下面列出了java.security.cert.CertStore#getCertificates() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public Collection engineGetCertificates(CertSelector certSelector)
throws CertStoreException
{
boolean searchAllStores = params.getSearchAllStores();
Iterator iter = params.getCertStores().iterator();
List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
while (iter.hasNext())
{
CertStore store = (CertStore)iter.next();
Collection certs = store.getCertificates(certSelector);
if (searchAllStores)
{
allCerts.addAll(certs);
}
else if (!certs.isEmpty())
{
return certs;
}
}
return allCerts;
}
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
throws CertStoreException
{
return certStore.getCertificates(new CertSelector()
{
public boolean match(Certificate certificate)
{
return (selector == null) ? true : selector.match(certificate);
}
public Object clone()
{
return this;
}
});
}
public Collection engineGetCertificates(CertSelector certSelector)
throws CertStoreException
{
boolean searchAllStores = params.getSearchAllStores();
Iterator iter = params.getCertStores().iterator();
List allCerts = searchAllStores ? new ArrayList() : Collections.EMPTY_LIST;
while (iter.hasNext())
{
CertStore store = (CertStore)iter.next();
Collection certs = store.getCertificates(certSelector);
if (searchAllStores)
{
allCerts.addAll(certs);
}
else if (!certs.isEmpty())
{
return certs;
}
}
return allCerts;
}
public static Collection<? extends Certificate> getCertificates(final PKIXCertStoreSelector selector, CertStore certStore)
throws CertStoreException
{
return certStore.getCertificates(new CertSelector()
{
public boolean match(Certificate certificate)
{
return (selector == null) ? true : selector.match(certificate);
}
public Object clone()
{
return this;
}
});
}
/**
* Verifies the signature of a SMIME message.
*
* It checks also if the signer's certificate is trusted using the loaded
* keystore as trusted certificate store.
*
* @param signed
* the signed mail to check.
* @return a list of SMIMESignerInfo which keeps the data of each mail
* signer.
* @throws Exception
* @throws MessagingException
*/
public List<SMIMESignerInfo> verifySignatures(SMIMESigned signed) throws Exception {
CertStore certs = new JcaCertStoreBuilder()
.addCertificates(signed.getCertificates())
.addCRLs(signed.getCRLs())
.build();
SignerInformationStore siginfo = signed.getSignerInfos();
Collection<SignerInformation> sigCol = siginfo.getSigners();
List<SMIMESignerInfo> result = new ArrayList<>(sigCol.size());
// I iterate over the signer collection
// checking if the signatures put
// on the message are valid.
for (SignerInformation info: sigCol) {
// I get the signer's certificate
X509CertificateHolderSelector x509CertificateHolderSelector = new X509CertificateHolderSelector(info.getSID().getSubjectKeyIdentifier());
X509CertSelector certSelector = new JcaX509CertSelectorConverter().getCertSelector(x509CertificateHolderSelector);
@SuppressWarnings("unchecked")
Collection<X509Certificate> certCollection = (Collection<X509Certificate>) certs.getCertificates(certSelector);
if (!certCollection.isEmpty()) {
X509Certificate signerCert = certCollection.iterator().next();
// The issuer's certifcate is searched in the list of trusted certificate.
CertPath path = verifyCertificate(signerCert, certs, keyStore);
try {
// if the signature is valid the SMIMESignedInfo is
// created using "true" as last argument. If it is
// invalid an exception is thrown by the "verify" method
// and the SMIMESignerInfo is created with "false".
//
// The second argument "path" is not null if the
// certificate can be trusted (it can be connected
// by a chain of trust to a trusted certificate), null
// otherwise.
if (info.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(BC).build(signerCert))) {
result.add(new SMIMESignerInfo(signerCert, path, true));
}
} catch (Exception e) {
result.add(new SMIMESignerInfo(signerCert,path, false));
}
}
}
return result;
}