本文整理匯總了Java中java.security.cert.CertPathBuilder.build方法的典型用法代碼示例。如果您正苦於以下問題:Java CertPathBuilder.build方法的具體用法?Java CertPathBuilder.build怎麽用?Java CertPathBuilder.build使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類java.security.cert.CertPathBuilder的用法示例。
在下文中一共展示了CertPathBuilder.build方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。
示例1: checkResult
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void checkResult(CertPathBuilder certBuild)
throws InvalidAlgorithmParameterException,
CertPathBuilderException {
String dt = CertPathBuilder.getDefaultType();
String propName = CertPathBuilder1Test.DEFAULT_TYPE_PROPERTY;
String dtN;
for (int i = 0; i <invalidValues.length; i++) {
Security.setProperty(propName, invalidValues[i]);
dtN = CertPathBuilder.getDefaultType();
if (!dtN.equals(invalidValues[i]) && !dtN.equals(dt)) {
fail("Incorrect default type: ".concat(dtN));
}
}
Security.setProperty(propName, dt);
assertEquals("Incorrect default type", CertPathBuilder.getDefaultType(),
dt);
try {
certBuild.build(null);
fail("CertPathBuilderException must be thrown");
} catch (CertPathBuilderException e) {
}
CertPathBuilderResult cpbResult = certBuild.build(null);
assertNull("Not null CertPathBuilderResult", cpbResult);
}
示例2: checkResult
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void checkResult(CertPathBuilder certBuild)
throws InvalidAlgorithmParameterException,
CertPathBuilderException {
String dt = CertPathBuilder.getDefaultType();
String propName = CertPathBuilder1Test.DEFAULT_TYPE_PROPERTY;
String dtN;
for (int i = 0; i <invalidValues.length; i++) {
Security.setProperty(propName, invalidValues[i]);
dtN = CertPathBuilder.getDefaultType();
if (!dtN.equals(invalidValues[i]) && !dtN.equals(dt)) {
fail("Incorrect default type: ".concat(dtN));
}
}
Security.setProperty(propName, dt);
assertEquals("Incorrect default type", CertPathBuilder.getDefaultType(),
dt);
try {
certBuild.build(null);
fail("CertPathBuilderException must be thrown");
} catch (CertPathBuilderException e) {
}
CertPathBuilderResult cpbResult = certBuild.build(null);
assertNull("Not null CertPathBuilderResult", cpbResult);
}
示例3: doBuild
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void doBuild(X509Certificate userCert) throws Exception {
// get the set of trusted CA certificates (only one in this instance)
HashSet trustAnchors = new HashSet();
X509Certificate trustedCert = getTrustedCertificate();
trustAnchors.add(new TrustAnchor(trustedCert, null));
// put together a CertStore (repository of the certificates and CRLs)
ArrayList certs = new ArrayList();
certs.add(trustedCert);
certs.add(userCert);
CollectionCertStoreParameters certStoreParams = new CollectionCertStoreParameters(certs);
CertStore certStore = CertStore.getInstance("Collection", certStoreParams);
// specify the target certificate via a CertSelector
X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(userCert);
certSelector.setSubject(userCert.getSubjectDN().getName()); // seems to be required
// build a valid cerificate path
CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX", "SUN");
PKIXBuilderParameters certPathBuilderParams = new PKIXBuilderParameters(trustAnchors, certSelector);
certPathBuilderParams.addCertStore(certStore);
certPathBuilderParams.setRevocationEnabled(false);
CertPathBuilderResult result = certPathBuilder.build(certPathBuilderParams);
// get and show cert path
CertPath certPath = result.getCertPath();
// System.out.println(certPath.toString());
}
示例4: build
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Perform a PKIX build.
*
* @param params PKIXBuilderParameters to use in building
* @throws Exception on error
*/
public static void build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult cpbr = builder.build(params);
}
示例5: build
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Perform a PKIX build.
*
* @param params PKIXBuilderParameters to use in the build
* @throws Exception on error
*/
public static void build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX", "SUN");
CertPathBuilderResult cpbr = builder.build(params);
}
示例6: build
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Perform a PKIX path build. On failure, throw an exception.
