
if (trustedCerts == null) {
String err = "Trusted certificates are null, cannot verify CRLs";
logger.error(err);
throw new ProxyPathValidatorException(
ProxyPathValidatorException.FAILURE, null, err);
}
String issuerName = cert.getIssuerDN().getName();
X509CRL crl = crlsList.getCrl(issuerName);
if (crl == null) {
logger.debug("No CRL for certificate");
return;
}
// get CA cert for the CRL
X509Certificate x509Cert =
trustedCerts.getCertificate(issuerName);
if (x509Cert == null) {
// if there is no trusted certs from that CA, then
// the chain cannot contain a cert from that CA,
// which implies not checking this CRL should be fine.
logger.debug("No trusted cert with this CA signature");
return;
}
// validate CRL
try {
crl.verify(x509Cert.getPublicKey());
} catch (Exception exp) {
logger.error("CRL verification failed");
throw new ProxyPathValidatorException(
ProxyPathValidatorException.FAILURE, exp);
}
Date now = new Date();
//check date validity of CRL
if ((crl.getThisUpdate().before(now)) ||
((crl.getNextUpdate()!=null) &&
(crl.getNextUpdate().after(now)))) {
if (crl.isRevoked(cert)) {
throw new ProxyPathValidatorException(
ProxyPathValidatorException.REVOKED,
cert, "This cert "
+ cert.getSubjectDN().getName()
+ " is on a CRL");
}
}
logger.debug("checkCRLs: exit");
}
示例4: checkCRL
import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected void checkCRL(X509Certificate cert, CertificateRevocationLists crlsList, TrustedCertificates trustedCerts)
throws ProxyPathValidatorException {
if (crlsList == null) {
return;
}
logger.debug("checkCRLs: enter");
// Should not happen, just a sanity check.
if (trustedCerts == null) {
String err = "Trusted certificates are null, cannot verify CRLs";
logger.error(err);
throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, null, err);
}
String issuerName = cert.getIssuerDN().getName();
X509CRL crl = crlsList.getCrl(issuerName);
if (crl == null) {
logger.debug("No CRL for certificate");
return;
}
// get CA cert for the CRL
X509Certificate x509Cert = trustedCerts.getCertificate(issuerName);
if (x509Cert == null) {
// if there is no trusted certs from that CA, then
// the chain cannot contain a cert from that CA,
// which implies not checking this CRL should be fine.
logger.debug("No trusted cert with this CA signature");
return;
}
// validate CRL
try {
crl.verify(x509Cert.getPublicKey());
} catch (Exception exp) {
logger.error("CRL verification failed");
throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, exp);
}
Date now = new Date();
// check date validity of CRL
if ((crl.getThisUpdate().before(now)) || ((crl.getNextUpdate() != null) && (crl.getNextUpdate().after(now)))) {
if (crl.isRevoked(cert)) {
throw new ProxyPathValidatorException(ProxyPathValidatorException.REVOKED, cert, "This cert "
+ cert.getSubjectDN().getName() + " is on a CRL");
}
}
logger.debug("checkCRLs: exit");
}