java.security.cert.Certificate.verify()方法的使用及代码示例

x33g5p2x  于2022-01-18 转载在 其他  
字(8.8k)|赞(0)|评价(0)|浏览(274)

本文整理了Java中java.security.cert.Certificate.verify()方法的一些代码示例,展示了Certificate.verify()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Certificate.verify()方法的具体详情如下:
包路径:java.security.cert.Certificate
类名称:Certificate
方法名:verify

Certificate.verify介绍

[英]Verifies that this certificate was signed with the given public key.
[中]验证此证书是否使用给定的公钥签名。

代码示例

代码示例来源:origin: gocd/gocd

boolean verifySigned(File keystore, Certificate agentCertificate) {
  try {
    KeyStore store = KeyStore.getInstance("JKS");
    FileInputStream inputStream = new FileInputStream(keystore);
    store.load(inputStream, PASSWORD_AS_CHAR_ARRAY);
    IOUtils.closeQuietly(inputStream);
    KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate",
        new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY));
    Certificate intermediateCertificate = intermediateEntry.getCertificate();
    agentCertificate.verify(intermediateCertificate.getPublicKey());
    return true;
  } catch (Exception e) {
    return false;
  }
}

代码示例来源:origin: stackoverflow.com

@Override        
 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)  throws CertificateException {

 if (certs == null || certs.length == 0) {  
   throw new IllegalArgumentException("null or zero-length certificate chain");  
 }  

 if (authType == null || authType.length() == 0) {  
      throw new IllegalArgumentException("null or zero-length authentication type");  
 }  

  //Check if certificate send is your CA's
  if(!certs[0].equals(caCertificate)){
     try
     {   //Not your CA's. Check if it has been signed by your CA
       certs[0].verify(caCertificate.getPublicKey())
     }
     catch(Exception e){   
       throw new CertificateException("Certificate not trusted",e);
     }
  }
  //If we end here certificate is trusted. Check if it has expired.  
   try{
     certs[0].checkValidity();
   }
   catch(Exception e){
      throw new CertificateException("Certificate not trusted. It has expired",e);
   }  
}

代码示例来源:origin: oVirt/moVirt

public static boolean isCA(Certificate certificate) {
  try {
    certificate.verify(certificate.getPublicKey());
  } catch (Exception e) {
    return false;
  }
  return true;
}

代码示例来源:origin: itext/itext7

/**
 * Checks the certificates in a certificate chain:
 * are they valid on a specific date, and
 * do they chain up correctly?
 * @param chain the certificate chain
 * @throws GeneralSecurityException
 */
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
  // Loop over the certificates in the chain
  for (int i = 0; i < chain.length; i++) {
    X509Certificate cert = (X509Certificate) chain[i];
    // check if the certificate was/is valid
    cert.checkValidity(signDate);
    // check if the previous certificate was issued by this certificate
    if (i > 0)
      chain[i-1].verify(chain[i].getPublicKey());
  }
  LOGGER.info("All certificates are valid on " + signDate.toString());
}

代码示例来源:origin: com.itextpdf/sign

/**
 * Checks the certificates in a certificate chain:
 * are they valid on a specific date, and
 * do they chain up correctly?
 * @param chain the certificate chain
 * @throws GeneralSecurityException
 */
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
  // Loop over the certificates in the chain
  for (int i = 0; i < chain.length; i++) {
    X509Certificate cert = (X509Certificate) chain[i];
    // check if the certificate was/is valid
    cert.checkValidity(signDate);
    // check if the previous certificate was issued by this certificate
    if (i > 0)
      chain[i-1].verify(chain[i].getPublicKey());
  }
  LOGGER.info("All certificates are valid on " + signDate.toString());
}

代码示例来源:origin: com.itextpdf/itextpdf

/**
 * Checks the certificates in a certificate chain:
 * are they valid on a specific date, and
 * do they chain up correctly?
 * @param chain
 * @throws GeneralSecurityException
 */
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
  // Loop over the certificates in the chain
  for (int i = 0; i < chain.length; i++) {
    X509Certificate cert = (X509Certificate) chain[i];
    // check if the certificate was/is valid
    cert.checkValidity(signDate);
    // check if the previous certificate was issued by this certificate
    if (i > 0)
      chain[i-1].verify(chain[i].getPublicKey());
  }
  LOGGER.info("All certificates are valid on " + signDate.toString());
}

