本文整理了Java中java.security.cert.Certificate.verify()
方法的一些代码示例,展示了Certificate.verify()
的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Certificate.verify()
方法的具体详情如下:
包路径:java.security.cert.Certificate
类名称:Certificate
方法名:verify
[英]Verifies that this certificate was signed with the given public key.
[中]验证此证书是否使用给定的公钥签名。
代码示例来源:origin: gocd/gocd
boolean verifySigned(File keystore, Certificate agentCertificate) {
try {
KeyStore store = KeyStore.getInstance("JKS");
FileInputStream inputStream = new FileInputStream(keystore);
store.load(inputStream, PASSWORD_AS_CHAR_ARRAY);
IOUtils.closeQuietly(inputStream);
KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate",
new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY));
Certificate intermediateCertificate = intermediateEntry.getCertificate();
agentCertificate.verify(intermediateCertificate.getPublicKey());
return true;
} catch (Exception e) {
return false;
}
}
代码示例来源:origin: stackoverflow.com
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws CertificateException {
if (certs == null || certs.length == 0) {
throw new IllegalArgumentException("null or zero-length certificate chain");
}
if (authType == null || authType.length() == 0) {
throw new IllegalArgumentException("null or zero-length authentication type");
}
//Check if certificate send is your CA's
if(!certs[0].equals(caCertificate)){
try
{ //Not your CA's. Check if it has been signed by your CA
certs[0].verify(caCertificate.getPublicKey())
}
catch(Exception e){
throw new CertificateException("Certificate not trusted",e);
}
}
//If we end here certificate is trusted. Check if it has expired.
try{
certs[0].checkValidity();
}
catch(Exception e){
throw new CertificateException("Certificate not trusted. It has expired",e);
}
}
代码示例来源:origin: oVirt/moVirt
public static boolean isCA(Certificate certificate) {
try {
certificate.verify(certificate.getPublicKey());
} catch (Exception e) {
return false;
}
return true;
}
代码示例来源:origin: itext/itext7
/**
* Checks the certificates in a certificate chain:
* are they valid on a specific date, and
* do they chain up correctly?
* @param chain the certificate chain
* @throws GeneralSecurityException
*/
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
// Loop over the certificates in the chain
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = (X509Certificate) chain[i];
// check if the certificate was/is valid
cert.checkValidity(signDate);
// check if the previous certificate was issued by this certificate
if (i > 0)
chain[i-1].verify(chain[i].getPublicKey());
}
LOGGER.info("All certificates are valid on " + signDate.toString());
}
代码示例来源:origin: com.itextpdf/sign
/**
* Checks the certificates in a certificate chain:
* are they valid on a specific date, and
* do they chain up correctly?
* @param chain the certificate chain
* @throws GeneralSecurityException
*/
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
// Loop over the certificates in the chain
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = (X509Certificate) chain[i];
// check if the certificate was/is valid
cert.checkValidity(signDate);
// check if the previous certificate was issued by this certificate
if (i > 0)
chain[i-1].verify(chain[i].getPublicKey());
}
LOGGER.info("All certificates are valid on " + signDate.toString());
}
代码示例来源:origin: com.itextpdf/itextpdf
/**
* Checks the certificates in a certificate chain:
* are they valid on a specific date, and
* do they chain up correctly?
* @param chain
* @throws GeneralSecurityException
*/
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
// Loop over the certificates in the chain
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = (X509Certificate) chain[i];
// check if the certificate was/is valid
cert.checkValidity(signDate);
// check if the previous certificate was issued by this certificate
if (i > 0)
chain[i-1].verify(chain[i].getPublicKey());
}
LOGGER.info("All certificates are valid on " + signDate.toString());
}
代码示例来源:origin: AndroidHardening/Auditor
private static void verifyCertificateSignatures(Certificate[] certChain)
throws GeneralSecurityException {
for (int i = 1; i < certChain.length; ++i) {
final PublicKey pubKey = certChain[i].getPublicKey();
try {
((X509Certificate) certChain[i - 1]).checkValidity();
certChain[i - 1].verify(pubKey);
} catch (InvalidKeyException | CertificateException | NoSuchAlgorithmException
| NoSuchProviderException | SignatureException e) {
throw new GeneralSecurityException("Failed to verify certificate "
+ certChain[i - 1] + " with public key " + certChain[i].getPublicKey(), e);
}
if (i == certChain.length - 1) {
// Last cert is self-signed.
try {
((X509Certificate) certChain[i]).checkValidity();
certChain[i].verify(pubKey);
} catch (CertificateException e) {
throw new GeneralSecurityException(
"Root cert " + certChain[i] + " is not correctly self-signed", e);
}
}
}
}
代码示例来源:origin: com.itextpdf/itextg
/**
* Checks the certificates in a certificate chain:
* are they valid on a specific date, and
* do they chain up correctly?
