本文整理了Java中java.security.cert.X509Certificate.getSubjectX500Principal()
方法的一些代码示例,展示了X509Certificate.getSubjectX500Principal()
的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。X509Certificate.getSubjectX500Principal()
方法的具体详情如下:
包路径:java.security.cert.X509Certificate
类名称:X509Certificate
方法名:getSubjectX500Principal
[英]Returns the subject (subject distinguished name) as an X500Principal.
[中]将主题(主题可分辨名称)作为X500主体返回。
代码示例来源:origin: apache/zookeeper
/**
* Determine the string to be used as the remote host session Id for
* authorization purposes. Associate this client identifier with a
* ServerCnxn that has been authenticated over SSL, and any ACLs that refer
* to the authenticated client.
*
* @param clientCert Authenticated X509Certificate associated with the
* remote host.
* @return Identifier string to be associated with the client.
*/
protected String getClientId(X509Certificate clientCert) {
return clientCert.getSubjectX500Principal().getName();
}
代码示例来源:origin: apache/nifi
private static String getCertificateDisplayInfo(X509Certificate certificate) {
return certificate.getSubjectX500Principal().getName();
}
代码示例来源:origin: prestodb/presto
public static KeyStore loadTrustStore(File certificateChainFile)
throws IOException, GeneralSecurityException
{
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile);
for (X509Certificate certificate : certificateChain) {
X500Principal principal = certificate.getSubjectX500Principal();
keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate);
}
return keyStore;
}
代码示例来源:origin: knowm/XChange
private boolean certificateMatches(X509Certificate[] certs, boolean needsToBeExpired) {
for (X509Certificate cert : certs)
if (cert.getSubjectX500Principal().getName().equals(subjectPrincipalName)
&& (!needsToBeExpired || cert.getNotAfter().before(new Date()))) return true;
return false;
}
代码示例来源:origin: apache/zookeeper
public static KeyStore loadTrustStore(File certificateChainFile)
throws IOException, GeneralSecurityException
{
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile);
for (X509Certificate certificate : certificateChain) {
X500Principal principal = certificate.getSubjectX500Principal();
keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate);
}
return keyStore;
}
代码示例来源:origin: gocd/gocd
KeyStore agentTruststore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
KeyStore trustStore = null;
List<X509Certificate> certificates = new CertificateFileParser().certificates(rootCertFile);
for (X509Certificate certificate : certificates) {
if (trustStore == null) {
trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
}
trustStore.setCertificateEntry(certificate.getSubjectX500Principal().getName(), certificate);
}
return trustStore;
}
代码示例来源:origin: prestodb/presto
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword)
throws IOException, GeneralSecurityException
{
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try {
// attempt to read the trust store as a PEM file
List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath);
if (!certificateChain.isEmpty()) {
trustStore.load(null, null);
for (X509Certificate certificate : certificateChain) {
X500Principal principal = certificate.getSubjectX500Principal();
trustStore.setCertificateEntry(principal.getName(), certificate);
}
return trustStore;
}
}
catch (IOException | GeneralSecurityException ignored) {
}
try (InputStream in = new FileInputStream(trustStorePath)) {
trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null));
}
return trustStore;
}
代码示例来源:origin: prestodb/presto
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword)
throws IOException, GeneralSecurityException
{
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try {
// attempt to read the trust store as a PEM file
List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath);
if (!certificateChain.isEmpty()) {
trustStore.load(null, null);
for (X509Certificate certificate : certificateChain) {
X500Principal principal = certificate.getSubjectX500Principal();
trustStore.setCertificateEntry(principal.getName(), certificate);
}
return trustStore;
}
}
catch (IOException | GeneralSecurityException ignored) {
}
try (InputStream in = new FileInputStream(trustStorePath)) {
trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null));
}
return trustStore;
}
代码示例来源:origin: fabric8io/docker-maven-plugin
private static void addCA(KeyStore keyStore, String caPath) throws IOException, KeyStoreException,
CertificateException {
for (Certificate cert : loadCertificates(caPath)) {
X509Certificate crt = (X509Certificate) cert;
String alias = crt.getSubjectX500Principal().getName();
keyStore.setCertificateEntry(alias, crt);
}
}
代码示例来源:origin: apache/nifi
@Override
public OcspStatus load(OcspRequest ocspRequest) throws Exception {
final String subjectDn = ocspRequest.getSubjectCertificate().getSubjectX500Principal().getName();
logger.info(String.format("Validating client certificate via OCSP: <%s>", subjectDn));
final OcspStatus ocspStatus = getOcspStatus(ocspRequest);
logger.info(String.format("Client certificate status for <%s>: %s", subjectDn, ocspStatus.toString()));
return ocspStatus;
}
});
代码示例来源:origin: prestodb/presto
private void setupBearerToken(HttpServletRequest servletRequest, Request.Builder requestBuilder)
