当前位置: 首页>>代码示例>>Java>>正文

Java TrustedCertificates.getCertificate方法代码示例

本文整理汇总了Java中org.globus.gsi.TrustedCertificates.getCertificate方法的典型用法代码示例。如果您正苦于以下问题:Java TrustedCertificates.getCertificate方法的具体用法?Java TrustedCertificates.getCertificate怎么用?Java TrustedCertificates.getCertificate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.globus.gsi.TrustedCertificates的用法示例。


在下文中一共展示了TrustedCertificates.getCertificate方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getCaCert

import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected X509Certificate getCaCert(X509Certificate userCert) throws InvalidSecurityContextException {
    TrustedCertificates tc = TrustedCertificates.getDefaultTrustedCertificates();
        
    X509Certificate caCert = tc.getCertificate(userCert.getIssuerDN().getName());
    if (caCert == null) {
        logger.warn("Cannot find root CA certificate for proxy");
        logger.warn("DNs of trusted certificates:");
        X509Certificate[] roots = tc.getCertificates();
        for (X509Certificate root : roots) {
            logger.warn("\t" + root.getSubjectDN());
        }
        throw new InvalidSecurityContextException("Failed to find root CA certificate (" + userCert.getIssuerDN().getName() + ")");
    }
    else {
        return caCert;
    }
}
开发者ID:swift-lang,项目名称:swift-k,代码行数:18,代码来源:ProxyForwarder.java

示例2: getCertificateType

import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
/**
    * Returns certificate type of the given certificate. 
    * This function calls {@link #getCertificateType(TBSCertificateStructure) 
    * getCertificateType} to get the certificate type. In case
    * the certificate type was initially determined as 
    * {@link GSIConstants#EEC GSIConstants.EEC} it is checked
    * against the trusted certificate list to see if it really
    * is a CA certificate. If the certificate is present in the
    * trusted certificate list the certificate type is changed
    * to {@link GSIConstants#CA GSIConstants.CA}. Otherwise, it is
    * left as it is (This is useful in cases where a valid CA
    * certificate does not have a BasicConstraints extension)
    *
    * @param crt the certificate to get the type of.
    * @param trustedCerts the trusted certificates to double check the 
    *                     {@link GSIConstants#EEC GSIConstants.EEC} 
    *                     certificate against. If null, a default
    *                     set of trusted certificate will be loaded
    *                     from a standard location.
    * @return the certificate type. The certificate type is determined
    *         by rules described above.
    * @exception IOException if something goes wrong.
    * @exception CertificateException for proxy certificates, if 
    *            the issuer DN of the certificate does not match
    *            the subject DN of the certificate without the
    *            last <I>CN</I> component. Also, for GSI-3 proxies
    *            when the <code>ProxyCertInfo</code> extension is 
    *            not marked as critical.
    */
   public static int getCertificateType(TBSCertificateStructure crt,
				 TrustedCertificates trustedCerts) 
throws CertificateException, IOException {
int type = getCertificateType(crt);

// check subject of the cert in trusted cert list
// to make sure the cert is not a ca cert
if (type == GSIConstants.EEC) {
    if (trustedCerts == null) {
	trustedCerts = 
	    TrustedCertificates.getDefaultTrustedCertificates();
    } 
    if (trustedCerts != null && 
	trustedCerts.getCertificate(crt.getSubject().toString()) != null) {
	type = GSIConstants.CA;
    }
}

return type;
   }
开发者ID:NCIP,项目名称:cagrid-general,代码行数:50,代码来源:BouncyCastleUtil.java

示例3: checkCRL

import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected void checkCRL(X509Certificate cert, 
		    CertificateRevocationLists crlsList, 
		    TrustedCertificates trustedCerts) 
throws ProxyPathValidatorException {
if (crlsList == null) {
    return;
}

logger.debug("checkCRLs: enter");
// Should not happen, just a sanity check.
if (trustedCerts == null) {
    String err = "Trusted certificates are null, cannot verify CRLs";
    logger.error(err);
    throw new ProxyPathValidatorException(
		ProxyPathValidatorException.FAILURE, null, err);
}

String issuerName = cert.getIssuerDN().getName();
X509CRL crl = crlsList.getCrl(issuerName);
if (crl == null) {
    logger.debug("No CRL for certificate");
    return;
}

// get CA cert for the CRL
X509Certificate x509Cert = 
    trustedCerts.getCertificate(issuerName);
if (x509Cert == null) {
    // if there is no trusted certs from that CA, then
    // the chain cannot contain a cert from that CA,
    // which implies not checking this CRL should be fine.
    logger.debug("No trusted cert with this CA signature");
    return;
}

// validate CRL
try {
    crl.verify(x509Cert.getPublicKey());
} catch (Exception exp) {
    logger.error("CRL verification failed");
    throw new ProxyPathValidatorException(
		    ProxyPathValidatorException.FAILURE, exp);
}

Date now = new Date();
//check date validity of CRL
if ((crl.getThisUpdate().before(now)) ||
    ((crl.getNextUpdate()!=null) && 
     (crl.getNextUpdate().after(now)))) {
    if (crl.isRevoked(cert)) {
	throw new ProxyPathValidatorException(
			      ProxyPathValidatorException.REVOKED, 
			      cert, "This cert " 
			      + cert.getSubjectDN().getName() 
			      + " is on a CRL");
    }
}

logger.debug("checkCRLs: exit");
   }
开发者ID:NCIP,项目名称:cagrid-general,代码行数:61,代码来源:ProxyPathValidator.java

示例4: checkCRL

import org.globus.gsi.TrustedCertificates; //导入方法依赖的package包/类
protected void checkCRL(X509Certificate cert, CertificateRevocationLists crlsList, TrustedCertificates trustedCerts)
	throws ProxyPathValidatorException {
	if (crlsList == null) {
		return;
	}

	logger.debug("checkCRLs: enter");
	// Should not happen, just a sanity check.
	if (trustedCerts == null) {
		String err = "Trusted certificates are null, cannot verify CRLs";
		logger.error(err);
		throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, null, err);
	}

	String issuerName = cert.getIssuerDN().getName();
	X509CRL crl = crlsList.getCrl(issuerName);
	if (crl == null) {
		logger.debug("No CRL for certificate");
		return;
	}

	// get CA cert for the CRL
	X509Certificate x509Cert = trustedCerts.getCertificate(issuerName);
	if (x509Cert == null) {
		// if there is no trusted certs from that CA, then
		// the chain cannot contain a cert from that CA,
		// which implies not checking this CRL should be fine.
		logger.debug("No trusted cert with this CA signature");
		return;
	}

	// validate CRL
	try {
		crl.verify(x509Cert.getPublicKey());
	} catch (Exception exp) {
		logger.error("CRL verification failed");
		throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, exp);
	}

	Date now = new Date();
	// check date validity of CRL
	if ((crl.getThisUpdate().before(now)) || ((crl.getNextUpdate() != null) && (crl.getNextUpdate().after(now)))) {
		if (crl.isRevoked(cert)) {
			throw new ProxyPathValidatorException(ProxyPathValidatorException.REVOKED, cert, "This cert "
				+ cert.getSubjectDN().getName() + " is on a CRL");
		}
	}

	logger.debug("checkCRLs: exit");
}
开发者ID:NCIP,项目名称:cagrid-core,代码行数:51,代码来源:ProxyPathValidator.java


注:本文中的org.globus.gsi.TrustedCertificates.getCertificate方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。