本文整理汇总了Java中org.jasig.cas.adaptors.x509.util.CertUtils类的典型用法代码示例。如果您正苦于以下问题:Java CertUtils类的具体用法?Java CertUtils怎么用?Java CertUtils使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CertUtils类属于org.jasig.cas.adaptors.x509.util包,在下文中一共展示了CertUtils类的19个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: getDistributionPoints
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Gets the distribution points.
*
* @param cert the cert
* @return the url distribution points
*/
private URI[] getDistributionPoints(final X509Certificate cert) {
final DistributionPointList points;
try {
points = new ExtensionReader(cert).readCRLDistributionPoints();
} catch (final Exception e) {
logger.error("Error reading CRLDistributionPoints extension field on {}", CertUtils.toString(cert), e);
return new URI[0];
}
final List<URI> urls = new ArrayList<>();
for (final DistributionPoint point : points.getItems()) {
final Object location = point.getDistributionPoint();
if (location instanceof String) {
addURL(urls, (String) location);
} else if (location instanceof GeneralNameList) {
for (final GeneralName gn : ((GeneralNameList) location).getItems()) {
addURL(urls, gn.getName());
}
} else {
logger.warn("{} not supported. String or GeneralNameList expected.", location);
}
}
return urls.toArray(new URI[urls.size()]);
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:32,代码来源:CRLDistributionPointRevocationChecker.java
示例2: apply
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* {@inheritDoc}
* The CRL next update time is compared against the current time with the threshold
* applied and rejected if and only if the next update time is in the past.
*
* @param crl CRL instance to evaluate.
*
* @throws GeneralSecurityException On expired CRL data. Check the exception type for exact details
*
* @see org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy#apply(java.lang.Object)
*/
@Override
public void apply(final X509CRL crl) throws GeneralSecurityException {
final Calendar cutoff = Calendar.getInstance();
if (CertUtils.isExpired(crl, cutoff.getTime())) {
cutoff.add(Calendar.SECOND, -this.threshold);
if (CertUtils.isExpired(crl, cutoff.getTime())) {
throw new ExpiredCRLException(crl.toString(), cutoff.getTime(), this.threshold);
}
logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.",
crl.getNextUpdate(), this.threshold));
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:24,代码来源:ThresholdExpiredCRLRevocationPolicy.java
示例3: getDistributionPoints
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
private URL[] getDistributionPoints(final X509Certificate cert) {
final DistributionPointList points;
try {
points = new ExtensionReader(cert).readCRLDistributionPoints();
} catch (final Exception e) {
logger.error(
"Error reading CRLDistributionPoints extension field on " + CertUtils.toString(cert), e);
return new URL[0];
}
final List<URL> urls = new ArrayList<URL>();
for (DistributionPoint point : points.getItems()) {
final Object location = point.getDistributionPoint();
if (location instanceof String) {
addURL(urls, (String) location);
} else if (location instanceof GeneralNameList) {
for (GeneralName gn : ((GeneralNameList) location).getItems()) {
addURL(urls, gn.getName());
}
} else {
logger.warn("{} not supported. String or GeneralNameList expected.", location);
}
}
return urls.toArray(new URL[urls.size()]);
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:27,代码来源:CRLDistributionPointRevocationChecker.java
示例4: check
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
public void check(final X509Certificate cert) throws GeneralSecurityException {
if (cert == null) {
throw new IllegalArgumentException("Certificate cannot be null.");
}
logger.debug("Evaluating certificate revocation status for {}", CertUtils.toString(cert));
final X509CRL crl = getCRL(cert);
if (crl == null) {
logger.warn("CRL data is not available for {}", CertUtils.toString(cert));
this.unavailableCRLPolicy.apply(null);
return;
}
if (CertUtils.isExpired(crl)) {
logger.warn("CRL data expired on ", crl.getNextUpdate());
this.expiredCRLPolicy.apply(crl);
}
final X509CRLEntry entry = crl.getRevokedCertificate(cert);
if (entry != null) {
throw new RevokedCertificateException(entry);
}
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:23,代码来源:AbstractCRLRevocationChecker.java
示例5: getCRL
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Gets the first fetched CRL for the given certificate.
*
* @param cert Certificate for which the CRL of the issuing CA should be retrieved.
*
* @return CRL for given cert, or null
*/
public final X509CRL getCRL(final X509Certificate cert) {
final Collection<X509CRL> list = getCRLs(cert);
if (list != null && !list.isEmpty()) {
return list.iterator().next();
}
logger.debug("No CRL could be found for {}", CertUtils.toString(cert));
return null;
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:16,代码来源:AbstractCRLRevocationChecker.java
示例6: doAuthentication
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:35,代码来源:X509CredentialsAuthenticationHandler.java
示例7: getId
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
public String getId() {
X509Certificate cert = null;
if (this.certificate != null) {
cert = this.certificate;
} else if (this.certificates.length > 0) {
cert = this.certificates[0];
}
if (cert != null) {
return CertUtils.toString(cert);
}
return UNKNOWN_ID;
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:X509CertificateCredential.java
示例8: AbstractCRLRevocationCheckerTests
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Creates a new test instance with given parameters.
*
* @param certFiles File names of certificates to check.
* @param expected Expected result of check; null to indicate expected success.
