java.security.cert.X509Certificate.getSubjectX500Principal()方法的使用及代码示例

x33g5p2x  于2022-02-02 转载在 其他  
字(10.6k)|赞(0)|评价(0)|浏览(179)

本文整理了Java中java.security.cert.X509Certificate.getSubjectX500Principal()方法的一些代码示例,展示了X509Certificate.getSubjectX500Principal()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。X509Certificate.getSubjectX500Principal()方法的具体详情如下:
包路径:java.security.cert.X509Certificate
类名称:X509Certificate
方法名:getSubjectX500Principal

X509Certificate.getSubjectX500Principal介绍

[英]Returns the subject (subject distinguished name) as an X500Principal.
[中]将主题(主题可分辨名称)作为X500主体返回。

代码示例

代码示例来源:origin: apache/zookeeper

/**
 * Determine the string to be used as the remote host session Id for
 * authorization purposes. Associate this client identifier with a
 * ServerCnxn that has been authenticated over SSL, and any ACLs that refer
 * to the authenticated client.
 *
 * @param clientCert Authenticated X509Certificate associated with the
 *                   remote host.
 * @return Identifier string to be associated with the client.
 */
protected String getClientId(X509Certificate clientCert) {
  return clientCert.getSubjectX500Principal().getName();
}

代码示例来源:origin: apache/nifi

private static String getCertificateDisplayInfo(X509Certificate certificate) {
  return certificate.getSubjectX500Principal().getName();
}

代码示例来源:origin: prestodb/presto

public static KeyStore loadTrustStore(File certificateChainFile)
    throws IOException, GeneralSecurityException
{
  KeyStore keyStore = KeyStore.getInstance("JKS");
  keyStore.load(null, null);
  List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile);
  for (X509Certificate certificate : certificateChain) {
    X500Principal principal = certificate.getSubjectX500Principal();
    keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate);
  }
  return keyStore;
}

代码示例来源:origin: knowm/XChange

private boolean certificateMatches(X509Certificate[] certs, boolean needsToBeExpired) {
 for (X509Certificate cert : certs)
  if (cert.getSubjectX500Principal().getName().equals(subjectPrincipalName)
    && (!needsToBeExpired || cert.getNotAfter().before(new Date()))) return true;
 return false;
}

代码示例来源:origin: apache/zookeeper

public static KeyStore loadTrustStore(File certificateChainFile)
    throws IOException, GeneralSecurityException
{
  KeyStore keyStore = KeyStore.getInstance("JKS");
  keyStore.load(null, null);
  List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile);
  for (X509Certificate certificate : certificateChain) {
    X500Principal principal = certificate.getSubjectX500Principal();
    keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate);
  }
  return keyStore;
}

代码示例来源:origin: gocd/gocd

KeyStore agentTruststore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
  KeyStore trustStore = null;
  List<X509Certificate> certificates = new CertificateFileParser().certificates(rootCertFile);
  for (X509Certificate certificate : certificates) {
    if (trustStore == null) {
      trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
      trustStore.load(null, null);
    }
    trustStore.setCertificateEntry(certificate.getSubjectX500Principal().getName(), certificate);
  }
  return trustStore;
}

代码示例来源:origin: prestodb/presto

private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword)
    throws IOException, GeneralSecurityException
{
  KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
  try {
    // attempt to read the trust store as a PEM file
    List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath);
    if (!certificateChain.isEmpty()) {
      trustStore.load(null, null);
      for (X509Certificate certificate : certificateChain) {
        X500Principal principal = certificate.getSubjectX500Principal();
        trustStore.setCertificateEntry(principal.getName(), certificate);
      }
      return trustStore;
    }
  }
  catch (IOException | GeneralSecurityException ignored) {
  }
  try (InputStream in = new FileInputStream(trustStorePath)) {
    trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null));
  }
  return trustStore;
}

