下面列出了java.security.cert.X509CertSelector#setSerialNumber() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
public static void createPath(String[] certs) throws Exception {
TrustAnchor anchor = new TrustAnchor(getCertFromFile(certs[0]), null);
List list = new ArrayList();
for (int i = 1; i < certs.length; i++) {
list.add(0, getCertFromFile(certs[i]));
}
CertificateFactory cf = CertificateFactory.getInstance("X509");
path = cf.generateCertPath(list);
Set anchors = Collections.singleton(anchor);
params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
X509CertSelector sel = new X509CertSelector();
sel.setSerialNumber(new BigInteger("1427"));
params.setTargetCertConstraints(sel);
}
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
private void testSerialNumber() {
System.out.println("X.509 Certificate Match on serialNumber");
// bad match
X509CertSelector selector = new X509CertSelector();
selector.setSerialNumber(new BigInteger("999999999"));
checkMatch(selector, cert, false);
// good match
selector.setSerialNumber(cert.getSerialNumber());
checkMatch(selector, cert, true);
}
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
{
Collection trustColl = new ArrayList();
Iterator it = trustanchors.iterator();
X509CertSelector certSelectX509 = new X509CertSelector();
try
{
certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (ext != null)
{
ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(ext);
AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets()));
certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
byte[] keyID = authID.getKeyIdentifier();
if (keyID != null)
{
certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
}
}
}
catch (IOException ex)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
throw new CertPathReviewerException(msg);
}
while (it.hasNext())
{
TrustAnchor trust = (TrustAnchor) it.next();
if (trust.getTrustedCert() != null)
{
if (certSelectX509.match(trust.getTrustedCert()))
{
trustColl.add(trust);
}
}
else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
{
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName))
{
trustColl.add(trust);
}
}
}
return trustColl;
}
protected Collection getTrustAnchors(X509Certificate cert, Set trustanchors) throws CertPathReviewerException
{
Collection trustColl = new ArrayList();
Iterator it = trustanchors.iterator();
X509CertSelector certSelectX509 = new X509CertSelector();
try
{
certSelectX509.setSubject(getEncodedIssuerPrincipal(cert).getEncoded());
byte[] ext = cert.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (ext != null)
{
ASN1OctetString oct = (ASN1OctetString)ASN1Primitive.fromByteArray(ext);
AuthorityKeyIdentifier authID = AuthorityKeyIdentifier.getInstance(ASN1Primitive.fromByteArray(oct.getOctets()));
certSelectX509.setSerialNumber(authID.getAuthorityCertSerialNumber());
byte[] keyID = authID.getKeyIdentifier();
if (keyID != null)
{
certSelectX509.setSubjectKeyIdentifier(new DEROctetString(keyID).getEncoded());
}
}
}
catch (IOException ex)
{
ErrorBundle msg = new ErrorBundle(RESOURCE_NAME,"CertPathReviewer.trustAnchorIssuerError");
throw new CertPathReviewerException(msg);
}
while (it.hasNext())
{
TrustAnchor trust = (TrustAnchor) it.next();
if (trust.getTrustedCert() != null)
{
if (certSelectX509.match(trust.getTrustedCert()))
{
trustColl.add(trust);
}
}
else if (trust.getCAName() != null && trust.getCAPublicKey() != null)
{
X500Principal certIssuer = getEncodedIssuerPrincipal(cert);
X500Principal caName = new X500Principal(trust.getCAName());
if (certIssuer.equals(caName))
{
trustColl.add(trust);
}
}
}
return trustColl;
}
static KeyInfoRes process(
KeyInfo keyInfo, CertRef signingCertRef, X500NameStyleProvider x500NameStyleProvider) throws CertificateValidationException
{
if (null == keyInfo || !keyInfo.containsX509Data())
{
return tryUseSigningCertificateReference(signingCertRef, x500NameStyleProvider);
}
List<X509Certificate> keyInfoCerts = new ArrayList<X509Certificate>(1);
XMLX509IssuerSerial issuerSerial = null;
X509CertSelector certSelector = new X509CertSelector();
// XML-DSIG 4.4.4: "Any X509IssuerSerial, X509SKI, and X509SubjectName elements
// that appear MUST refer to the certificate or certificates containing the
// validation key."
// "All certificates appearing in an X509Data element MUST relate to the
// validation key by either containing it or being part of a certification
// chain that terminates in a certificate containing the validation key".
// Scan ds:X509Data to find ds:IssuerSerial or ds:SubjectName elements. The
// first to be found is used to select the leaf certificate. If none of those
// elements is present, the first ds:X509Certificate is assumed as the signing
// certificate.
boolean hasSelectionCriteria = false;
try
{
for (int i = 0; i < keyInfo.lengthX509Data(); ++i)
{
X509Data x509Data = keyInfo.itemX509Data(i);
if (!hasSelectionCriteria)
{
if (x509Data.containsIssuerSerial())
{
issuerSerial = x509Data.itemIssuerSerial(0);
certSelector.setIssuer(x500NameStyleProvider.fromString(issuerSerial.getIssuerName()));
certSelector.setSerialNumber(issuerSerial.getSerialNumber());
hasSelectionCriteria = true;
}
else if (x509Data.containsSubjectName())
{
certSelector.setSubject(x500NameStyleProvider.fromString(x509Data.itemSubjectName(0).getSubjectName()));
hasSelectionCriteria = true;
}
}
// Collect all certificates as they may be needed to build the cert path.
if (x509Data.containsCertificate())
{
for (int j = 0; j < x509Data.lengthCertificate(); ++j)
{
keyInfoCerts.add(x509Data.itemCertificate(j).getX509Certificate());
}
}
}
if (!hasSelectionCriteria)
{
if (keyInfoCerts.isEmpty())
{
return tryUseSigningCertificateReference(signingCertRef, x500NameStyleProvider);
}
certSelector.setCertificate(keyInfoCerts.get(0));
}
}
catch (XMLSecurityException ex)
{
throw new InvalidKeyInfoDataException("Cannot process X509Data", ex);
}
return new KeyInfoRes(certSelector, keyInfoCerts, issuerSerial);
}