*
* @param params PKIXBuilderParameters to use in validation
* @throws Exception on error
*/
public static PKIXCertPathBuilderResult build(PKIXBuilderParameters params)
throws Exception {
CertPathBuilder builder =
CertPathBuilder.getInstance("PKIX");
return (PKIXCertPathBuilderResult) builder.build(params);
}
示例7: verifyCertificate
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
Set<X509Certificate> intermediateCerts, boolean verifySelfSignedCert) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(
intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
示例8: setUp
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
@Override
protected void setUp() throws Exception {
super.setUp();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
CertificateFactory certificateFactory = CertificateFactory.getInstance(
"X509");
X509Certificate selfSignedcertificate =
(X509Certificate) certificateFactory.generateCertificate(
new ByteArrayInputStream(selfSignedCert.getBytes()));
keyStore.setCertificateEntry("selfSignedCert", selfSignedcertificate);
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setCertificate(selfSignedcertificate);
List<Certificate> certList = new ArrayList<Certificate>();
certList.add(selfSignedcertificate);
CertStoreParameters storeParams = new CollectionCertStoreParameters(
certList);
CertStore certStore = CertStore.getInstance("Collection", storeParams);
PKIXBuilderParameters parameters = new PKIXBuilderParameters(keyStore,
targetConstraints);
parameters.addCertStore(certStore);
parameters.setRevocationEnabled(false);
CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX");
CertPathBuilderResult builderResult = pathBuilder.build(parameters);
certPath = builderResult.getCertPath();
params = new PKIXParameters(keyStore);
params.setRevocationEnabled(false);
}
示例9: verifyCertificate
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Attempts to build a certification chain for given certificate and to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
* @param cert - certificate for validation
* @param trustedRootCerts - set of trusted root CA certificates
* @param intermediateCerts - set of intermediate certificates
* @return the certification chain (if verification is successful)
* @throws GeneralSecurityException - if the verification is not successful
* (e.g. certification path cannot be built or some certificate in the
* chain is expired)
*/
private static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> trustedRootCerts,
Set<X509Certificate> intermediateCerts) throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(cert);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams =
new PKIXBuilderParameters(trustAnchors, selector);
// Disable CRL checks (this is done manually as additional step)
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(intermediateCerts), "BC");
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
PKIXCertPathBuilderResult result =
(PKIXCertPathBuilderResult) builder.build(pkixParams);
return result;
}
示例10: baseTest
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void baseTest()
throws Exception
{
CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC");
// initialise CertStore
X509Certificate rootCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.rootCertBin));
X509Certificate interCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.interCertBin));
X509Certificate finalCert = (X509Certificate)cf.generateCertificate(new ByteArrayInputStream(CertPathTest.finalCertBin));
X509CRL rootCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.rootCrlBin));
X509CRL interCrl = (X509CRL)cf.generateCRL(new ByteArrayInputStream(CertPathTest.interCrlBin));
List list = new ArrayList();
list.add(rootCert);
list.add(interCert);
list.add(finalCert);
list.add(rootCrl);
list.add(interCrl);
CollectionCertStoreParameters ccsp = new CollectionCertStoreParameters(list);
CertStore store = CertStore.getInstance("Collection", ccsp, "BC");
Calendar validDate = Calendar.getInstance();
validDate.set(2008,8,4,14,49,10);
//Searching for rootCert by subjectDN without CRL
Set trust = new HashSet();
trust.add(new TrustAnchor(rootCert, null));
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX","BC");
X509CertSelector targetConstraints = new X509CertSelector();
targetConstraints.setSubject(finalCert.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters params = new PKIXBuilderParameters(trust, targetConstraints);
params.addCertStore(store);
params.setDate(validDate.getTime());
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) cpb.build(params);
CertPath path = result.getCertPath();
if (path.getCertificates().size() != 2)
{
fail("wrong number of certs in baseTest path");
}
}
示例11: verifyCertificate
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Attempts to build a certification chain for given certificate to verify
* it. Relies on a set of root CA certificates (trust anchors) and a set of
* intermediate certificates (to be used as part of the chain).
