當前位置: 首頁>>代碼示例>>Java>>正文


Java PKIXBuilderParameters.setMaxPathLength方法代碼示例

本文整理匯總了Java中java.security.cert.PKIXBuilderParameters.setMaxPathLength方法的典型用法代碼示例。如果您正苦於以下問題:Java PKIXBuilderParameters.setMaxPathLength方法的具體用法?Java PKIXBuilderParameters.setMaxPathLength怎麽用?Java PKIXBuilderParameters.setMaxPathLength使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在java.security.cert.PKIXBuilderParameters的用法示例。


在下文中一共展示了PKIXBuilderParameters.setMaxPathLength方法的14個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: getParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        xparams.setMaxPathLength(listener.getSslTrustMaxCertLength());

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
開發者ID:lamsfoundation,項目名稱:lams,代碼行數:31,代碼來源:JSSESocketFactory.java

示例2: getParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Return the initialization parameters for the TrustManager. Currently,
 * only the default <code>PKIX</code> is supported.
 *
 * @param algorithm
 *            The algorithm to get parameters for.
 * @param crlf
 *            The path to the CRL file.
 * @param trustStore
 *            The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception {
	CertPathParameters params = null;
	if ("PKIX".equalsIgnoreCase(algorithm)) {
		PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, new X509CertSelector());
		Collection<? extends CRL> crls = getCRLs(crlf);
		CertStoreParameters csp = new CollectionCertStoreParameters(crls);
		CertStore store = CertStore.getInstance("Collection", csp);
		xparams.addCertStore(store);
		xparams.setRevocationEnabled(true);
		String trustLength = endpoint.getTrustMaxCertLength();
		if (trustLength != null) {
			try {
				xparams.setMaxPathLength(Integer.parseInt(trustLength));
			} catch (Exception ex) {
				log.warn("Bad maxCertLength: " + trustLength);
			}
		}

		params = xparams;
	} else {
		throw new CRLException("CRLs not supported for type: " + algorithm);
	}
	return params;
}
 
開發者ID:how2j,項目名稱:lazycat,代碼行數:37,代碼來源:JSSESocketFactory.java

示例3: testSetMaxPathLength01

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Test #1 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: sets the maximum number of non-self-signed certificates
 * in the cert path
 * @throws KeyStoreException
 * @throws InvalidAlgorithmParameterException
 */
public final void testSetMaxPathLength01()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    // all these VALID maxPathLength values must be
    // set (and get) without exceptions
    int[] testPathLength = new int[] {-1, 0, 1, 999, Integer.MAX_VALUE};
    for (int i=0; i<testPathLength.length; i++) {
        PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);
        p.setMaxPathLength(testPathLength[i]);
        assertEquals("i="+i, testPathLength[i], p.getMaxPathLength());
    }
}
 
開發者ID:shannah,項目名稱:cn1,代碼行數:24,代碼來源:PKIXBuilderParameters_ImplTest.java

示例4: testSetMaxPathLength02

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Test #2 for <code>setMaxPathLength(int)</code> method<br>
 * Assertion: throws InvalidParameterException if parameter is
 * less than -1
 * @throws InvalidAlgorithmParameterException
 * @throws KeyStoreException
 */
public final void testSetMaxPathLength02()
    throws KeyStoreException,
           InvalidAlgorithmParameterException {
    KeyStore ks = TestUtils.getKeyStore(true, TestUtils.TRUSTED);
    if (ks == null) {
        fail(getName() + ": not performed (could not create test KeyStore)");
    }
    PKIXBuilderParameters p = new PKIXBuilderParameters(ks, null);

    try {
        // pass parameter less than -1
        p.setMaxPathLength(Integer.MIN_VALUE);
        fail("InvalidParameterException expected");
    } catch (InvalidParameterException e) {
    }
}
 
開發者ID:shannah,項目名稱:cn1,代碼行數:24,代碼來源:PKIXBuilderParameters_ImplTest.java

示例5: getParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 *
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm,
                                            String crlf,
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
開發者ID:liaokailin,項目名稱:tomcat7,代碼行數:38,代碼來源:JSSESocketFactory.java

示例6: getParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams = new PKIXBuilderParameters(trustStore, 
                                                                 new X509CertSelector());
        Collection crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = (String)attributes.get("trustMaxCertLength");
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
開發者ID:lamsfoundation,項目名稱:lams,代碼行數:38,代碼來源:JSSESocketFactory.java

示例7: testGetMaxPathLength

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Test for <code>getMaxPathLength()</code>
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "getMaxPathLength",
    args = {}
)
public final void testGetMaxPathLength() throws Exception {
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    keyTest.load(null, null);

