Java Code Examples for java.security.cert.X509Certificate#getIssuerDN()
The following examples show how to use
java.security.cert.X509Certificate#getIssuerDN() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example 2
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example 3
| Source File: PKCS7.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 4
| Source File: PKCS7.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 5
| Source File: X509CertificateShortInfo.java From oxTrust with MIT License | 5 votes |
|
public X509CertificateShortInfo(String alias, X509Certificate cert) {
this.alias = alias;
if (cert.getIssuerDN() != null)
issuer = cert.getIssuerDN().getName();
if (cert.getSubjectDN() != null)
subject = cert.getSubjectDN().getName();
algorithm = cert.getSigAlgName();
notBeforeDatetime = cert.getNotBefore();
notAfterDatetime = cert.getNotAfter();
updateViewStyle();
}
Example 6
| Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example 7
| Source File: PKCS7.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 8
| Source File: PKCS7.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 9
| Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example 10
| Source File: AntCertificationUtil.java From alipay-sdk-java-all with Apache License 2.0 | 5 votes |
|
/**
* 向上构造证书链
*
* @param subjectMap 主题和证书的映射
* @param certChain 证书链
* @param current 当前需要插入证书链的证书,include
*/
private static void addressingUp(final Map<Principal, X509Certificate> subjectMap, List<X509Certificate> certChain,
final X509Certificate current) {
certChain.add(0, current);
if (isSelfSigned(current)) {
return;
}
Principal issuerDN = current.getIssuerDN();
X509Certificate issuer = subjectMap.get(issuerDN);
if (issuer == null) {
return;
}
addressingUp(subjectMap, certChain, issuer);
}
Example 11
| Source File: PKCS7.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 12
| Source File: Main.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example 13
| Source File: PKCS7.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 14
| Source File: PKCS7.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 15
| Source File: PKCS7.java From j2objc with Apache License 2.0 | 5 votes |
|
/**
* Populate array of Issuer DNs from certificates and convert
* each Principal to type X500Name if necessary.
*/
private void populateCertIssuerNames() {
if (certificates == null)
return;
certIssuerNames = new Principal[certificates.length];
for (int i = 0; i < certificates.length; i++) {
X509Certificate cert = certificates[i];
Principal certIssuerName = cert.getIssuerDN();
if (!(certIssuerName instanceof X500Name)) {
// must extract the original encoded form of DN for
// subsequent name comparison checks (converting to a
// String and back to an encoded DN could cause the
// types of String attribute values to be changed)
try {
X509CertInfo tbsCert =
new X509CertInfo(cert.getTBSCertificate());
certIssuerName = (Principal)
tbsCert.get(X509CertInfo.ISSUER + "." +
X509CertInfo.DN_NAME);
} catch (Exception e) {
// error generating X500Name object from the cert's
// issuer DN, leave name as is.
}
}
certIssuerNames[i] = certIssuerName;
}
}
Example 16
| Source File: SignerInfo.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
public ArrayList<X509Certificate> getCertificateChain(PKCS7 block)
throws IOException
{
X509Certificate userCert;
userCert = block.getCertificate(certificateSerialNumber, issuerName);
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
if (pkcsCerts == null
|| userCert.getSubjectDN().equals(userCert.getIssuerDN())) {
return certList;
}
Principal issuer = userCert.getIssuerDN();
int start = 0;
while (true) {
boolean match = false;
int i = start;
while (i < pkcsCerts.length) {
if (issuer.equals(pkcsCerts[i].getSubjectDN())) {
// next cert in chain found
certList.add(pkcsCerts[i]);
// if selected cert is self-signed, we're done
// constructing the chain
if (pkcsCerts[i].getSubjectDN().equals(
pkcsCerts[i].getIssuerDN())) {
start = pkcsCerts.length;
} else {
issuer = pkcsCerts[i].getIssuerDN();
X509Certificate tmpCert = pkcsCerts[start];
pkcsCerts[start] = pkcsCerts[i];
pkcsCerts[i] = tmpCert;
start++;
}
match = true;
break;
} else {
i++;
}
}
if (!match)
break;
}
return certList;
}
Example 17
| Source File: SignerInfo.java From j2objc with Apache License 2.0 | 4 votes |
|
public ArrayList<X509Certificate> getCertificateChain(PKCS7 block)
