本文整理汇总了Java中org.globus.gsi.TrustedCertificates类的典型用法代码示例。如果您正苦于以下问题:Java TrustedCertificates类的具体用法?Java TrustedCertificates怎么用?Java TrustedCertificates使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
TrustedCertificates类属于org.globus.gsi包,在下文中一共展示了TrustedCertificates类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: getCaCert
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected X509Certificate getCaCert(X509Certificate userCert) throws InvalidSecurityContextException {
TrustedCertificates tc = TrustedCertificates.getDefaultTrustedCertificates();
X509Certificate caCert = tc.getCertificate(userCert.getIssuerDN().getName());
if (caCert == null) {
logger.warn("Cannot find root CA certificate for proxy");
logger.warn("DNs of trusted certificates:");
X509Certificate[] roots = tc.getCertificates();
for (X509Certificate root : roots) {
logger.warn("\t" + root.getSubjectDN());
}
throw new InvalidSecurityContextException("Failed to find root CA certificate (" + userCert.getIssuerDN().getName() + ")");
}
else {
return caCert;
}
}
开发者ID:swift-lang,项目名称:swift-k,代码行数:18,代码来源:ProxyForwarder.java
示例2: setCertList
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public void setCertList(String certList) {
certificates = new Vector();
if (certList == null) return;
StringTokenizer tokens = new StringTokenizer(certList, ",");
File certFile;
while(tokens.hasMoreTokens()) {
certFile = new File(tokens.nextToken().trim());
if (certFile.isDirectory()) {
File[] caCertFiles =
certFile.listFiles(TrustedCertificates.getCertFilter());
for (int i=0;i<caCertFiles.length;i++) {
loadCert(caCertFiles[i].getAbsolutePath());
}
} else {
loadCert(certFile.getAbsolutePath());
}
}
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:20,代码来源:ConfigModule2.java
示例3: testNoBasicConstraintsExtension
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public void testNoBasicConstraintsExtension() throws Exception {
X509Certificate [] chain = null;
// EEC, EEC, CA - that should fail
chain = new X509Certificate[] {goodCertsArr[1], goodCertsArr[1], goodCertsArr[0]};
validateChain(chain);
TestProxyPathValidator v = new TestProxyPathValidator();
TrustedCertificates trustedCert =
new TrustedCertificates(new X509Certificate[] {goodCertsArr[1]});
// this makes the PathValidator think the chain is:
// CA, CA, CA - which is ok
try {
v.validate(chain, trustedCert);
} catch (ProxyPathValidatorException e) {
e.printStackTrace();
fail("Unexpected exception: " + e.getMessage());
}
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:20,代码来源:ProxyPathValidatorTest.java
示例4: setTrustedCertificates
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected void setTrustedCertificates(Object value)
throws GSSException {
if (!(value instanceof TrustedCertificates)) {
throw new GlobusGSSException(GSSException.FAILURE,
GlobusGSSException.BAD_OPTION_TYPE,
"badType",
new Object[] {"Trusted certificates",
TrustedCertificates.class});
}
this.tc = (TrustedCertificates)value;
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:12,代码来源:GlobusGSSContextImpl.java
示例5: getDefaultPureTLSTrustedCertificates
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public static synchronized PureTLSTrustedCertificates
getDefaultPureTLSTrustedCertificates() {
if (ptlsCerts == null) {
ptlsCerts = new PureTLSTrustedCertificates();
}
ptlsCerts.setTrustedCertificates(TrustedCertificates.getDefault());
return ptlsCerts;
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:9,代码来源:PureTLSTrustedCertificates.java
示例6: testGetCertificateType3
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public void testGetCertificateType3() throws Exception {
X509Certificate cert = getCertificate(1);
int type = Integer.parseInt(ProxyPathValidatorTest.certs[1][0]);
assertEquals(GSIConstants.EEC, BouncyCastleUtil.getCertificateType(cert));
TrustedCertificates trustedCerts =
new TrustedCertificates(new X509Certificate[] {cert});
assertEquals(GSIConstants.CA, BouncyCastleUtil.getCertificateType(cert, trustedCerts));
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:11,代码来源:BouncyCastleUtilTest.java
示例7: loadTrustedCerts
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
private X509Certificate[] loadTrustedCerts() {