    ByteArrayInputStream certArray = new ByteArrayInputStream(certificate
            .getBytes());

    ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2
            .getBytes());
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);

    keyTest.setCertificateEntry("alias1", cert[0]);
    keyTest.setCertificateEntry("alias2", cert[0]);
    keyTest.setCertificateEntry("alias3", cert[1]);

    PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest,
            new X509CertSelector());
    assertEquals(5, p.getMaxPathLength());
    p.setMaxPathLength(10);
    assertEquals(10, p.getMaxPathLength());
}
 
開發者ID:keplersj,項目名稱:In-the-Box-Fork,代碼行數:34,代碼來源:PKIXBuilderParametersTest.java

示例8: getParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Return the initialization parameters for the TrustManager.
 * Currently, only the default <code>PKIX</code> is supported.
 * 
 * @param algorithm The algorithm to get parameters for.
 * @param crlf The path to the CRL file.
 * @param trustStore The configured TrustStore.
 * @return The parameters including the CRLs and TrustStore.
 */
protected CertPathParameters getParameters(String algorithm, 
                                            String crlf, 
                                            KeyStore trustStore)
    throws Exception {
    CertPathParameters params = null;
    if("PKIX".equalsIgnoreCase(algorithm)) {
        PKIXBuilderParameters xparams =
            new PKIXBuilderParameters(trustStore, new X509CertSelector());
        Collection<? extends CRL> crls = getCRLs(crlf);
        CertStoreParameters csp = new CollectionCertStoreParameters(crls);
        CertStore store = CertStore.getInstance("Collection", csp);
        xparams.addCertStore(store);
        xparams.setRevocationEnabled(true);
        String trustLength = endpoint.getTrustMaxCertLength();
        if(trustLength != null) {
            try {
                xparams.setMaxPathLength(Integer.parseInt(trustLength));
            } catch(Exception ex) {
                log.warn("Bad maxCertLength: "+trustLength);
            }
        }

        params = xparams;
    } else {
        throw new CRLException("CRLs not supported for type: "+algorithm);
    }
    return params;
}
 
開發者ID:WhiteBearSolutions,項目名稱:WBSAirback,代碼行數:38,代碼來源:JSSESocketFactory.java

示例9: getPKIXBuilderParameters

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Creates the set of PKIX builder parameters to use when building the cert path builder.
 * 
 * @param validationInfo PKIX validation information
 * @param untrustedCredential credential to be validated
 * 
 * @return PKIX builder params
 * 
 * @throws GeneralSecurityException thrown if the parameters can not be created
 */
protected PKIXBuilderParameters getPKIXBuilderParameters(PKIXValidationInformation validationInfo,
        X509Credential untrustedCredential) throws GeneralSecurityException {
    Set<TrustAnchor> trustAnchors = getTrustAnchors(validationInfo);
    if (trustAnchors == null || trustAnchors.isEmpty()) {
        throw new GeneralSecurityException(
                "Unable to validate X509 certificate, no trust anchors found in the PKIX validation information");
    }

    X509CertSelector selector = new X509CertSelector();
    selector.setCertificate(untrustedCredential.getEntityCertificate());

    log.trace("Adding trust anchors to PKIX validator parameters");
    PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, selector);

    Integer effectiveVerifyDepth = getEffectiveVerificationDepth(validationInfo);
    log.trace("Setting max verification depth to: {} ", effectiveVerifyDepth);
    params.setMaxPathLength(effectiveVerifyDepth);

    CertStore certStore = buildCertStore(validationInfo, untrustedCredential);
    params.addCertStore(certStore);

    boolean isForceRevocationEnabled = false;
    boolean forcedRevocation = false;
    boolean policyMappingInhibited = false;
    boolean anyPolicyInhibited = false;
    Set<String> initialPolicies = null;
    if (options instanceof CertPathPKIXValidationOptions) {
       CertPathPKIXValidationOptions certpathOptions = (CertPathPKIXValidationOptions) options;
       isForceRevocationEnabled = certpathOptions.isForceRevocationEnabled();
       forcedRevocation = certpathOptions.isRevocationEnabled();
       policyMappingInhibited = certpathOptions.isPolicyMappingInhibited();
       anyPolicyInhibited = certpathOptions.isAnyPolicyInhibited();
       initialPolicies = certpathOptions.getInitialPolicies();
    }
    
    if (isForceRevocationEnabled) {
        log.trace("PKIXBuilderParameters#setRevocationEnabled is being forced to: {}", forcedRevocation);
        params.setRevocationEnabled(forcedRevocation);
    } else {
        if (storeContainsCRLs(certStore)) {
            log.trace("At least one CRL was present in cert store, enabling revocation checking");
            params.setRevocationEnabled(true);
        } else {
            log.trace("No CRLs present in cert store, disabling revocation checking");
            params.setRevocationEnabled(false);
        }
    }