*/
private PKIXCertPathBuilderResult verifyCertificate(X509Certificate certificate, Set<X509Certificate> trustedRootCerts, Set<X509Certificate> intermediateCerts)
throws GeneralSecurityException {
// Create the selector that specifies the starting certificate
X509CertSelector selector = new X509CertSelector();
selector.setBasicConstraints(-2);
selector.setCertificate(certificate);
// Create the trust anchors (set of root CA certificates)
Set<TrustAnchor> trustAnchors = new HashSet<TrustAnchor>();
for (X509Certificate trustedRootCert : trustedRootCerts) {
trustAnchors.add(new TrustAnchor(trustedRootCert, null));
}
// Configure the PKIX certificate builder algorithm parameters
PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustAnchors, selector);
// Turn off default revocation-checking mechanism
pkixParams.setRevocationEnabled(false);
// Specify a list of intermediate certificates
CertStore intermediateCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(intermediateCerts));
pkixParams.addCertStore(intermediateCertStore);
// Build and verify the certification chain
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathBuilderResult certPathBuilderResult = (PKIXCertPathBuilderResult) builder.build(pkixParams);
// Additional check to Verify cert path
CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX", BouncyCastleProvider.PROVIDER_NAME);
PKIXCertPathValidatorResult certPathValidationResult = (PKIXCertPathValidatorResult) certPathValidator.validate(certPathBuilderResult.getCertPath(), pkixParams);
return certPathBuilderResult;
}
示例12: buildPath
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Build a path using the given root as the trust anchor, and the passed
* in end constraints and certificate store.
* <p>
* Note: the path is built with revocation checking turned off.
*/
private static PKIXCertPathBuilderResult buildPath(X509Certificate rootCert,
X509CertSelector endConstraints,
CertStore certsAndCRLs)
throws Exception
{
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(
Collections.singleton(new TrustAnchor(rootCert, null)), endConstraints);
buildParams.addCertStore(certsAndCRLs);
buildParams.setRevocationEnabled(false);
return (PKIXCertPathBuilderResult)builder.build(buildParams);
}
示例13: verifyTrustChain
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
/**
* Verify that a chain of trust can be established for a certificate or chain of certificates.
* <p>
* The chain must begin with the end-entity certificate at index 0 followed by the remaining certificates in the
* chain, if any, in the correct order.
* <p>
* If the end-entity certificate is present in the {@code trustedCertificates} set then trust is immediately
* verified. Otherwise, an attempt to build a path to a trusted anchor is made using the provided
* {@code issuerCertificates} as the anchors.
*
* @param certificateChain the certificate chain to verify.
* @param trustedCertificates the set of known-trusted certificates.
* @param issuerCertificates the set of CA certificates to use as trust anchors.
* @param issuerCrls the set of {@link X509CRL}s, if any, to use while verifying trust.
* @throws UaException if a chain of trust could not be established.