X509Certificate[] trustedCerts;
String trustStoreLocation = getTrustStorePath();
if (trustStoreLocation != null && trustStoreLocation.length() != 0) {
trustedCerts = TrustedCertificates
.loadCertificates(trustStoreLocation);
} else {
trustedCerts = TrustedCertificates.getDefaultTrustedCertificates()
.getCertificates();
}
return trustedCerts;
}
开发者ID:NCIP,项目名称:cagrid-core,代码行数:13,代码来源:ProxyValidatorImpl.java
示例8: getDelegatedCredentialAndValidate
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
private GlobusCredential getDelegatedCredentialAndValidate(
DelegatedCredentialManager dcm, String gridIdentity,
DelegationIdentifier id, CertificateChain chain) throws Exception {
X509Certificate[] signingChain = org.cagrid.gaards.cds.common.Utils
.toCertificateArray(chain);
KeyPair pair = KeyUtil.generateRSAKeyPair1024();
org.cagrid.gaards.cds.common.PublicKey pKey = new org.cagrid.gaards.cds.common.PublicKey();
pKey.setKeyAsString(KeyUtil.writePublicKey(pair.getPublic()));
X509Certificate[] delegatedProxy = org.cagrid.gaards.cds.common.Utils
.toCertificateArray(dcm.getDelegatedCredential(GRID_IDENTITY,
id, pKey));
assertNotNull(delegatedProxy);
assertEquals(delegatedProxy.length, (signingChain.length + 1));
for (int i = 0; i < signingChain.length; i++) {
assertEquals(signingChain[i], delegatedProxy[i + 1]);
}
ProxyPathValidator validator = new ProxyPathValidator();
validator.validate(delegatedProxy, TrustedCertificates
.getDefaultTrustedCertificates().getCertificates(),
CertificateRevocationLists
.getDefaultCertificateRevocationLists());
DelegatedCredentialAuditRecord[] ar = dcm.searchAuditLog(Utils
.getIssuedAuditFilter(id));
assertEquals(1, ar.length);
assertEquals(id, ar[0].getDelegationIdentifier());
assertEquals(GRID_IDENTITY, ar[0].getSourceGridIdentity());
assertEquals(DelegatedCredentialEvent.DelegatedCredentialIssued, ar[0]
.getEvent());
return new GlobusCredential(pair.getPrivate(), delegatedProxy);
}
开发者ID:NCIP,项目名称:cagrid-core,代码行数:34,代码来源:DelegatedCredentialManagerTest.java
示例9: getDelegatedCredentialAndValidate
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
private GlobusCredential getDelegatedCredentialAndValidate(
DelegatedCredentialManager dcm, String gridIdentity,
DelegationIdentifier id, CertificateChain chain) throws Exception {
X509Certificate[] signingChain = org.cagrid.cds.service.impl.util.Utils
.toCertificateArray(chain);
KeyPair pair = KeyUtil.generateRSAKeyPair1024();
org.cagrid.cds.model.PublicKey pKey = new org.cagrid.cds.model.PublicKey();
pKey.setKeyAsString(KeyUtil.writePublicKey(pair.getPublic()));
X509Certificate[] delegatedProxy = org.cagrid.cds.service.impl.util.Utils
.toCertificateArray(dcm.getDelegatedCredential(GRID_IDENTITY,
id, pKey));
assertNotNull(delegatedProxy);
assertEquals(delegatedProxy.length, (signingChain.length + 1));
for (int i = 0; i < signingChain.length; i++) {
assertEquals(signingChain[i], delegatedProxy[i + 1]);
}
ProxyPathValidator validator = new ProxyPathValidator();
validator.validate(delegatedProxy, TrustedCertificates
.getDefaultTrustedCertificates().getCertificates(),
CertificateRevocationLists
.getDefaultCertificateRevocationLists());
List<DelegatedCredentialAuditRecord> ar = dcm.searchAuditLog(Utils
.getIssuedAuditFilter(id));
assertEquals(1, ar.size());
assertEquals(id, ar.get(0).getDelegationIdentifier());
assertEquals(GRID_IDENTITY, ar.get(0).getSourceGridIdentity());
assertEquals(DelegatedCredentialEvent.DELEGATED_CREDENTIAL_ISSUED, ar.get(0)
.getEvent());
return new GlobusCredential(pair.getPrivate(), delegatedProxy);
}
开发者ID:NCIP,项目名称:cagrid2,代码行数:34,代码来源:DelegatedCredentialManagerTest.java
示例10: validateCertificateChain
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public static void validateCertificateChain(X509Certificate[] chain)
throws ProxyPathValidatorException {
ProxyPathValidator validator = new ProxyPathValidator();
validator.validate(chain, TrustedCertificates
.getDefaultTrustedCertificates().getCertificates(),
CertificateRevocationLists
.getDefaultCertificateRevocationLists());
}
开发者ID:NCIP,项目名称:cagrid2,代码行数:10,代码来源:Utils.java
示例11: getSigningPolicy
