下面列出了java.security.cert.CertPath#getCertificates() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
protected static void prepareNextCertN(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (n)
//
boolean[] _usage = cert.getKeyUsage();
if ((_usage != null) && !_usage[RFC3280CertPathUtilities.KEY_CERT_SIGN])
{
throw new ExtCertPathValidatorException(
"Issuer certificate keyusage extension is critical and does not permit key signing.", null,
certPath, index);
}
}
protected static int prepareNextCertH3(
CertPath certPath,
int index,
int inhibitAnyPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
{
return inhibitAnyPolicy - 1;
}
}
return inhibitAnyPolicy;
}
private static X509Certificate[] loadCertificatesPkiPath(InputStream is) throws CryptoException {
try {
CertificateFactory cf = CertificateFactory.getInstance(X509_CERT_TYPE, BOUNCY_CASTLE.jce());
CertPath certPath = cf.generateCertPath(is, PKI_PATH_ENCODING);
List<? extends Certificate> certs = certPath.getCertificates();
ArrayList<X509Certificate> loadedCerts = new ArrayList<>();
for (Iterator<? extends Certificate> itr = certs.iterator(); itr.hasNext();) {
X509Certificate cert = (X509Certificate) itr.next();
if (cert != null) {
loadedCerts.add(cert);
}
}
return loadedCerts.toArray(new X509Certificate[loadedCerts.size()]);
} catch (CertificateException | NoSuchProviderException e) {
throw new CryptoException(res.getString("NoLoadPkiPath.exception.message"), e);
} finally {
IOUtils.closeQuietly(is);
}
}
protected static int prepareNextCertH2(
CertPath certPath,
int index,
int policyMapping)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (2)
//
if (policyMapping != 0)
{
return policyMapping - 1;
}
}
return policyMapping;
}
protected static int prepareNextCertH3(
CertPath certPath,
int index,
int inhibitAnyPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (3)
//
if (inhibitAnyPolicy != 0)
{
return inhibitAnyPolicy - 1;
}
}
return inhibitAnyPolicy;
}
protected static int prepareNextCertH1(
CertPath certPath,
int index,
int explicitPolicy)
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (h)
//
if (!CertPathValidatorUtilities.isSelfIssued(cert))
{
//
// (1)
//
if (explicitPolicy != 0)
{
return explicitPolicy - 1;
}
}
return explicitPolicy;
}
protected static void wrapupCertF(
CertPath certPath,
int index,
List pathCheckers,
Set criticalExtensions)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
Iterator tmpIter;
tmpIter = pathCheckers.iterator();
while (tmpIter.hasNext())
{
try
{
((PKIXCertPathChecker)tmpIter.next()).check(cert, criticalExtensions);
}
catch (CertPathValidatorException e)
{
throw new ExtCertPathValidatorException("Additional certificate path checker failed.", e, certPath,
index);
}
}
if (!criticalExtensions.isEmpty())
{
throw new ExtCertPathValidatorException("Certificate has unsupported critical extension: " + criticalExtensions, null, certPath,
index);
}
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
/**
* {@inheritDoc}
*/
@Override
public void serialize(CertPath value, JsonGenerator gen, SerializerProvider provider) throws IOException {
try {
gen.writeStartArray();
for (Certificate certificate : value.getCertificates()) {
gen.writeBinary(certificate.getEncoded());
}
gen.writeEndArray();
} catch (CertificateEncodingException e) {
throw new UnexpectedCheckedException(e);
}
}
protected static void prepareNextCertK(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (k)
//
BasicConstraints bc = null;
try
{
bc = BasicConstraints.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.BASIC_CONSTRAINTS));
}
catch (Exception e)
{
throw new ExtCertPathValidatorException("Basic constraints extension cannot be decoded.", e, certPath,
index);
}
if (bc != null)
{
if (!(bc.isCA()))
{
throw new CertPathValidatorException("Not a CA certificate");
}
}
else
{
throw new CertPathValidatorException("Intermediate certificate lacks BasicConstraints");
}
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
protected static PKIXPolicyNode processCertE(
CertPath certPath,
int index,
PKIXPolicyNode validPolicyTree)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
// (e)
//
ASN1Sequence certPolicies = null;
try
{
certPolicies = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.CERTIFICATE_POLICIES));
}
catch (AnnotatedException e)
{
throw new ExtCertPathValidatorException("Could not read certificate policies extension from certificate.",
e, certPath, index);
}
if (certPolicies == null)
{
validPolicyTree = null;
}
return validPolicyTree;
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