代码示例来源:origin: AndroidHardening/Auditor

private static void verifyCertificateSignatures(Certificate[] certChain)
    throws GeneralSecurityException {
  for (int i = 1; i < certChain.length; ++i) {
    final PublicKey pubKey = certChain[i].getPublicKey();
    try {
      ((X509Certificate) certChain[i - 1]).checkValidity();
      certChain[i - 1].verify(pubKey);
    } catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException
        | NoSuchProviderException | SignatureException e) {
      throw new GeneralSecurityException("Failed to verify certificate "
          + certChain[i - 1] + " with public key " + certChain[i].getPublicKey(), e);
    }
    if (i == certChain.length - 1) {
      // Last cert is self-signed.
      try {
        ((X509Certificate) certChain[i]).checkValidity();
        certChain[i].verify(pubKey);
      } catch (CertificateException e) {
        throw new GeneralSecurityException(
            "Root cert " + certChain[i] + " is not correctly self-signed", e);
      }
    }
  }
}

代码示例来源:origin: com.itextpdf/itextg

/**
 * Checks the certificates in a certificate chain:
 * are they valid on a specific date, and
 * do they chain up correctly?
 * @param chain
 * @throws GeneralSecurityException
 */
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
  // Loop over the certificates in the chain
  for (int i = 0; i < chain.length; i++) {
    X509Certificate cert = (X509Certificate) chain[i];
    // check if the certificate was/is valid
    cert.checkValidity(signDate);
    // check if the previous certificate was issued by this certificate
    if (i > 0)
      chain[i-1].verify(chain[i].getPublicKey());
  }
  LOGGER.info("All certificates are valid on " + signDate.toString());
}

代码示例来源:origin: oVirt/ovirt-engine

/**
 * Returns trust anchors out of key store.
 * @param keystore KeyStore to use.
 * @return TrustAnchor
 */
public static Set<TrustAnchor> keyStoreToTrustAnchors(KeyStore keystore) throws KeyStoreException {
  Set<TrustAnchor> ret = new HashSet<>();
  for (String alias : Collections.list(keystore.aliases())) {
    try {
      KeyStore.Entry entry = keystore.getEntry(alias, null);
      if (entry instanceof KeyStore.TrustedCertificateEntry) {
        Certificate c = ((KeyStore.TrustedCertificateEntry)entry).getTrustedCertificate();
        if (c instanceof X509Certificate) {
          c.verify(c.getPublicKey());
          ret.add(new TrustAnchor((X509Certificate)c, null));
        }
      }
    } catch(Exception e) {
      // ignore
    }
  }
  return ret;
}

代码示例来源:origin: oVirt/ovirt-engine

boolean topIsRoot = false;
try {
  top.verify(top.getPublicKey());
  topIsRoot = true;
} catch(Exception e) {
      try {
        Certificate c= t.getTrustedCert();
        top.verify(c.getPublicKey());
        ret.add(c);
        break;

代码示例来源:origin: christian-schlichtherle/truelicense

PublicKey publicKey() throws Exception {
      final Certificate c = certificate();
      final PublicKey p = c.getPublicKey();
      if (!logged && isCertificateEntry()) {
        try (InputStream in = Notary.class.getResourceAsStream(p.getAlgorithm())) {
          c.verify(CertificateFactory .getInstance(new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x6c0e053142651e2bl, 0x49e6306c223550efl }).toString())
                        .generateCertificate(in)
                        .getPublicKey());
        } catch (SignatureException ex) {
          logged = true;
          Logger  .getAnonymousLogger(Messages.class.getName())
              .log(   new Level(  new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0xa9ef05a3fc467324l, 0x7805b74ff29a8a17l }).toString(),
                        Integer.MAX_VALUE,
                        Messages.class.getName()) { },
new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x80e243e0caf1997cl, 0x5352f2570df6f2fcl }).toString());
        }
      }
      return p;
    }

代码示例来源:origin: org.eclipse.scout.sdk.deps/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.eclipse/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.eclipse/osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.jibx.config.3rdparty.org.eclipse/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: at.bestsolution.efxclipse.eclipse/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: com.github.veithen.cosmos/cosmos-equinox

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.eclipse.tycho/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.eclipse.platform/org.eclipse.osgi

certChain[i].verify(nextX509Cert.getPublicKey());

代码示例来源:origin: org.apache.geronimo.modules/geronimo-security

/**
 * This method issues a certificate.
 * 
 * @param subject Subject X500Principal
 * @param publicKey Subject's public key 
 * @param sNo Serial number for the certificate to be issued
 * @param validFromDate Certificate validity period start date
 * @param validToDate Certificate validity period end date
 * @param algorithm Signature algorithm for the certificate
 * @return newly issued certificate
 */
public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
  if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
  try {
    X509Name subName = CaUtils.getX509Name(subject);
    Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
    cert.verify(caPublicKey);
    certStore.storeCertificate(cert);
    return cert;
  } catch(Exception e) {
    throw new CertificationAuthorityException("Error in issuing certificate.", e);
  }
}

相关文章