{
if (!jwtHandler.isConfigured()) {
return;
}
X509Certificate[] certs = (X509Certificate[]) servletRequest.getAttribute(X509_ATTRIBUTE);
if ((certs == null) || (certs.length == 0)) {
throw badRequest(FORBIDDEN, "No TLS certificate present for request");
}
String principal = certs[0].getSubjectX500Principal().getName();
String accessToken = jwtHandler.getBearerToken(principal);
requestBuilder.addHeader(AUTHORIZATION, "Bearer " + accessToken);
}
代码示例来源:origin: apache/ignite
/** {@inheritDoc} */
@Override public void checkClientTrusted(X509Certificate[] certs, String authType) {
StringBuilder buf = new StringBuilder();
buf.append("Trust manager handle client certificates [authType=");
buf.append(authType);
buf.append(", certificates=");
for (X509Certificate cert : certs) {
buf.append("{type=");
buf.append(cert.getType());
buf.append(", principalName=");
buf.append(cert.getSubjectX500Principal().getName());
buf.append('}');
}
buf.append(']');
if (scanCtx.getLogger().isDebugEnabled())
scanCtx.getLogger().debug(buf.toString());
}
代码示例来源:origin: apache/ignite
/** {@inheritDoc} */
@Override public void checkServerTrusted(X509Certificate[] certs, String authType) {
StringBuilder buf = new StringBuilder();
buf.append("Trust manager handle server certificates [authType=");
buf.append(authType);
buf.append(", certificates=");
for (X509Certificate cert : certs) {
buf.append("{type=");
buf.append(cert.getType());
buf.append(", principalName=");
buf.append(cert.getSubjectX500Principal().getName());
buf.append('}');
}
buf.append(']');
if (scanCtx.getLogger().isDebugEnabled())
scanCtx.getLogger().debug(buf.toString());
}
}
代码示例来源:origin: eclipse-vertx/vert.x
String dn = x509Cert.getSubjectX500Principal().getName();
domains.addAll(getX509CertificateCommonNames(dn));
if (!domains.isEmpty()) {
代码示例来源:origin: jooby-project/jooby
X509Certificate cert = (X509Certificate) cf
.generateCertificate(new ByteArrayInputStream(buf.array()));
X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert);
代码示例来源:origin: apache/nifi
if (trustManager instanceof X509TrustManager) {
for (X509Certificate ca : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
certificateAuthorities.put(ca.getSubjectX500Principal().getName(), ca);
代码示例来源:origin: apache/nifi
/**
* Validates the specified certificate using OCSP if configured.
*
* @param certificates the client certificates
* @throws CertificateStatusException ex
*/
public void validate(final X509Certificate[] certificates) throws CertificateStatusException {
// only validate if configured to do so
if (client != null && certificates != null && certificates.length > 0) {
final X509Certificate subjectCertificate = getSubjectCertificate(certificates);
final X509Certificate issuerCertificate = getIssuerCertificate(certificates);
if (issuerCertificate == null) {
throw new IllegalArgumentException(String.format("Unable to obtain certificate of issuer <%s> for the specified subject certificate <%s>.",
subjectCertificate.getIssuerX500Principal().getName(), subjectCertificate.getSubjectX500Principal().getName()));
}
// create the ocsp status key
final OcspRequest ocspRequest = new OcspRequest(subjectCertificate, issuerCertificate);
try {
// determine the status and ensure it isn't verified as revoked
final OcspStatus ocspStatus = ocspCache.getUnchecked(ocspRequest);
// we only disallow when we have a verified response that states the certificate is revoked
if (VerificationStatus.Verified.equals(ocspStatus.getVerificationStatus()) && ValidationStatus.Revoked.equals(ocspStatus.getValidationStatus())) {
throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.",
subjectCertificate.getSubjectX500Principal().getName()));
}
} catch (final UncheckedExecutionException uee) {
logger.warn(String.format("Unable to validate client certificate via OCSP: <%s>", subjectCertificate.getSubjectX500Principal().getName()), uee.getCause());
}
}
}
代码示例来源:origin: apache/nifi
final String trustedCAName = responderCertificate.getSubjectX500Principal().getName();
if (trustedCAs.containsKey(trustedCAName)) {
return trustedCAs.get(trustedCAName);
final X500Principal issuerCA = issuerCertificate.getSubjectX500Principal();
if (responderCertificate.getIssuerX500Principal().equals(issuerCA)) {
代码示例来源:origin: wildfly/wildfly
public static boolean matchGeneralNames(List<GeneralName> generalNames, X509Certificate cert) {
X500Principal certSubjectName = cert.getSubjectX500Principal();
try {
if (matchGeneralNames(generalNames, convertToGeneralNames(cert.getSubjectAlternativeNames()))) {
return true;
}
} catch (CertificateParsingException e) {
// Ignore unless the subject name is empty
if (certSubjectName == null) {
throw saslEntity.unableToDetermineSubjectName(e);
}
}
List<GeneralName> certNames;
if (certSubjectName != null) {
certNames = new ArrayList<GeneralName>(1);
certNames.add(new DirectoryName(certSubjectName.getName(X500Principal.CANONICAL)));
if (matchGeneralNames(generalNames, certNames)) {
return true;
}
}
return false;
}
代码示例来源:origin: wiztools/rest-client
if(certBytes != null) {
cert = generateCertFromDER(certBytes);
String alias = cert.getSubjectX500Principal().getName();
store.setCertificateEntry(alias, cert);
内容来源于网络,如有侵权,请联系作者删除!