下面列出了java.security.cert.PKIXParameters#setDate() 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private static void runTest(CertificateFactory cf,
List<X509Certificate> certList, TrustAnchor anchor)
throws Exception {
CertPath path = cf.generateCertPath(certList);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
System.out.println(anchor);
// Attach the OCSP responses to a PKIXParameters object
PKIXRevocationChecker pkrev =
(PKIXRevocationChecker)validator.getRevocationChecker();
Map<X509Certificate, byte[]> responseMap = new HashMap<>();
responseMap.put(certList.get(0), DECODER.decode(EE_OCSP_RESP));
responseMap.put(certList.get(1), DECODER.decode(INT_CA_OCSP_RESP));
pkrev.setOcspResponses(responseMap);
PKIXParameters params =
new PKIXParameters(Collections.singleton(anchor));
params.addCertPathChecker(pkrev);
params.setDate(EVAL_DATE);
validator.validate(path, params);
}
/**
*
*/
private CertPathParameters getCertPathParameters(KeyStore keystore)
throws GeneralSecurityException
{
HashSet<TrustAnchor> tas = new HashSet<TrustAnchor>();
for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements(); ) {
String name = e.nextElement();
Certificate c = keystore.getCertificate(name);
if (c != null) {
if (trustKeys || keystore.isCertificateEntry(name)) {
tas.add(new TrustAnchor((X509Certificate)c, null));
}
}
}
PKIXParameters p = new PKIXParameters(tas);
// NYI! Handle CRLs
p.setRevocationEnabled(false);
if (validationDate != null) {
p.setDate(validationDate);
}
return p;
}
private void validateNoCache(List<? extends X509Certificate> certs)
throws SignatureException {
try {
CertPathValidator validator = CertPathValidator.getInstance(
VALIDATOR_TYPE);
PKIXParameters params = new PKIXParameters(trustRoots);
params.addCertPathChecker(WAVE_OID_CHECKER);
params.setDate(timeSource.now());
// turn off default revocation-checking mechanism
params.setRevocationEnabled(false);
// TODO: add a way for clients to add certificate revocation checks,
// perhaps by letting them pass in PKIXCertPathCheckers. This can also be
// useful to check for Wave-specific certificate extensions.
CertificateFactory certFactory = CertificateFactory.getInstance(
CERTIFICATE_TYPE);
CertPath certPath = certFactory.generateCertPath(certs);
validator.validate(certPath, params);
} catch (GeneralSecurityException e) {
throw new SignatureException("Certificate validation failure", e);
}
}
private void validateNoCache(List<? extends X509Certificate> certs)
throws SignatureException {
try {
CertPathValidator validator = CertPathValidator.getInstance(
VALIDATOR_TYPE);
PKIXParameters params = new PKIXParameters(trustRoots);
params.addCertPathChecker(WAVE_OID_CHECKER);
params.setDate(timeSource.now());
// turn off default revocation-checking mechanism
params.setRevocationEnabled(false);
// TODO: add a way for clients to add certificate revocation checks,
// perhaps by letting them pass in PKIXCertPathCheckers. This can also be
// useful to check for Wave-specific certificate extensions.
CertificateFactory certFactory = CertificateFactory.getInstance(
CERTIFICATE_TYPE);
CertPath certPath = certFactory.generateCertPath(certs);
validator.validate(certPath, params);
} catch (GeneralSecurityException e) {
throw new SignatureException("Certificate validation failure", e);
}
}
public static boolean pkixvalidate(CertPath cp, Set<TrustAnchor> trustAnchorSet,
boolean isRevocationChecked, boolean isPolicyQualifiersRejected) {
try {
CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); //TODO use BCFIPS when "Support for PKIXRevocationChecker
//in the CertPath implementation" is added
PKIXParameters pkix = new PKIXParameters(trustAnchorSet);
if(isRevocationChecked){
PKIXRevocationChecker prc = (PKIXRevocationChecker) cpv.getRevocationChecker();
prc.setOptions(EnumSet.of(PKIXRevocationChecker.Option.PREFER_CRLS, PKIXRevocationChecker.Option.NO_FALLBACK));
pkix.addCertPathChecker(prc);
}
else{
pkix.setRevocationEnabled(false);
}
pkix.setPolicyQualifiersRejected(isPolicyQualifiersRejected);
pkix.setDate(null);
CertPathValidatorResult cpvr = cpv.validate(cp, pkix);
if (cpvr != null) {
System.out.println("Certificate validated");
return true;
} else {
System.out.println("Certificate not valid");
return false;
}
} catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | CertPathValidatorException ex) {
Logger.getLogger(PKIXChainValidation.class.getName()).log(Level.SEVERE, null, ex);
return false;
}
}