下面列出了怎么用java.security.cert.CertStoreException的API类实例代码及写法,或者点击链接到github查看源代码。
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
public Collection engineGetCertificates(CertSelector certSelector)
throws CertStoreException
{
boolean searchAllStores = params.getSearchAllStores();
Iterator iter = params.getCertStores().iterator();
List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
while (iter.hasNext())
{
CertStore store = (CertStore)iter.next();
Collection certs = store.getCertificates(certSelector);
if (searchAllStores)
{
allCerts.addAll(certs);
}
else if (!certs.isEmpty())
{
return certs;
}
}
return allCerts;
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ReverseState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts
(State currState, List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
ReverseState currentState = (ReverseState) currState;
if (debug != null)
debug.println("In ReverseBuilder.getMatchingCerts.");
/*
* The last certificate could be an EE or a CA certificate
* (we may be building a partial certification path or
* establishing trust in a CA).
*
* Try the EE certs before the CA certs. It will be more
* common to build a path to an end entity.
*/
Collection<X509Certificate> certs =
getMatchingEECerts(currentState, certStores);
certs.addAll(getMatchingCACerts(currentState, certStores));
return certs;
}
public static Collection<? extends CRL> getCRLs(final PKIXCRLStoreSelector selector, CertStore certStore)
throws CertStoreException
{
return certStore.getCRLs(new CRLSelector()
{
public boolean match(CRL crl)
{
return selector.match(crl);
}
public Object clone()
{
return this;
}
});
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ReverseState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts
(State currState, List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
ReverseState currentState = (ReverseState) currState;
if (debug != null)
debug.println("In ReverseBuilder.getMatchingCerts.");
/*
* The last certificate could be an EE or a CA certificate
* (we may be building a partial certification path or
* establishing trust in a CA).
*
* Try the EE certs before the CA certs. It will be more
* common to build a path to an end entity.
*/
Collection<X509Certificate> certs =
getMatchingEECerts(currentState, certStores);
certs.addAll(getMatchingCACerts(currentState, certStores));
return certs;
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
/**
* Determine whether there are any CRL's in the {@link CertStore} that is to be used.
*
* @param certStore the cert store that will be used for validation
* @return true if the store contains at least 1 CRL instance, false otherwise
*/
protected boolean storeContainsCRLs(CertStore certStore) {
Collection<? extends CRL> crls = null;
try {
//Save some cycles and memory: Collection cert store allows null as specifier to return all.
//crls = certStore.getCRLs( new X509CRLSelector() );
crls = certStore.getCRLs(null);
} catch (CertStoreException e) {
log.error("Error examining cert store for CRL's, treating as if no CRL's present", e);
return false;
}
if (crls != null && !crls.isEmpty()) {
return true;
}
return false;
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
private void updateSslContext() {
try {
CertificateValidationContext localCertValidationContext = mergeStaticAndDynamicCertContexts();
SslContextBuilder sslContextBuilder = getSslContextBuilder(localCertValidationContext);
CommonTlsContext commonTlsContext = getCommonTlsContext();
if (commonTlsContext != null && commonTlsContext.getAlpnProtocolsCount() > 0) {
List<String> alpnList = commonTlsContext.getAlpnProtocolsList();
ApplicationProtocolConfig apn = new ApplicationProtocolConfig(
ApplicationProtocolConfig.Protocol.ALPN,
ApplicationProtocolConfig.SelectorFailureBehavior.NO_ADVERTISE,
ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT,
alpnList);
sslContextBuilder.applicationProtocolConfig(apn);
}
SslContext sslContextCopy = sslContextBuilder.build();
sslContext = sslContextCopy;
makePendingCallbacks(sslContextCopy);
} catch (CertificateException | IOException | CertStoreException e) {
logger.log(Level.SEVERE, "exception in updateSslContext", e);
}
}
public static Collection<? extends CRL> getCRLs(final PKIXCRLStoreSelector selector, CertStore certStore)
throws CertStoreException
{
return certStore.getCRLs(new CRLSelector()
{
public boolean match(CRL crl)
{
return selector.match(crl);
}
public Object clone()
{
return this;
}
});
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
// case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
public Collection engineGetCRLs(CRLSelector crlSelector)
throws CertStoreException
{
boolean searchAllStores = params.getSearchAllStores();
Iterator iter = params.getCertStores().iterator();
List allCRLs = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
while (iter.hasNext())
{
CertStore store = (CertStore)iter.next();
Collection crls = store.getCRLs(crlSelector);
if (searchAllStores)
{
allCRLs.addAll(crls);
}
else if (!crls.isEmpty())
{
return crls;
}
}
return allCRLs;
}
static boolean isCausedByNetworkIssue(String type, CertStoreException cse) {
switch (type) {
case "LDAP":
case "SSLServer":
try {
CertStoreHelper csh = CertStoreHelper.getInstance(type);
return csh.isCausedByNetworkIssue(cse);
} catch (NoSuchAlgorithmException nsae) {
return false;
}
case "URI":
Throwable t = cse.getCause();
return (t != null && t instanceof IOException);
default:
// we don't know about any other remote CertStore types
return false;
}
}
public Collection engineGetCRLs(CRLSelector crlSelector)
throws CertStoreException
{
boolean searchAllStores = params.getSearchAllStores();
Iterator iter = params.getCertStores().iterator();
List allCRLs = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
while (iter.hasNext())
{
CertStore store = (CertStore)iter.next();
Collection crls = store.getCRLs(crlSelector);
if (searchAllStores)
{
allCRLs.addAll(crls);
}
else if (!crls.isEmpty())
{
return crls;
}
}
return allCRLs;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ReverseState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts
(State currState, List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
ReverseState currentState = (ReverseState) currState;
if (debug != null)
debug.println("In ReverseBuilder.getMatchingCerts.");
/*
* The last certificate could be an EE or a CA certificate
* (we may be building a partial certification path or
* establishing trust in a CA).
