下面列出了javax.net.ssl.X509TrustManager#checkServerTrusted ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType)
throws CertificateException {
CertificateException lastError = null;
for (final X509TrustManager manager : managers) {
try {
manager.checkServerTrusted(chain, authType);
return;
} catch (final CertificateException e) {
lastError = e;
}
}
if (lastError != null) {
throw lastError;
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for(X509TrustManager tm : startServerTms) {
try {
tm.checkServerTrusted(chain, authType);
return; // first found
} catch(CertificateException e) {
; // proceed
}
}
// last try
if (finalServerTm == null) {
throw new CertificateException("Cannot validate server certificate (no delegated trust managers for server check)");
}
finalServerTm.checkServerTrusted(chain, authType);
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
CertificateException lastError = null;
for (X509TrustManager trustManager : children) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
} catch (CertificateException ex) {
lastError = ex;
}
}
if (lastError != null) {
throw lastError;
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
String host = mServerHostname.get();
DomainPinningPolicy serverConfig =
TrustKit.getInstance().getConfiguration().getPolicyForHostname(host);
X509TrustManager trustManager = TrustKit.getInstance().getTrustManager(host);
//The first check is needed for compatibility with the Platform default's implementation of
//the Trust Manager. For APIs 24 and greater, the Platform's default TrustManager states
//that it requires usage of the hostname-aware version of checkServerTrusted for app's that
//implement Android's network_security_config file. The 2nd check is to allow usage of the
//X509TrustManagerExtensions class. Any API below will default to the baseline trust manager.
if (serverConfig == null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
new X509TrustManagerExtensions(trustManager).checkServerTrusted(chain, authType, host);
} else {
trustManager.checkServerTrusted(chain, authType);
}
}
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException
{
if (trustManagers.isEmpty()) {
throw new CertificateException("No trust managers installed!");
}
CertificateException ce = null;
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
}
catch (CertificateException trustCe) {
ce = trustCe;
}
}
throw ce;
}
/**
* Determine if server certificate is to be trusted.
*
* @param x509Chain
* @param authNType
* @throws CertificateException
*/
public synchronized void checkServerTrusted( final X509Certificate[] x509Chain, final String authNType ) throws
CertificateException
{
for ( final X509TrustManager trustManager : getTrustManagers( x509Chain ) )
{
trustManager.checkServerTrusted( x509Chain, authNType );
}
}
@Test(expectedExceptions = IllegalArgumentException.class)
public void testCheckServerTrustedEnableTM() throws Exception {
try {
System.setProperty(VALIDATE_SERVER_CERT, "true");
X509TrustManager celleryTrustManager = new CelleryTrustManager();
celleryTrustManager.checkServerTrusted(null, null);
} finally {
System.getProperties().remove(VALIDATE_SERVER_CERT);
}
}
/**
*
* @param caResources
* an array of paths to CA Certificates in PEM format to load
* from the classpath (relative to this class).
* @param eecResources
* an array of paths to Server Certificates in PEM format in to
* load from the classpath (relative to this class).
* @param expectations
* an array of expecting results for each EEC Server Certificate
* (the array is expected to have the same length the previous
* argument, and be arrange in matching order: true means
* expected to be valid, false otherwise.
*/
private static void runTests(String[] caResources, String[] eecResources,
boolean[] expectations) throws Exception {
X509TrustManager tm = getTrustManager(caResources);
X509Certificate[] eecCerts = loadCertCollection(eecResources);
for (int i = 0; i < eecResources.length; i++) {
X509Certificate eecCert = eecCerts[i];
assertNotNull("Cannot use cert " + eecResources[i], eecCert);
try {
tm.checkServerTrusted(new X509Certificate[] { eecCert }, "RSA");
if (!expectations[i]) {
fail(String.format(
"Certificate %s was expected not to be valid when using CAs %s, but its "
+ "verification passed.", eecResources[i],
Arrays.asList(caResources)));
}
} catch (CertificateException e) {
if (expectations[i]) {
fail(String.format(
"Certificate %s was expected to be valid when using CAs %s, but its "
+ "verification failed.", eecResources[i],
Arrays.asList(caResources)));
}
}
}
}
@Override
public void checkServerTrusted(X509Certificate[] serverCertificates, String authType) throws CertificateException {
for (TrustManager trustManager : trustManagers) {
try {
final X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
x509TrustManager.checkServerTrusted(serverCertificates, authType);
return;
}
catch (CertificateException ex) {
//Ignore and move on to the next trust manager
}
}
throw new CertificateException("Certificate is not trusted by any of the trust managers");
}
@Override
public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException {
for (final X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return;
} catch (final CertificateException e) {
LOGGER.debug(e.getMessage(), e);
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
/**
* Determine if server certificate is to be trusted.