public static void main(String[] args) throws Exception {
// reset the security property to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
X509Certificate rootCert = CertUtils.getCertFromFile("anchor.cer");
TrustAnchor anchor = new TrustAnchor
(rootCert.getSubjectX500Principal(), rootCert.getPublicKey(), null);
X509CertSelector sel = new X509CertSelector();
sel.setBasicConstraints(-2);
PKIXBuilderParameters params = new PKIXBuilderParameters
(Collections.singleton(anchor), sel);
params.setRevocationEnabled(false);
X509Certificate eeCert = CertUtils.getCertFromFile("ee.cer");
X509Certificate caCert = CertUtils.getCertFromFile("ca.cer");
ArrayList<X509Certificate> certs = new ArrayList<X509Certificate>();
certs.add(caCert);
certs.add(eeCert);
CollectionCertStoreParameters ccsp =
new CollectionCertStoreParameters(certs);
CertStore cs = CertStore.getInstance("Collection", ccsp);
params.addCertStore(cs);
PKIXCertPathBuilderResult res = CertUtils.build(params);
CertPath cp = res.getCertPath();
// check that first certificate is an EE cert
List<? extends Certificate> certList = cp.getCertificates();
X509Certificate cert = (X509Certificate) certList.get(0);
if (cert.getBasicConstraints() != -1) {
throw new Exception("Target certificate is not an EE certificate");
}
}
/**
* Test for <code>generateCertPath(List certificates)</code> method
* Assertion: returns empty CertPath if certificates is empty
*/
public void testCertificateFactory15() throws CertificateException {
if (!X509Support) {
fail(NotSupportMsg);
return;
}
CertificateFactory[] certFs = initCertFs();
assertNotNull("CertificateFactory objects were not created", certFs);
List<Certificate> list = new Vector<Certificate>();
for (int i = 0; i < certFs.length; i++) {
CertPath cp = certFs[i].generateCertPath(list);
List<? extends Certificate> list1 = cp.getCertificates();
assertTrue("List should be empty", list1.isEmpty());
}
}
/**
* Initializes the PKIXCertPathReviewer with the given {@link CertPath} and {@link PKIXParameters} params
* @param certPath the {@link CertPath} to validate
* @param params the {@link PKIXParameters} to use
* @throws CertPathReviewerException if the certPath is empty
* @throws IllegalStateException if the {@link PKIXCertPathReviewer} is already initialized
*/
public void init(CertPath certPath, PKIXParameters params)
throws CertPathReviewerException
{
if (initialized)
{
throw new IllegalStateException("object is already initialized!");
}
initialized = true;
// check input parameters
if (certPath == null)
{
throw new NullPointerException("certPath was null");
}
this.certPath = certPath;
certs = certPath.getCertificates();
n = certs.size();
if (certs.isEmpty())
{
throw new CertPathReviewerException(
new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.emptyCertPath"));
}
pkixParams = (PKIXParameters) params.clone();
// 6.1.1 - Inputs
// a) done
// b)
validDate = getValidDate(pkixParams);
// c) part of pkixParams
// d) done at the beginning of checkSignatures
// e) f) g) part of pkixParams
// initialize output parameters
notifications = null;
errors = null;
trustAnchor = null;
subjectPublicKey = null;
policyTree = null;
}
protected static void prepareNextCertA(
CertPath certPath,
int index)
throws CertPathValidatorException
{
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate)certs.get(index);
//
//
// (a) check the policy mappings
//
ASN1Sequence pm = null;
try
{
pm = DERSequence.getInstance(CertPathValidatorUtilities.getExtensionValue(cert,
RFC3280CertPathUtilities.POLICY_MAPPINGS));
}
catch (AnnotatedException ex)
{
throw new ExtCertPathValidatorException("Policy mappings extension could not be decoded.", ex, certPath,
index);
}
if (pm != null)
{
ASN1Sequence mappings = pm;
for (int j = 0; j < mappings.size(); j++)
{
ASN1ObjectIdentifier issuerDomainPolicy = null;
ASN1ObjectIdentifier subjectDomainPolicy = null;
try
{
ASN1Sequence mapping = DERSequence.getInstance(mappings.getObjectAt(j));
issuerDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(0));
subjectDomainPolicy = ASN1ObjectIdentifier.getInstance(mapping.getObjectAt(1));
}
catch (Exception e)
{
throw new ExtCertPathValidatorException("Policy mappings extension contents could not be decoded.",
e, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(issuerDomainPolicy.getId()))
{
throw new CertPathValidatorException("IssuerDomainPolicy is anyPolicy", null, certPath, index);
}
if (RFC3280CertPathUtilities.ANY_POLICY.equals(subjectDomainPolicy.getId()))
{
throw new CertPathValidatorException("SubjectDomainPolicy is anyPolicy,", null, certPath, index);
}
}
}
}