*
* Try the EE certs before the CA certs. It will be more
* common to build a path to an end entity.
*/
Collection<X509Certificate> certs =
getMatchingEECerts(currentState, certStores);
certs.addAll(getMatchingCACerts(currentState, certStores));
return certs;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ForwardState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts(State currentState,
List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
if (debug != null) {
debug.println("ForwardBuilder.getMatchingCerts()...");
}
ForwardState currState = (ForwardState) currentState;
/*
* We store certs in a Set because we don't want duplicates.
* As each cert is added, it is sorted based on the PKIXCertComparator
* algorithm.
*/
Set<X509Certificate> certs = new TreeSet<>(comparator);
/*
* Only look for EE certs if search has just started.
*/
if (currState.isInitial()) {
getMatchingEECerts(currState, certStores, certs);
}
getMatchingCACerts(currState, certStores, certs);
return certs;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ForwardState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts(State currentState,
List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
if (debug != null) {
debug.println("ForwardBuilder.getMatchingCerts()...");
}
ForwardState currState = (ForwardState) currentState;
/*
* We store certs in a Set because we don't want duplicates.
* As each cert is added, it is sorted based on the PKIXCertComparator
* algorithm.
*/
Comparator<X509Certificate> comparator =
new PKIXCertComparator(trustedSubjectDNs, currState.cert);
Set<X509Certificate> certs = new TreeSet<>(comparator);
/*
* Only look for EE certs if search has just started.
*/
if (currState.isInitial()) {
getMatchingEECerts(currState, certStores, certs);
}
getMatchingCACerts(currState, certStores, certs);
return certs;
}
/**
* Download Certificates from the given AIA and add them to the
* specified Collection.
*/
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
Collection<X509Certificate> certs)
{
if (Builder.USE_AIA == false) {
return false;
}
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
if (adList == null || adList.isEmpty()) {
return false;
}
boolean add = false;
for (AccessDescription ad : adList) {
CertStore cs = URICertStore.getInstance(ad);
if (cs != null) {
try {
if (certs.addAll((Collection<X509Certificate>)
cs.getCertificates(caSelector))) {
add = true;
if (!searchAllCertStores) {
return true;
}
}
} catch (CertStoreException cse) {
if (debug != null) {
debug.println("exception getting certs from CertStore:");
cse.printStackTrace();
}
}
}
}
return add;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ForwardState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts(State currentState,
List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
if (debug != null) {
debug.println("ForwardBuilder.getMatchingCerts()...");
}
ForwardState currState = (ForwardState) currentState;
/*
* We store certs in a Set because we don't want duplicates.
* As each cert is added, it is sorted based on the PKIXCertComparator
* algorithm.
*/
Comparator<X509Certificate> comparator =
new PKIXCertComparator(trustedSubjectDNs, currState.cert);
Set<X509Certificate> certs = new TreeSet<>(comparator);
/*
* Only look for EE certs if search has just started.
*/
if (currState.isInitial()) {
getMatchingEECerts(currState, certStores, certs);
}
getMatchingCACerts(currState, certStores, certs);
return certs;
}
/**
* Download Certificates from the given AIA and add them to the
* specified Collection.