*/
public static void verifyTrustChain(
List<X509Certificate> certificateChain,
Set<X509Certificate> trustedCertificates,
Set<X509Certificate> issuerCertificates,
Set<X509CRL> issuerCrls) throws UaException {
Preconditions.checkArgument(!certificateChain.isEmpty(), "certificateChain must not be empty");
X509Certificate certificate = certificateChain.get(0);
boolean certificateTrusted = trustedCertificates.stream()
.anyMatch(c -> Arrays.equals(certificate.getSignature(), c.getSignature()));
if (certificateTrusted) {
LOGGER.debug("Found certificate in trusted certificates: {}", certificate);
return;
}
try {
Set<TrustAnchor> trustAnchors = new HashSet<>();
issuerCertificates.forEach(ca -> trustAnchors.add(new TrustAnchor(ca, null)));
X509CertSelector selector = new X509CertSelector();
selector.setCertificate(certificate);
PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);
// Add a CertStore containing any intermediate certs and CRLs
if (certificateChain.size() > 0 || issuerCrls.size() > 0) {
Collection<Object> collection = Lists.newArrayList();
collection.addAll(certificateChain);
collection.addAll(issuerCrls);
CertStore certStore = CertStore.getInstance(
"Collection",
new CollectionCertStoreParameters(collection)
);
params.addCertStore(certStore);
}
// Only enable revocation checking if the CRL list is non-empty
params.setRevocationEnabled(!issuerCrls.isEmpty());
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX");
// Set up revocation options regardless of whether it's actually enabled
CertPathChecker revocationChecker = builder.getRevocationChecker();
if (revocationChecker instanceof PKIXRevocationChecker) {
((PKIXRevocationChecker) revocationChecker).setOptions(Sets.newHashSet(
PKIXRevocationChecker.Option.NO_FALLBACK,
PKIXRevocationChecker.Option.PREFER_CRLS,
PKIXRevocationChecker.Option.SOFT_FAIL
));
}
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(params);
LOGGER.debug("Validated certificate chain: {}", result.getCertPath());
} catch (Throwable t) {
LOGGER.debug("PKIX path validation failed: {}", t.getMessage());
throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
}
}
示例14: v0Test
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void v0Test()
throws Exception
{
// create certificates and CRLs
KeyPair rootPair = TestUtils.generateRSAKeyPair();
KeyPair interPair = TestUtils.generateRSAKeyPair();
KeyPair endPair = TestUtils.generateRSAKeyPair();
X509Certificate rootCert = TestUtils.generateRootCert(rootPair);
X509Certificate interCert = TestUtils.generateIntermediateCert(interPair.getPublic(), rootPair.getPrivate(), rootCert);
X509Certificate endCert = TestUtils.generateEndEntityCert(endPair.getPublic(), interPair.getPrivate(), interCert);
BigInteger revokedSerialNumber = BigInteger.valueOf(2);
X509CRL rootCRL = TestUtils.createCRL(rootCert, rootPair.getPrivate(), revokedSerialNumber);
X509CRL interCRL = TestUtils.createCRL(interCert, interPair.getPrivate(), revokedSerialNumber);
// create CertStore to support path building
List list = new ArrayList();
list.add(rootCert);
list.add(interCert);
list.add(endCert);
list.add(rootCRL);
list.add(interCRL);
CollectionCertStoreParameters params = new CollectionCertStoreParameters(list);
CertStore store = CertStore.getInstance("Collection", params);
// build the path
CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");
X509CertSelector pathConstraints = new X509CertSelector();
pathConstraints.setSubject(endCert.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters buildParams = new PKIXBuilderParameters(Collections.singleton(new TrustAnchor(rootCert, null)), pathConstraints);
buildParams.addCertStore(store);
buildParams.setDate(new Date());
PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult)builder.build(buildParams);
CertPath path = result.getCertPath();
if (path.getCertificates().size() != 2)
{
fail("wrong number of certs in v0Test path");
}
}
示例15: test
import java.security.cert.CertPathBuilder; //導入方法依賴的package包/類
private void test(String _name, String[] _data, Set _ipolset,
boolean _explicit, boolean _accept, boolean _debug)
{
testCount++;
boolean _pass = true;
try
{
CertPathBuilder _cpb = CertPathBuilder.getInstance("PKIX", "BC");
X509Certificate _ee = decodeCertificate(_data[_data.length - 1]);
X509CertSelector _select = new X509CertSelector();
_select.setSubject(_ee.getSubjectX500Principal().getEncoded());
PKIXBuilderParameters _param = new PKIXBuilderParameters(
trustedSet, _select);
_param.setExplicitPolicyRequired(_explicit);
_param.addCertStore(makeCertStore(_data));
_param.setRevocationEnabled(true);
if (_ipolset != null)
{
_param.setInitialPolicies(_ipolset);
}
CertPathBuilderResult _result = _cpb.build(_param);
if (!_accept)
{
System.out.println("Accept when it should reject");
_pass = false;
testFail.addElement(_name);
}
}
catch (Exception ex)
{
if (_accept)
{
System.out.println("Reject when it should accept");
_pass = false;
testFail.addElement(_name);
}
}
resultBuf.append("NISTCertPathTest -- ").append(_name).append(": ")
.append(_pass ? "\n" : "Failed.\n");
}