`java.security.cert`是**Java提供用于处理X.509证书以及相关操作的包**

已于 2024-05-24 23:08:08 修改
阅读量763 收藏 1
点赞数 1
分类专栏: Android(Andy Rubin) Job(a good job programmer) Java(Advanced Message Queue) 文章标签: java
于 2020-05-12 20:57:33 首次发布
原文链接:https://developer.android.google.cn/reference/java/security/cert/package-summary
版权

java.security.certJava提供用于处理X.509证书以及相关操作的包

该包提供了一系列的类和接口,用于解析和管理X.509证书、证书吊销列表(CRL)和证书路径。它支持Java加密架构(JCA)规范、RFC 5280(定义了X.509公钥和属性证书的互联网标准)、以及RFC 2560(定义了X.509证书和CRL的分发点)等标准。

在实际应用中,比如配置Tomcat服务器的SSL时,可能会涉及到使用java.security.cert包中的类来处理客户证书和服务器信任证书列表。如果在登录过程中出现错误,可能是由于服务器端的证书和服务器端的信任证书配置有误等原因。

此外,java.security.cert.CertificateException是一个异常类,它在处理数字证书时发生异常的情况下被抛出。这通常涉及到证书的验证问题,如证书路径验证失败、证书已过期等情况。

综上所述,java.security.cert包在Java安全编程中扮演着重要的角色,特别是在进行SSL/TLS通信和证书验证时。
Provides classes and interfaces for parsing and managing certificates, certificate revocation lists (CRLs), and certification paths. It contains support for X.509 v3 certificates and X.509 v2 CRLs.
Package Specification

Java™ Cryptography Architecture (JCA) Reference Guide
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
Java™ Cryptography Architecture Standard Algorithm Name Documentation

Related Documentation
For information about X.509 certificates and CRLs, please see:

http://www.ietf.org/rfc/rfc5280.txt
Java™ PKI Programmer's Guide
X.509 Certificates and Certificate Revocation Lists (CRLs)

Interfaces
CertPathBuilderResult A specification of the result of a certification path builder algorithm.
CertPathChecker

Performs one or more checks on each Certificate of a CertPath.
CertPathParameters A specification of certification path algorithm parameters.
CertPathValidatorException.Reason The reason the validation algorithm failed.
CertPathValidatorResult A specification of the result of a certification path validator algorithm.
CertSelector A selector that defines a set of criteria for selecting Certificates.
CertStoreParameters A specification of CertStore parameters.
CRLSelector A selector that defines a set of criteria for selecting CRLs.
Extension This interface represents an X.509 extension.
PolicyNode An immutable valid policy tree node as defined by the PKIX certification path validation algorithm.
X509Extension Interface for an X.509 extension.
Classes
Certificate

Abstract class for managing a variety of identity certificates.
Certificate.CertificateRep Alternate Certificate class for serialization.
CertificateFactory This class defines the functionality of a certificate factory, which is used to generate certificate, certification path (CertPath) and certificate revocation list (CRL) objects from their encodings.
CertificateFactorySpi This class defines the Service Provider Interface (SPI) for the CertificateFactory class.
CertPath An immutable sequence of certificates (a certification path).
CertPath.CertPathRep Alternate CertPath class for serialization.
CertPathBuilder A class for building certification paths (also known as certificate chains).
CertPathBuilderSpi The Service Provider Interface (SPI) for the CertPathBuilder class.
CertPathValidator A class for validating certification paths (also known as certificate chains).
CertPathValidatorSpi The Service Provider Interface (SPI) for the CertPathValidator class.
CertStore A class for retrieving Certificates and CRLs from a repository.
CertStoreSpi The Service Provider Interface (SPI) for the CertStore class.
CollectionCertStoreParameters Parameters used as input for the Collection CertStore algorithm.
CRL This class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses.
LDAPCertStoreParameters Parameters used as input for the LDAP CertStore algorithm.
PKIXBuilderParameters Parameters used as input for the PKIX CertPathBuilder algorithm.
PKIXCertPathBuilderResult This class represents the successful result of the PKIX certification path builder algorithm.
PKIXCertPathChecker An abstract class that performs one or more checks on an X509Certificate.
PKIXCertPathValidatorResult This class represents the successful result of the PKIX certification path validation algorithm.
PKIXParameters Parameters used as input for the PKIX CertPathValidator algorithm.
PKIXRevocationChecker A PKIXCertPathChecker for checking the revocation status of certificates with the PKIX algorithm.
PolicyQualifierInfo An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo structure.
TrustAnchor A trust anchor or most-trusted Certification Authority (CA).
X509Certificate