    params.setPolicyMappingInhibited(policyMappingInhibited);
    params.setAnyPolicyInhibited(anyPolicyInhibited);

    if (initialPolicies != null && !initialPolicies.isEmpty()) {
        log.debug("PKIXBuilderParameters#setInitialPolicies is being set to: {}", initialPolicies.toString());
        params.setInitialPolicies(initialPolicies);
        params.setExplicitPolicyRequired(true);
    }

    log.trace("PKIXBuilderParameters successfully created: {}", params.toString());

    return params;
}
 
開發者ID:lamsfoundation,項目名稱:lams,代碼行數:72,代碼來源:CertPathPKIXTrustEvaluator.java

示例10: validate

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
public void validate(Certificate[] certChain) throws CertificateException {
    try {
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (Certificate item : certChain) {
            if (item == null) continue;
            if (!(item instanceof X509Certificate)) {
                throw new IllegalStateException("Invalid certificate type in chain");
            }
            certList.add((X509Certificate)item);
        }

        if (certList.isEmpty()) {
            throw new IllegalStateException("Invalid certificate chain");
        }

        X509CertSelector certSelect = new X509CertSelector();
        certSelect.setCertificate(certList.get(0));
        
        // Configure certification path builder parameters
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore, certSelect);
        pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));

        // Set maximum certification path length
        pbParams.setMaxPathLength(maxCertPathLength);

        // Enable revocation checking
        pbParams.setRevocationEnabled(true);

        // Set static Certificate Revocation List
        if (crls != null && !crls.isEmpty()) {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)));
        }

        // Enable On-Line Certificate Status Protocol (OCSP) support
        if (enableOCSP) {
            Security.setProperty("ocsp.enable","true");
        }
        // Enable Certificate Revocation List Distribution Points (CRLDP) support
        if (enableCRLDP) {
            System.setProperty("com.sun.security.enableCRLDP","true");
        }

        // Build certification path
        CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);               
        
        // Validate certification path
        CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
    } catch (GeneralSecurityException gse) {
        logger.debug("", gse);
        throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
    }
}
 
開發者ID:nkasvosve,項目名稱:beyondj,代碼行數:53,代碼來源:CertificateValidator.java

示例11: validate

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
public void validate(Certificate[] certChain) throws CertificateException
{
    try
    {
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (Certificate item : certChain)
        {
            if (item == null)
                continue;

            if (!(item instanceof X509Certificate))
            {
                throw new IllegalStateException("Invalid certificate type in chain");
            }

            certList.add((X509Certificate)item);
        }

        if (certList.isEmpty())
        {
            throw new IllegalStateException("Invalid certificate chain");

        }

        X509CertSelector certSelect = new X509CertSelector();
        certSelect.setCertificate(certList.get(0));

        // Configure certification path builder parameters
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(_trustStore, certSelect);
        pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));

        // Set maximum certification path length
        pbParams.setMaxPathLength(_maxCertPathLength);

        // Enable revocation checking
        pbParams.setRevocationEnabled(true);

        // Set static Certificate Revocation List
        if (_crls != null && !_crls.isEmpty())
        {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(_crls)));
        }

        // Enable On-Line Certificate Status Protocol (OCSP) support
        if (_enableOCSP)
        {
            Security.setProperty("ocsp.enable","true");
        }
        // Enable Certificate Revocation List Distribution Points (CRLDP) support
        if (_enableCRLDP)
        {
            System.setProperty("com.sun.security.enableCRLDP","true");
        }

        // Build certification path
        CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);

        // Validate certification path
        CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
    }
    catch (GeneralSecurityException gse)
    {
        LOG.debug(gse);
        throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
    }
}
 
開發者ID:AdrianBZG,項目名稱:PhoneChat,代碼行數:67,代碼來源:CertificateValidator.java

示例12: validate

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
public void validate(Certificate[] certChain) throws CertificateException
{
    try
    {
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (Certificate item : certChain)
        {
            if (item == null)
                continue;
            
            if (!(item instanceof X509Certificate))
            {
                throw new IllegalStateException("Invalid certificate type in chain");
            }
            
            certList.add((X509Certificate)item);
        }

        if (certList.isEmpty())
        {
            throw new IllegalStateException("Invalid certificate chain");
            
        }

        X509CertSelector certSelect = new X509CertSelector();
        certSelect.setCertificate(certList.get(0));
        
        // Configure certification path builder parameters
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(_trustStore, certSelect);
        pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));

        // Set maximum certification path length
        pbParams.setMaxPathLength(_maxCertPathLength);