*/
public AbstractCRLRevocationCheckerTests(
final String[] certFiles,
final GeneralSecurityException expected) {
this.expected = expected;
this.certificates = new X509Certificate[certFiles.length];
int i = 0;
for (final String file : certFiles) {
this.certificates[i++] = CertUtils.readCertificate(new ClassPathResource(file));
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:18,代码来源:AbstractCRLRevocationCheckerTests.java
示例9: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
checker.init();
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:16,代码来源:LdaptiveResourceCRLFetcherTests.java
示例10: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
checker.init();
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:LdaptiveResourceCRLFetcherTests.java
示例11: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.init();
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:16,代码来源:PoolingLdaptiveResourceCRLFetcherTests.java
示例12: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.init();
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:PoolingLdaptiveResourceCRLFetcherTests.java
示例13: doAuthentication
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* {@inheritDoc}
*/
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
final int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:38,代码来源:X509CredentialsAuthenticationHandler.java
示例14: getCrlFromLdap
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdap() throws Exception {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
for (int i = 0; i < 10; i++) {
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:15,代码来源:LdaptiveResourceCRLFetcherTests.java
示例15: getCrlFromLdapWithNoCaching
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Test
public void getCrlFromLdapWithNoCaching() throws Exception {
for (int i = 0; i < 10; i++) {
CacheManager.getInstance().removeAllCaches();
final Cache cache = new Cache("crlCache-1", 100, false, false, 20, 10);
CacheManager.getInstance().addCache(cache);
final CRLDistributionPointRevocationChecker checker = new CRLDistributionPointRevocationChecker(cache, fetcher);
checker.setThrowOnFetchFailure(true);
checker.setUnavailableCRLPolicy(new AllowRevocationPolicy());
final X509Certificate cert = CertUtils.readCertificate(new ClassPathResource("ldap-crl.crt"));
checker.check(cert);
}
}
开发者ID:hsj-xiaokang,项目名称:springboot-shiro-cas-mybatis,代码行数:14,代码来源:LdaptiveResourceCRLFetcherTests.java
示例16: getCRL
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* {@inheritDoc}
* @see AbstractCRLRevocationChecker#getCRL(X509Certificate)
*/
@Override
protected X509CRL getCRL(final X509Certificate cert) {
final URL[] urls = getDistributionPoints(cert);
logger.debug(String.format(
"Distribution points for %s: %s.",
CertUtils.toString(cert), Arrays.asList(urls)));
Element item;
for (URL url : urls) {
item = this.crlCache.get(url);
if (item != null) {
logger.debug("Found CRL in cache for {}", CertUtils.toString(cert));
return (X509CRL) item.getObjectValue();
}
}
// Try all distribution points and stop at first fetch that succeeds
X509CRL crl = null;
for (int i = 0; i < urls.length && crl == null; i++) {
logger.info("Attempting to fetch CRL at {}", urls[i]);
try {
crl = CertUtils.fetchCRL(new UrlResource(urls[i]));
logger.info("Success. Caching fetched CRL.");
this.crlCache.put(new Element(urls[i], crl));
} catch (final Exception e) {
logger.error("Error fetching CRL at {}", urls[i], e);
}
}
return crl;
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:36,代码来源:CRLDistributionPointRevocationChecker.java
示例17: fetch
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/**
* Fetches CRL data for all resources held by this instance.
*
* @param throwOnError Set to true to throw on first error fetching CRL
* data, false otherwise.
*/
public void fetch(final boolean throwOnError) {
for (Resource r : this.resources) {
logger.debug("Fetching CRL data from {}", r);
try {
addCrl(CertUtils.fetchCRL(r));
} catch (final Exception e) {
if (throwOnError) {
throw new RuntimeException("Error fetching CRL from " + r, e);
}
}
}
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:19,代码来源:ResourceCRLRevocationChecker.java
示例18: doAuthentication
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
/** {@inheritDoc} */
@Override
protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final X509CertificateCredential x509Credential = (X509CertificateCredential) credential;
final X509Certificate[] certificates = x509Credential.getCertificates();
X509Certificate clientCert = null;
boolean hasTrustedIssuer = false;
for (int i = certificates.length - 1; i >= 0; i--) {
final X509Certificate certificate = certificates[i];
logger.debug("Evaluating {}", CertUtils.toString(certificate));
validate(certificate);
if (!hasTrustedIssuer) {
hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
}
// getBasicConstraints returns pathLenContraint which is generally
// >=0 when this is a CA cert and -1 when it's not
int pathLength = certificate.getBasicConstraints();
if (pathLength < 0) {
logger.debug("Found valid client certificate");
clientCert = certificate;
} else {
logger.debug("Found valid CA certificate");
}
}
if (hasTrustedIssuer && clientCert != null) {
x509Credential.setCertificate(clientCert);
return new HandlerResult(this, x509Credential, new SimplePrincipal(x509Credential.getId()));
}
throw new FailedLoginException();
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:36,代码来源:X509CredentialsAuthenticationHandler.java
示例19: getId
import org.jasig.cas.adaptors.x509.util.CertUtils; //导入依赖的package包/类
@Override
public String getId() {
X509Certificate cert = null;
if (this.certificate != null) {
cert = this.certificate;
} else if (this.certificates != null && this.certificates.length > 0) {
cert = this.certificates[0];
}
if (cert != null) {
return CertUtils.toString(cert);
}
return UNKNOWN_ID;
}
开发者ID:luotuo,项目名称:cas4.0.x-server-wechat,代码行数:15,代码来源:X509CertificateCredential.java
注:本文中的org.jasig.cas.adaptors.x509.util.CertUtils类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论