Abstract class for X.509 certificates.
X509CertSelector A CertSelector that selects X509Certificates that match all specified criteria.
X509CRL

Abstract class for an X.509 Certificate Revocation List (CRL).
X509CRLEntry

Abstract class for a revoked certificate in a CRL (Certificate Revocation List).
X509CRLSelector A CRLSelector that selects X509CRLs that match all specified criteria.
Enums
CertPathValidatorException.BasicReason The BasicReason enumerates the potential reasons that a certification path of any type may be invalid.
CRLReason The CRLReason enumeration specifies the reason that a certificate is revoked, as defined in RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
PKIXReason The PKIXReason enumerates the potential PKIX-specific reasons that an X.509 certification path may be invalid according to the PKIX (RFC 3280) standard.
PKIXRevocationChecker.Option Various revocation options that can be specified for the revocation checking mechanism.
Exceptions
CertificateEncodingException Certificate Encoding Exception.
CertificateException This exception indicates one of a variety of certificate problems.
CertificateExpiredException Certificate Expired Exception.
CertificateNotYetValidException Certificate is not yet valid exception.
CertificateParsingException Certificate Parsing Exception.
CertificateRevokedException An exception that indicates an X.509 certificate is revoked.
CertPathBuilderException An exception indicating one of a variety of problems encountered when building a certification path with a CertPathBuilder.
CertPathValidatorException An exception indicating one of a variety of problems encountered when validating a certification path.
CertStoreException An exception indicating one of a variety of problems retrieving certificates and CRLs from a CertStore.
CRLException CRL (Certificate Revocation List) Exception.
在这里插入图片描述