        // Enable revocation checking
        pbParams.setRevocationEnabled(true);

        // Set static Certificate Revocation List
        if (_crls != null && !_crls.isEmpty())
        {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(_crls)));
        }

        // Enable On-Line Certificate Status Protocol (OCSP) support
        if (_enableOCSP)
        {
            Security.setProperty("ocsp.enable","true");
        }
        // Enable Certificate Revocation List Distribution Points (CRLDP) support
        if (_enableCRLDP)
        {
            System.setProperty("com.sun.security.enableCRLDP","true");
        }

        // Build certification path
        CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);               
        
        // Validate certification path
        CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
    }
    catch (GeneralSecurityException gse)
    {
        LOG.debug(gse);
        throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
    }
}
 
開發者ID:itead,項目名稱:IoTgo_Android_App,代碼行數:67,代碼來源:CertificateValidator.java

示例13: testSetMaxPathLength

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
/**
 * Test for <code>setMaxPathLength()</code>
 */
@TestTargetNew(
    level = TestLevel.COMPLETE,
    notes = "",
    method = "setMaxPathLength",
    args = {int.class}
)
public final void testSetMaxPathLength() throws Exception {
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());
    keyTest.load(null, null);

    ByteArrayInputStream certArray = new ByteArrayInputStream(certificate
            .getBytes());

    ByteArrayInputStream certArray2 = new ByteArrayInputStream(certificate2
            .getBytes());
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);

    keyTest.setCertificateEntry("alias1", cert[0]);
    keyTest.setCertificateEntry("alias2", cert[0]);
    keyTest.setCertificateEntry("alias3", cert[1]);

    PKIXBuilderParameters p = new PKIXBuilderParameters(keyTest,
            new X509CertSelector());

    assertEquals(5, p.getMaxPathLength());
    p.setMaxPathLength(10);
    assertEquals(10, p.getMaxPathLength());
    p.setMaxPathLength(0);
    assertEquals(0, p.getMaxPathLength());
    p.setMaxPathLength(-1);
    assertEquals(-1, p.getMaxPathLength());

    int[] maxPathLength = {-2, -10, Integer.MIN_VALUE};
    for (int i = 0; i < maxPathLength.length; i++) {
        try {
            p.setMaxPathLength(maxPathLength[i]);
            fail("InvalidParameterException expected ");
        } catch (InvalidParameterException e) {
            // expected
        }
    }
}
 
開發者ID:keplersj,項目名稱:In-the-Box-Fork,代碼行數:49,代碼來源:PKIXBuilderParametersTest.java

示例14: validate

import java.security.cert.PKIXBuilderParameters; //導入方法依賴的package包/類
public void validate(Certificate[] certChain) throws CertificateException
{
    try
    {
        ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
        for (Certificate item : certChain)
        {
            if (item == null)
                continue;

            if (!(item instanceof X509Certificate))
            {
                throw new IllegalStateException("Invalid certificate type in chain");
            }

            certList.add((X509Certificate)item);
        }

        if (certList.isEmpty())
        {
            throw new IllegalStateException("Invalid certificate chain");
        }

        X509CertSelector certSelect = new X509CertSelector();
        certSelect.setCertificate(certList.get(0));

        // Configure certification path builder parameters
        PKIXBuilderParameters pbParams = new PKIXBuilderParameters(_trustStore, certSelect);
        pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList)));

        // Set maximum certification path length
        pbParams.setMaxPathLength(_maxCertPathLength);

        // Enable revocation checking
        pbParams.setRevocationEnabled(true);

        // Set static Certificate Revocation List
        if (_crls != null && !_crls.isEmpty())
        {
            pbParams.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(_crls)));
        }

        // Enable On-Line Certificate Status Protocol (OCSP) support
        if (_enableOCSP)
        {
            Security.setProperty("ocsp.enable","true");
        }
        // Enable Certificate Revocation List Distribution Points (CRLDP) support
        if (_enableCRLDP)
        {
            System.setProperty("com.sun.security.enableCRLDP","true");
        }

        // Build certification path
        CertPathBuilderResult buildResult = CertPathBuilder.getInstance("PKIX").build(pbParams);               

        // Validate certification path
        CertPathValidator.getInstance("PKIX").validate(buildResult.getCertPath(),pbParams);
    }
    catch (GeneralSecurityException gse)
    {
        LOG.debug(gse);
        throw new CertificateException("Unable to validate certificate: " + gse.getMessage(), gse);
    }
}
 
開發者ID:knowledgecode,項目名稱:jetty-websocket-android,代碼行數:66,代碼來源:CertificateValidator.java


注:本文中的java.security.cert.PKIXBuilderParameters.setMaxPathLength方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。