throws IOException
{
X509Certificate userCert;
userCert = block.getCertificate(certificateSerialNumber, issuerName);
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
if (pkcsCerts == null
|| userCert.getSubjectDN().equals(userCert.getIssuerDN())) {
return certList;
}
Principal issuer = userCert.getIssuerDN();
int start = 0;
while (true) {
boolean match = false;
int i = start;
while (i < pkcsCerts.length) {
if (issuer.equals(pkcsCerts[i].getSubjectDN())) {
// next cert in chain found
certList.add(pkcsCerts[i]);
// if selected cert is self-signed, we're done
// constructing the chain
if (pkcsCerts[i].getSubjectDN().equals(
pkcsCerts[i].getIssuerDN())) {
start = pkcsCerts.length;
} else {
issuer = pkcsCerts[i].getIssuerDN();
X509Certificate tmpCert = pkcsCerts[start];
pkcsCerts[start] = pkcsCerts[i];
pkcsCerts[i] = tmpCert;
start++;
}
match = true;
break;
} else {
i++;
}
}
if (!match)
break;
}
return certList;
}
Example 18
| Source File: SignerInfo.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
public ArrayList<X509Certificate> getCertificateChain(PKCS7 block)
throws IOException
{
X509Certificate userCert;
userCert = block.getCertificate(certificateSerialNumber, issuerName);
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
if (pkcsCerts == null
|| userCert.getSubjectDN().equals(userCert.getIssuerDN())) {
return certList;
}
Principal issuer = userCert.getIssuerDN();
int start = 0;
while (true) {
boolean match = false;
int i = start;
while (i < pkcsCerts.length) {
if (issuer.equals(pkcsCerts[i].getSubjectDN())) {
// next cert in chain found
certList.add(pkcsCerts[i]);
// if selected cert is self-signed, we're done
// constructing the chain
if (pkcsCerts[i].getSubjectDN().equals(
pkcsCerts[i].getIssuerDN())) {
start = pkcsCerts.length;
} else {
issuer = pkcsCerts[i].getIssuerDN();
X509Certificate tmpCert = pkcsCerts[start];
pkcsCerts[start] = pkcsCerts[i];
pkcsCerts[i] = tmpCert;
start++;
}
match = true;
break;
} else {
i++;
}
}
if (!match)
break;
}
return certList;
}
Example 19
| Source File: SignerInfo.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
public ArrayList<X509Certificate> getCertificateChain(PKCS7 block)
throws IOException
{
X509Certificate userCert;
userCert = block.getCertificate(certificateSerialNumber, issuerName);
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<X509Certificate>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
if (pkcsCerts == null
|| userCert.getSubjectDN().equals(userCert.getIssuerDN())) {
return certList;
}
Principal issuer = userCert.getIssuerDN();
int start = 0;
while (true) {
boolean match = false;
int i = start;
while (i < pkcsCerts.length) {
if (issuer.equals(pkcsCerts[i].getSubjectDN())) {
// next cert in chain found
certList.add(pkcsCerts[i]);
// if selected cert is self-signed, we're done
// constructing the chain
if (pkcsCerts[i].getSubjectDN().equals(
pkcsCerts[i].getIssuerDN())) {
start = pkcsCerts.length;
} else {
issuer = pkcsCerts[i].getIssuerDN();
X509Certificate tmpCert = pkcsCerts[start];
pkcsCerts[start] = pkcsCerts[i];
pkcsCerts[i] = tmpCert;
start++;
}
match = true;
break;
} else {
i++;
}
}
if (!match)
break;
}
return certList;
}
Example 20
| Source File: SignerInfo.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
public ArrayList<X509Certificate> getCertificateChain(PKCS7 block)
throws IOException
{
X509Certificate userCert;
userCert = block.getCertificate(certificateSerialNumber, issuerName);
if (userCert == null)
return null;
ArrayList<X509Certificate> certList = new ArrayList<>();
certList.add(userCert);
X509Certificate[] pkcsCerts = block.getCertificates();
if (pkcsCerts == null
|| userCert.getSubjectDN().equals(userCert.getIssuerDN())) {
return certList;
}
Principal issuer = userCert.getIssuerDN();
int start = 0;
while (true) {
boolean match = false;
int i = start;
while (i < pkcsCerts.length) {
if (issuer.equals(pkcsCerts[i].getSubjectDN())) {
// next cert in chain found
certList.add(pkcsCerts[i]);
// if selected cert is self-signed, we're done
// constructing the chain
if (pkcsCerts[i].getSubjectDN().equals(
pkcsCerts[i].getIssuerDN())) {
start = pkcsCerts.length;
} else {
issuer = pkcsCerts[i].getIssuerDN();
X509Certificate tmpCert = pkcsCerts[start];
pkcsCerts[start] = pkcsCerts[i];
pkcsCerts[i] = tmpCert;
start++;
}
match = true;
break;
} else {
i++;
}
}
if (!match)
break;
}
return certList;
}