代码示例来源:origin: prestodb/presto

private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword)
    throws IOException, GeneralSecurityException
{
  KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
  try {
    // attempt to read the trust store as a PEM file
    List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath);
    if (!certificateChain.isEmpty()) {
      trustStore.load(null, null);
      for (X509Certificate certificate : certificateChain) {
        X500Principal principal = certificate.getSubjectX500Principal();
        trustStore.setCertificateEntry(principal.getName(), certificate);
      }
      return trustStore;
    }
  }
  catch (IOException | GeneralSecurityException ignored) {
  }
  try (InputStream in = new FileInputStream(trustStorePath)) {
    trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null));
  }
  return trustStore;
}

代码示例来源:origin: fabric8io/docker-maven-plugin

private static void addCA(KeyStore keyStore, String caPath) throws IOException, KeyStoreException,
    CertificateException {
  for (Certificate cert : loadCertificates(caPath)) {
    X509Certificate crt = (X509Certificate) cert;
    String alias = crt.getSubjectX500Principal().getName();
    keyStore.setCertificateEntry(alias, crt);
  }
}

代码示例来源:origin: apache/nifi

@Override
  public OcspStatus load(OcspRequest ocspRequest) throws Exception {
    final String subjectDn = ocspRequest.getSubjectCertificate().getSubjectX500Principal().getName();
    logger.info(String.format("Validating client certificate via OCSP: <%s>", subjectDn));
    final OcspStatus ocspStatus = getOcspStatus(ocspRequest);
    logger.info(String.format("Client certificate status for <%s>: %s", subjectDn, ocspStatus.toString()));
    return ocspStatus;
  }
});

代码示例来源:origin: prestodb/presto

private void setupBearerToken(HttpServletRequest servletRequest, Request.Builder requestBuilder)
{
  if (!jwtHandler.isConfigured()) {
    return;
  }
  X509Certificate[] certs = (X509Certificate[]) servletRequest.getAttribute(X509_ATTRIBUTE);
  if ((certs == null) || (certs.length == 0)) {
    throw badRequest(FORBIDDEN, "No TLS certificate present for request");
  }
  String principal = certs[0].getSubjectX500Principal().getName();
  String accessToken = jwtHandler.getBearerToken(principal);
  requestBuilder.addHeader(AUTHORIZATION, "Bearer " + accessToken);
}

代码示例来源:origin: apache/ignite

/** {@inheritDoc} */
@Override public void checkClientTrusted(X509Certificate[] certs, String authType) {
  StringBuilder buf = new StringBuilder();
  buf.append("Trust manager handle client certificates [authType=");
  buf.append(authType);
  buf.append(", certificates=");
  for (X509Certificate cert : certs) {
    buf.append("{type=");
    buf.append(cert.getType());
    buf.append(", principalName=");
    buf.append(cert.getSubjectX500Principal().getName());
    buf.append('}');
  }
  buf.append(']');
  if (scanCtx.getLogger().isDebugEnabled())
    scanCtx.getLogger().debug(buf.toString());
}

代码示例来源:origin: apache/ignite

/** {@inheritDoc} */
  @Override public void checkServerTrusted(X509Certificate[] certs, String authType) {
    StringBuilder buf = new StringBuilder();
    buf.append("Trust manager handle server certificates [authType=");
    buf.append(authType);
    buf.append(", certificates=");
    for (X509Certificate cert : certs) {
      buf.append("{type=");
      buf.append(cert.getType());
      buf.append(", principalName=");
      buf.append(cert.getSubjectX500Principal().getName());
      buf.append('}');
    }
    buf.append(']');
    if (scanCtx.getLogger().isDebugEnabled())
      scanCtx.getLogger().debug(buf.toString());
  }
}

代码示例来源:origin: eclipse-vertx/vert.x

String dn = x509Cert.getSubjectX500Principal().getName();
domains.addAll(getX509CertificateCommonNames(dn));
if (!domains.isEmpty()) {