Bol5261
关注
专栏目录
java.security.cert.CertificateException: 证书异常的正确解决办法
wbajsjhhhhh的博客
04-27 2670
java.security.cert.CertificateException: 证书异常的正确解决办法
在pem证书读取java.security.cert.CertificateParsingException: signed fields invalid
m0_45425492的博客
11-10 850
在pem证书读取java.security.cert.CertificateParsingException: signed fields invalid
我是如何解决java.security.cert.CertPathValidatorException异常的
10年职场两茫茫,35岁凄凉奈若何
09-15 2849
我是如何解决java.security.cert.CertPathValidatorException异常的
用jenkins.war安装的jenkins启动服务的时候报updates server failed with an allowed exception:connect timed out怎么解决
最新发布
qq_33192454的博客
07-10 1233
启动 Jenkins 时出现错误通常是因为 Jenkins 无法连接到更新服务器。
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
cola_wh的博客
07-20 6918
客户反馈一些莫名其妙的问题比如 java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 这个一般就是运维部署的证书的问题,但是怎么定位给运维呢,思路一 直接谷歌输入访问的域名,点击证书,看看是不是CA派发的,如果是CA派发的还是在有效期内的 问客户要ip,然后让客户在浏览器输入要访问的域名,看是否能访问,如果不能访问基本可以确定就是运维的问题了,交给运维如果你还想帮对方
java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
applehepeach的博客
01-13 3457
如果你在用mvn打时遇到这个问题java.security.cert.CertificateException: Certificates does not conform to algorithm constraints 那么请修改java.security的配置文件 位置在: vim JAVA_HOME/jre/lib/security/java.securityjava1.6
已解决java.security.cert.CertificateException: 证书异常的正确解决方法,亲测有效!!!
小明的Java问道之路
04-15 4332
已解决java.security.cert.CertificateException: 证书异常的正确解决方法,亲测有效!!!
java.security.cert.Certificate:No subject alternative DNS name matching api.exmail.qq.com found.解决方法
u011400521的博客
11-15 6042
工作中使用https请求,本地调用正常,放到服务器端运行失败,报错为java.security.cert.Certificate:No subject alternative DNS name matching api.exmail.qq.com found 一般错误原因为https证书验证失败 解决方法可以在服务器端导入对应证书,这边使用绕过证书验证的方式解决 get请求: publi...
java.security.cert.CertificateException: No subject alternative DNS name matching XXX found解决方案
12-21
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) throws java.security.cert.CertificateException { return; } @Override public void checkClientTrusted...
java生成X509证书jar
04-14
Java中,这些信息被表示为`java.security.cert.X509Certificate`对象。 BouncyCastle库提供了`org.bouncycastle.jce.provider.BouncyCastleProvider`类,它是Java加密服务提供者,含了国密算法的支持。为了使用...
解决ssl java.security.cert.CertificateException: No name match
清心寡欲,做一个专注的程序员
05-29 4150
记录一次activemq ssl java.security.cert.CertificateException: No name matching localhost found的问题
javax.security.cert
BLOG域名:programb.blog.csdn.net
05-12 265
Provides classes for public key certificates. These classes include a simplified version of the java.security.cert package. These classes were developed as part of the Java Secure Socket Extension (JSSE). When JSSE was added to the J2SE version 1.4, this p
关于java发送https请求 提示java.security.cert.CertificateException: No name matching xxxx found的解决方法
热门推荐
qq_33135813的博客
10-14 3万+
1.这2天项目中需要调用外部接口,开始以为挺简单的,后面使用HttpConnection发送post请求出现了以下的错误信息.通过观察日志中的错误信息发现,应该是在创建HttpConnection的http连接的时候,出现了SSL安全认证的问题,通过查找相关的资料发现,应该是由于外部接口的https证书中的主机名称与本地https请求的主机名称不一致导致的, 同时通过浏览器访问,发现该地址访问不安...
java如何获取信任证书,获取java.security.cert.CertificateException,但证书将导入信任库...
weixin_35813719的博客
03-12 1694
我总是收到一个java.security.cert.CertificateException: No subject alternative names present例外,但我已将证书导入我的trusrstore . 在这里我的设置:我正在使用基于 com.sun.net.httpserver.HttpsServer 的小型HTTPS服务器 . 我创建了一个带有自签名证书的密钥库:keytool...
java字段签名_java.security.cert.CertificateParsingException:签名字段无效 - java
weixin_40001309的博客
03-08 2820
我正在尝试阅读X509 certificateFileInputStream fr = new FileInputStream("suresh.pfx");CertificateFactory cf = CertificateFactory.getInstance("X509");X509Certificate c = (X509Certificate) cf.generateCertific...
java cert_CertificateParsingException
weixin_34338129的博客
03-06 325
CertificateParsingException ClassDefinitionAssembly:Mono.Android.dllThe exception that is thrown when a Certificate can not be parsed.In this article[Android.Runtime.Register("java/security/cert/Certi...
【LeanCloud之坑】javax.net.ssl.SSLHandshakeException:Handshake failed
Kam要努力学Android要去骑行要去徒步要去旅行要走天涯
09-22 4583
最近几天部分地区突然用不了Leancloud的api,登录都无法登录上。在网上找了很多方法,都试过不行,最后找到了Leancloud那边的技术,搞了2,3天才发现是中国移动那边的当地运营商DNS劫持了。       参考https://forum.leancloud.cn/t/app-no-peer-certificate/3968,查下是不是因为时间被修改过了导致无法握手。       如果
JAVA_HOME报错javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException
w2909526的博客
01-11 2805
由于支付项目出现这种报错 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints 最终查找原因是java7/8添加了安全机制 导致md5验签问题 解决方法: 把JAVA_HOME/jr...
Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 70 at io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore(CertUtils.java:107)
07-15
这个错误通常是由于证书解析错误引起的。在您的代码中,根据堆栈跟踪,问题似乎发生在 io.fabric8.kubernetes.client.internal.CertUtils.createKeyStore 方法的第 107 行。 这个错误可能有几种可能的原因: 1. 证书格式不正确:请确保您提供证书是正确的,并且符合所需的格式。您可以尝试使用其他工具(如 OpenSSL)来验证证书的格式和有效性。 2. 证书被篡改:如果您的证书在传输过程中被修改或损坏,可能会导致此错误。请确保您的证书在传输过程中没有被篡改。 3. 代码问题:可能存在代码中的 bug 或错误,导致无法正确解析证书。您可以检查 CertUtils.createKeyStore 方法的实现,并确保它正确处理证书解析。 建议您仔细检查这些方面,并尝试解决问题。如果问题仍然存在,请提供更多的上下文和相关代码,以便我们能够更详细地帮助您解决问题。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值