*
* @param x509Chain The certificate chain
* @param authNType The key exchange algorithm being used
* @throws CertificateException If the trustManager cannot be found
*/
public synchronized void checkServerTrusted( X509Certificate[] x509Chain, String authNType ) throws
CertificateException
{
for ( X509TrustManager trustManager : getTrustManagers( x509Chain ) )
{
trustManager.checkServerTrusted( x509Chain, authNType );
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkServerTrusted(chain, authType);
} else {
throw new CertificateException("Unknown server chain certificate: " +
chain[0].toString());
}
}
@Override
public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
CertificateException catchException = null;
for (X509TrustManager tm : trustManagers) {
try {
tm.checkServerTrusted(certificates, authType);
return;
} catch (CertificateException e) {
catchException = e;
}
}
throw catchException;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for (X509TrustManager trustManager : trustManagers) {
try {
trustManager.checkServerTrusted(chain, authType);
return; // someone trusts them. success!
} catch (CertificateException e) {
// maybe someone else will trust them
}
}
throw new CertificateException("None of the TrustManagers trust this certificate chain");
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
X509TrustManager tm = trustManagerRef.get();
if (tm != null) {
tm.checkServerTrusted(chain, authType);
} else {
throw new CertificateException("Unknown server chain certificate: " +
chain[0].toString());
}
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (TrustManager manager : _defaultManagers) {
if (manager instanceof X509TrustManager) {
X509TrustManager x509Manager = (X509TrustManager) manager;
x509Manager.checkServerTrusted(chain, authType);
}
}
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
for (TrustManager manager : _defaultManagers) {
if (manager instanceof X509TrustManager) {
X509TrustManager x509Manager = (X509TrustManager) manager;
x509Manager.checkServerTrusted(chain, authType);
}
}
}
@Test
public void testCheckServerTrustedWithoutEnableTM() throws Exception {
X509TrustManager celleryTrustManager = new CelleryTrustManager();
celleryTrustManager.checkServerTrusted(null, null);
}
public void checkServerTrusted(X509Certificate[] chain, String type)
throws CertificateException {
try {
for (int i = 0; i < userTrustManagers.length; i++) {
if (userTrustManagers[i] instanceof X509TrustManager) {
X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
X509Certificate[] calist = trustManager
.getAcceptedIssuers();
if (calist.length > 0) {
trustManager.checkServerTrusted(chain, type);
} else {
throw new CertificateException(
"Empty list of accepted issuers (a.k.a. root CA list).");
}
}
}
return;
} catch (CertificateException ce) {
X509Certificate cert = chain[0];
String certInfo = "Version: " + cert.getVersion() + "\n";
certInfo = certInfo.concat("Serial Number: "
+ cert.getSerialNumber() + "\n");
certInfo = certInfo.concat("Signature Algorithm: "
+ cert.getSigAlgName() + "\n");
certInfo = certInfo.concat("Issuer: "
+ cert.getIssuerDN().getName() + "\n");
certInfo = certInfo.concat("Valid From: " + cert.getNotBefore()
+ "\n");
certInfo = certInfo
.concat("Valid To: " + cert.getNotAfter() + "\n");
certInfo = certInfo.concat("Subject DN: "
+ cert.getSubjectDN().getName() + "\n");
certInfo = certInfo.concat("Public Key: "
+ cert.getPublicKey().getFormat() + "\n");
int accept = JOptionPane
.showConfirmDialog(null, certInfo, "Unknown Certificate - Do you accept it?",
javax.swing.JOptionPane.YES_NO_OPTION);
if (accept != JOptionPane.YES_OPTION) {
throw new java.security.cert.CertificateException(
"Certificate Rejected");
}
int save = JOptionPane.showConfirmDialog(null,
"Remember this certificate?", "Save Certificate",
javax.swing.JOptionPane.YES_NO_OPTION);
if (save == JOptionPane.YES_OPTION) {
try {
userks.setCertificateEntry(cert.getSubjectDN().getName(),
cert);
userks.store(new FileOutputStream(userKsPath),
userksPassword);
} catch (Exception e) {
logger.error("Error saving certificate [" + e.getMessage()
+ "]");
e.printStackTrace();
}
}
}
}
public static void main(String[] args) throws Exception {
if (initSecmod() == false) {
return;
}
if ("sparc".equals(System.getProperty("os.arch")) == false) {
// we have not updated other platforms with the proper NSS libraries yet
System.out.println("Test currently works only on solaris-sparc, skipping");
return;
}
String configName = BASE + SEP + "fips.cfg";
Provider p = getSunPKCS11(configName);
System.out.println(p);
Security.addProvider(p);
Security.removeProvider("SunJSSE");
Provider jsse = new com.sun.net.ssl.internal.ssl.Provider(p);
Security.addProvider(jsse);
System.out.println(jsse.getInfo());
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, "test12".toCharArray());
X509Certificate server = loadCertificate("certs/server.cer");
X509Certificate ca = loadCertificate("certs/ca.cer");
X509Certificate anchor = loadCertificate("certs/anchor.cer");
if (args.length > 1 && "sm".equals(args[0])) {
Policy.setPolicy(Policy.getInstance("JavaPolicy",
new URIParameter(new File(BASE, args[1]).toURI())));
System.setSecurityManager(new SecurityManager());
}
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
trustStore.setCertificateEntry("anchor", anchor);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(trustStore);
X509TrustManager tm = (X509TrustManager)tmf.getTrustManagers()[0];
X509Certificate[] chain = {server, ca, anchor};
tm.checkServerTrusted(chain, "RSA");
System.out.println("OK");
}