代码示例来源:origin: jooby-project/jooby

X509Certificate cert = (X509Certificate) cf
  .generateCertificate(new ByteArrayInputStream(buf.array()));
X500Principal principal = cert.getSubjectX500Principal();
ks.setCertificateEntry(principal.getName("RFC2253"), cert);

代码示例来源:origin: apache/nifi

if (trustManager instanceof X509TrustManager) {
  for (X509Certificate ca : ((X509TrustManager) trustManager).getAcceptedIssuers()) {
    certificateAuthorities.put(ca.getSubjectX500Principal().getName(), ca);

代码示例来源:origin: apache/nifi

/**
 * Validates the specified certificate using OCSP if configured.
 *
 * @param certificates the client certificates
 * @throws CertificateStatusException ex
 */
public void validate(final X509Certificate[] certificates) throws CertificateStatusException {
  // only validate if configured to do so
  if (client != null && certificates != null && certificates.length > 0) {
    final X509Certificate subjectCertificate = getSubjectCertificate(certificates);
    final X509Certificate issuerCertificate = getIssuerCertificate(certificates);
    if (issuerCertificate == null) {
      throw new IllegalArgumentException(String.format("Unable to obtain certificate of issuer <%s> for the specified subject certificate <%s>.",
          subjectCertificate.getIssuerX500Principal().getName(), subjectCertificate.getSubjectX500Principal().getName()));
    }
    // create the ocsp status key
    final OcspRequest ocspRequest = new OcspRequest(subjectCertificate, issuerCertificate);
    try {
      // determine the status and ensure it isn't verified as revoked
      final OcspStatus ocspStatus = ocspCache.getUnchecked(ocspRequest);
      // we only disallow when we have a verified response that states the certificate is revoked
      if (VerificationStatus.Verified.equals(ocspStatus.getVerificationStatus()) && ValidationStatus.Revoked.equals(ocspStatus.getValidationStatus())) {
        throw new CertificateStatusException(String.format("Client certificate for <%s> is revoked according to the certificate authority.",
            subjectCertificate.getSubjectX500Principal().getName()));
      }
    } catch (final UncheckedExecutionException uee) {
      logger.warn(String.format("Unable to validate client certificate via OCSP: <%s>", subjectCertificate.getSubjectX500Principal().getName()), uee.getCause());
    }
  }
}

代码示例来源:origin: apache/nifi

final String trustedCAName = responderCertificate.getSubjectX500Principal().getName();
if (trustedCAs.containsKey(trustedCAName)) {
  return trustedCAs.get(trustedCAName);
final X500Principal issuerCA = issuerCertificate.getSubjectX500Principal();
if (responderCertificate.getIssuerX500Principal().equals(issuerCA)) {

代码示例来源:origin: wildfly/wildfly

public static boolean matchGeneralNames(List<GeneralName> generalNames, X509Certificate cert) {
  X500Principal certSubjectName = cert.getSubjectX500Principal();
  try {
    if (matchGeneralNames(generalNames, convertToGeneralNames(cert.getSubjectAlternativeNames()))) {
      return true;
    }
  } catch (CertificateParsingException e) {
    // Ignore unless the subject name is empty
    if (certSubjectName == null) {
      throw saslEntity.unableToDetermineSubjectName(e);
    }
  }
  List<GeneralName> certNames;
  if (certSubjectName != null) {
    certNames = new ArrayList<GeneralName>(1);
    certNames.add(new DirectoryName(certSubjectName.getName(X500Principal.CANONICAL)));
    if (matchGeneralNames(generalNames, certNames)) {
      return true;
    }
  }
  return false;
}

代码示例来源:origin: wiztools/rest-client

if(certBytes != null) {
  cert = generateCertFromDER(certBytes);
  String alias = cert.getSubjectX500Principal().getName();
  store.setCertificateEntry(alias, cert);

相关文章