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected SigningPolicy getSigningPolicy(X509Certificate userCert) {
TrustedCertificates tc = TrustedCertificates.getDefaultTrustedCertificates();
return tc.getSigningPolicy('/' + userCert.getIssuerDN().getName().replace(',', '/'));
}
开发者ID:swift-lang,项目名称:swift-k,代码行数:5,代码来源:ProxyForwarder.java
示例12: validate
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public void validate(X509Certificate [] certPath,
TrustedCertificates trustedCerts,
CertificateRevocationLists crlsList)
throws ProxyPathValidatorException {
super.validate(certPath, trustedCerts, crlsList);
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:7,代码来源:GlobusGSSContextImpl.java
示例13: PureTLSTrustedCertificates
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public PureTLSTrustedCertificates(TrustedCertificates tc) {
this.tc = tc;
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:4,代码来源:PureTLSTrustedCertificates.java
示例14: setTrustedCertificates
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected void setTrustedCertificates(TrustedCertificates tc) {
this.tc = tc;
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:4,代码来源:PureTLSTrustedCertificates.java
示例15: getCertificateType
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
/**
* Returns certificate type of the given certificate.
* This function calls {@link #getCertificateType(TBSCertificateStructure)
* getCertificateType} to get the certificate type. In case
* the certificate type was initially determined as
* {@link GSIConstants#EEC GSIConstants.EEC} it is checked
* against the trusted certificate list to see if it really
* is a CA certificate. If the certificate is present in the
* trusted certificate list the certificate type is changed
* to {@link GSIConstants#CA GSIConstants.CA}. Otherwise, it is
* left as it is (This is useful in cases where a valid CA
* certificate does not have a BasicConstraints extension)
*
* @param crt the certificate to get the type of.
* @param trustedCerts the trusted certificates to double check the
* {@link GSIConstants#EEC GSIConstants.EEC}
* certificate against. If null, a default
* set of trusted certificate will be loaded
* from a standard location.
* @return the certificate type. The certificate type is determined
* by rules described above.
* @exception IOException if something goes wrong.
* @exception CertificateException for proxy certificates, if
* the issuer DN of the certificate does not match
* the subject DN of the certificate without the
* last <I>CN</I> component. Also, for GSI-3 proxies
* when the <code>ProxyCertInfo</code> extension is
* not marked as critical.
*/
public static int getCertificateType(TBSCertificateStructure crt,
TrustedCertificates trustedCerts)
throws CertificateException, IOException {
int type = getCertificateType(crt);
// check subject of the cert in trusted cert list
// to make sure the cert is not a ca cert
if (type == GSIConstants.EEC) {
if (trustedCerts == null) {
trustedCerts =
TrustedCertificates.getDefaultTrustedCertificates();
}
if (trustedCerts != null &&
trustedCerts.getCertificate(crt.getSubject().toString()) != null) {
type = GSIConstants.CA;
}
}
return type;
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:50,代码来源:BouncyCastleUtil.java
示例16: checkCRL
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected void checkCRL(X509Certificate cert,
CertificateRevocationLists crlsList,
TrustedCertificates trustedCerts)
throws ProxyPathValidatorException {
if (crlsList == null) {
return;
}
logger.debug("checkCRLs: enter");
// Should not happen, just a sanity check.
if (trustedCerts == null) {
String err = "Trusted certificates are null, cannot verify CRLs";
logger.error(err);
throw new ProxyPathValidatorException(
ProxyPathValidatorException.FAILURE, null, err);
}
String issuerName = cert.getIssuerDN().getName();
X509CRL crl = crlsList.getCrl(issuerName);
if (crl == null) {
logger.debug("No CRL for certificate");
return;
}
// get CA cert for the CRL
X509Certificate x509Cert =
trustedCerts.getCertificate(issuerName);
if (x509Cert == null) {
// if there is no trusted certs from that CA, then
// the chain cannot contain a cert from that CA,
// which implies not checking this CRL should be fine.