* @param chain
* @throws GeneralSecurityException
*/
public void verifyChain(Certificate[] chain) throws GeneralSecurityException {
// Loop over the certificates in the chain
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = (X509Certificate) chain[i];
// check if the certificate was/is valid
cert.checkValidity(signDate);
// check if the previous certificate was issued by this certificate
if (i > 0)
chain[i-1].verify(chain[i].getPublicKey());
}
LOGGER.info("All certificates are valid on " + signDate.toString());
}
代码示例来源:origin: oVirt/ovirt-engine
/**
* Returns trust anchors out of key store.
* @param keystore KeyStore to use.
* @return TrustAnchor
*/
public static Set<TrustAnchor> keyStoreToTrustAnchors(KeyStore keystore) throws KeyStoreException {
Set<TrustAnchor> ret = new HashSet<>();
for (String alias : Collections.list(keystore.aliases())) {
try {
KeyStore.Entry entry = keystore.getEntry(alias, null);
if (entry instanceof KeyStore.TrustedCertificateEntry) {
Certificate c = ((KeyStore.TrustedCertificateEntry)entry).getTrustedCertificate();
if (c instanceof X509Certificate) {
c.verify(c.getPublicKey());
ret.add(new TrustAnchor((X509Certificate)c, null));
}
}
} catch(Exception e) {
// ignore
}
}
return ret;
}
代码示例来源:origin: oVirt/ovirt-engine
boolean topIsRoot = false;
try {
top.verify(top.getPublicKey());
topIsRoot = true;
} catch(Exception e) {
try {
Certificate c= t.getTrustedCert();
top.verify(c.getPublicKey());
ret.add(c);
break;
代码示例来源:origin: christian-schlichtherle/truelicense
PublicKey publicKey() throws Exception {
final Certificate c = certificate();
final PublicKey p = c.getPublicKey();
if (!logged && isCertificateEntry()) {
try (InputStream in = Notary.class.getResourceAsStream(p.getAlgorithm())) {
c.verify(CertificateFactory .getInstance(new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x6c0e053142651e2bl, 0x49e6306c223550efl }).toString())
.generateCertificate(in)
.getPublicKey());
} catch (SignatureException ex) {
logged = true;
Logger .getAnonymousLogger(Messages.class.getName())
.log( new Level( new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0xa9ef05a3fc467324l, 0x7805b74ff29a8a17l }).toString(),
Integer.MAX_VALUE,
Messages.class.getName()) { },
new global.namespace.truelicense.obfuscate.ObfuscatedString(new long[] { 0x80e243e0caf1997cl, 0x5352f2570df6f2fcl }).toString());
}
}
return p;
}
代码示例来源:origin: org.eclipse.scout.sdk.deps/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.eclipse/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.eclipse/osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.jibx.config.3rdparty.org.eclipse/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: at.bestsolution.efxclipse.eclipse/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: com.github.veithen.cosmos/cosmos-equinox
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.eclipse.tycho/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.eclipse.platform/org.eclipse.osgi
certChain[i].verify(nextX509Cert.getPublicKey());
代码示例来源:origin: org.apache.geronimo.modules/geronimo-security
/**
* This method issues a certificate.
*
* @param subject Subject X500Principal
* @param publicKey Subject's public key
* @param sNo Serial number for the certificate to be issued
* @param validFromDate Certificate validity period start date
* @param validToDate Certificate validity period end date
* @param algorithm Signature algorithm for the certificate
* @return newly issued certificate
*/
public Certificate issueCertificate(X500Principal subject, PublicKey publicKey, BigInteger sNo, Date validFromDate, Date validToDate, String algorithm) throws CertificationAuthorityException{
if(isLocked()) throw new CertificationAuthorityException("CA is locked.");
try {
X509Name subName = CaUtils.getX509Name(subject);
Certificate cert = issueCertificate(subName, caName, sNo, publicKey, caPrivateKey, validFromDate, validToDate, algorithm);
cert.verify(caPublicKey);
certStore.storeCertificate(cert);
return cert;
} catch(Exception e) {
throw new CertificationAuthorityException("Error in issuing certificate.", e);
}
}
内容来源于网络,如有侵权,请联系作者删除!