*/
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
Collection<X509Certificate> certs)
{
if (Builder.USE_AIA == false) {
return false;
}
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
if (adList == null || adList.isEmpty()) {
return false;
}
boolean add = false;
for (AccessDescription ad : adList) {
CertStore cs = URICertStore.getInstance(ad);
if (cs != null) {
try {
if (certs.addAll((Collection<X509Certificate>)
cs.getCertificates(caSelector))) {
add = true;
if (!searchAllCertStores) {
return true;
}
}
} catch (CertStoreException cse) {
if (debug != null) {
debug.println("exception getting certs from CertStore:");
cse.printStackTrace();
}
}
}
}
return add;
}
private static boolean match(X509CertSelector selector) throws TechnicalConnectorException {
try {
return !tsloStore.getCertificates(selector).isEmpty();
} catch (CertStoreException var2) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var2, new Object[]{"Unable to select certificates."});
}
}
private static boolean match(X509CertSelector selector) throws TechnicalConnectorException {
try {
return !tsloStore.getCertificates(selector).isEmpty();
} catch (CertStoreException var2) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var2, new Object[]{"Unable to select certificates."});
}
}
private SSLParameters buildTrustManagerAndGetSslParameters()
throws CertificateException, IOException, CertStoreException {
X509Certificate[] caCerts =
CertificateUtils.toX509Certificates(TestUtils.loadCert(CA_PEM_FILE));
trustManager = SdsTrustManagerFactory.createSdsX509TrustManager(caCerts,
null);
when(mockSession.getProtocol()).thenReturn("TLSv1.2");
when(mockSession.getPeerHost()).thenReturn("peer-host-from-mock");
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
return sslParams;
}
/**
* Download Certificates from the given AIA and add them to the
* specified Collection.
*/
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
Collection<X509Certificate> certs)
{
if (Builder.USE_AIA == false) {
return false;
}
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
if (adList == null || adList.isEmpty()) {
return false;
}
boolean add = false;
for (AccessDescription ad : adList) {
CertStore cs = URICertStore.getInstance(ad);
if (cs != null) {
try {
if (certs.addAll((Collection<X509Certificate>)
cs.getCertificates(caSelector))) {
add = true;
if (!searchAllCertStores) {
return true;
}
}
} catch (CertStoreException cse) {
if (debug != null) {
debug.println("exception getting certs from CertStore:");
cse.printStackTrace();
}
}
}
}
return add;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ForwardState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts(State currentState,
List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
if (debug != null) {
debug.println("ForwardBuilder.getMatchingCerts()...");
}
ForwardState currState = (ForwardState) currentState;
/*
* We store certs in a Set because we don't want duplicates.
* As each cert is added, it is sorted based on the PKIXCertComparator
* algorithm.
*/
Set<X509Certificate> certs = new TreeSet<>(comparator);
/*
* Only look for EE certs if search has just started.
*/
if (currState.isInitial()) {
getMatchingEECerts(currState, certStores, certs);
}
getMatchingCACerts(currState, certStores, certs);
return certs;
}
/**
* Retrieves all certs from the specified CertStores that satisfy the
* requirements specified in the parameters and the current
* PKIX state (name constraints, policy constraints, etc).
*
* @param currentState the current state.
* Must be an instance of <code>ForwardState</code>
* @param certStores list of CertStores
*/
@Override
Collection<X509Certificate> getMatchingCerts(State currentState,
List<CertStore> certStores)
throws CertStoreException, CertificateException, IOException
{
if (debug != null) {
debug.println("ForwardBuilder.getMatchingCerts()...");
}
ForwardState currState = (ForwardState) currentState;
/*
* We store certs in a Set because we don't want duplicates.
* As each cert is added, it is sorted based on the PKIXCertComparator
* algorithm.
*/
Comparator<X509Certificate> comparator =
new PKIXCertComparator(trustedSubjectDNs, currState.cert);
Set<X509Certificate> certs = new TreeSet<>(comparator);
/*
* Only look for EE certs if search has just started.
*/
if (currState.isInitial()) {
getMatchingEECerts(currState, certStores, certs);
}
getMatchingCACerts(currState, certStores, certs);
return certs;
}
/**
* Download Certificates from the given AIA and add them to the
* specified Collection.
*/
// cs.getCertificates(caSelector) returns a collection of X509Certificate's
// because of the selector, so the cast is safe
@SuppressWarnings("unchecked")
private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
Collection<X509Certificate> certs)
{
if (Builder.USE_AIA == false) {
return false;
}
List<AccessDescription> adList = aiaExt.getAccessDescriptions();
if (adList == null || adList.isEmpty()) {
return false;
}
boolean add = false;
for (AccessDescription ad : adList) {
CertStore cs = URICertStore.getInstance(ad);
if (cs != null) {
try {
if (certs.addAll((Collection<X509Certificate>)
cs.getCertificates(caSelector))) {
add = true;
if (!searchAllCertStores) {
return true;
}
}
} catch (CertStoreException cse) {
if (debug != null) {
debug.println("exception getting certs from CertStore:");
cse.printStackTrace();
}
}
}
}
return add;
}