logger.debug("No trusted cert with this CA signature");
return;
}
// validate CRL
try {
crl.verify(x509Cert.getPublicKey());
} catch (Exception exp) {
logger.error("CRL verification failed");
throw new ProxyPathValidatorException(
ProxyPathValidatorException.FAILURE, exp);
}
Date now = new Date();
//check date validity of CRL
if ((crl.getThisUpdate().before(now)) ||
((crl.getNextUpdate()!=null) &&
(crl.getNextUpdate().after(now)))) {
if (crl.isRevoked(cert)) {
throw new ProxyPathValidatorException(
ProxyPathValidatorException.REVOKED,
cert, "This cert "
+ cert.getSubjectDN().getName()
+ " is on a CRL");
}
}
logger.debug("checkCRLs: exit");
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:61,代码来源:ProxyPathValidator.java
示例17: validate
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public void validate(X509Certificate [] certPath,
TrustedCertificates trustedCerts)
throws ProxyPathValidatorException {
super.validate(certPath, trustedCerts);
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:6,代码来源:ProxyPathValidatorTest.java
示例18: checkCRL
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
protected void checkCRL(X509Certificate cert, CertificateRevocationLists crlsList, TrustedCertificates trustedCerts)
throws ProxyPathValidatorException {
if (crlsList == null) {
return;
}
logger.debug("checkCRLs: enter");
// Should not happen, just a sanity check.
if (trustedCerts == null) {
String err = "Trusted certificates are null, cannot verify CRLs";
logger.error(err);
throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, null, err);
}
String issuerName = cert.getIssuerDN().getName();
X509CRL crl = crlsList.getCrl(issuerName);
if (crl == null) {
logger.debug("No CRL for certificate");
return;
}
// get CA cert for the CRL
X509Certificate x509Cert = trustedCerts.getCertificate(issuerName);
if (x509Cert == null) {
// if there is no trusted certs from that CA, then
// the chain cannot contain a cert from that CA,
// which implies not checking this CRL should be fine.
logger.debug("No trusted cert with this CA signature");
return;
}
// validate CRL
try {
crl.verify(x509Cert.getPublicKey());
} catch (Exception exp) {
logger.error("CRL verification failed");
throw new ProxyPathValidatorException(ProxyPathValidatorException.FAILURE, exp);
}
Date now = new Date();
// check date validity of CRL
if ((crl.getThisUpdate().before(now)) || ((crl.getNextUpdate() != null) && (crl.getNextUpdate().after(now)))) {
if (crl.isRevoked(cert)) {
throw new ProxyPathValidatorException(ProxyPathValidatorException.REVOKED, cert, "This cert "
+ cert.getSubjectDN().getName() + " is on a CRL");
}
}
logger.debug("checkCRLs: exit");
}
开发者ID:NCIP,项目名称:cagrid-core,代码行数:51,代码来源:ProxyPathValidator.java
示例19: validateCertificateChain
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
public static void validateCertificateChain(X509Certificate[] chain) throws ProxyPathValidatorException {
ProxyPathValidator validator = new ProxyPathValidator();
validator.validate(chain, TrustedCertificates.getDefaultTrustedCertificates().getCertificates(),
CertificateRevocationLists.getDefaultCertificateRevocationLists());
}
开发者ID:NCIP,项目名称:cagrid-core,代码行数:7,代码来源:Utils.java
示例20: validate
import org.globus.gsi.TrustedCertificates; //导入依赖的package包/类
/**
* Performs certificate path validation. Does <B>not</B> check
* the cert signatures but it performs all other checks like
* the extension checking, validity checking, restricted policy
* checking, CRL checking, etc.
*
* @param certPath the certificate path to validate.
* @exception ProxyPathValidatorException if certificate
* path validation fails.
*/
protected void validate(X509Certificate [] certPath)
throws ProxyPathValidatorException {
validate(certPath,
(TrustedCertificates)null,
(CertificateRevocationLists)null);
}
开发者ID:NCIP,项目名称:cagrid-general,代码行数:17,代码来源:ProxyPathValidator.java
注:本文中的org.globus.gsi.TrustedCertificates类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论