Java的编程方式从密钥/证书读取信息(Java Programmatically read inf

2019-08-02 01:56发布

站内文章 / 移动开发
6 0 0

我试着建立一个证书/密钥管理工具,但我不知道如何获得证书/密钥的MD5指纹。

例如,如果我在我密钥库获得使用keytool命令

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: myname
Creation date: 21-Aug-2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=bla bla, L=bla, ST=bla
Issuer: CN=bla bla, L=bla, ST=bla
Serial number: 123w3qa
Valid from: Sun Aug 21 00:12:31 CEST 2011 until: Mon Jul 28 00:12:31 CEST 2110
Certificate fingerprints:
         MD5:  1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
         SHA1: 72:3A:D9:2E:1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA EA FA FE 34 DA 6E C6   FC 8B 6C DE S9 21 S9 S4  ......^...l.I!.D
0010: S3 33 29 SD                                        .S..
]
]

*******************************************
*******************************************

现在我想通过Java以下信息,以获得:1,MD5指纹2. KeyIdentifier

我得到使用X500Certificate对象和X500Principal的一些信息(用于从和到,所有者,发布者,别名例如日期),但是我没有发现在哪里可以得到其它信息。 有人能帮我吗?

Answer 1:

如果您检查源代码的keytool ,你可以看到如下内容: 

 2830       getCertFingerPrint("MD5", cert),

这就要求: 

 3167       /**
 3168        * Gets the requested finger print of the certificate.
 3169        */
 3170       private String getCertFingerPrint(String mdAlg, Certificate cert)
 3171           throws Exception
 3172       {
 3173           byte[] encCertInfo = cert.getEncoded();
 3174           MessageDigest md = MessageDigest.getInstance(mdAlg);
 3175           byte[] digest = md.digest(encCertInfo);
 3176           return toHexString(digest);
 3177       }


Answer 2:

你可以试试下面的代码 - 

  // Load the JDK's cacerts keystore file
            String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);

            FileInputStream is = new FileInputStream(filename);
            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            String password = "changeit";
            keystore.load(is, password.toCharArray());

            // This class retrieves the most-trusted CAs from the keystore
            PKIXParameters params = new PKIXParameters(keystore);

            // Get the set of trust anchors, which contain the most-trusted CA certificates
            Iterator it = params.getTrustAnchors().iterator();
            while( it.hasNext() ) {
                TrustAnchor ta = (TrustAnchor)it.next();
                // Get certificate
                X509Certificate cert = ta.getTrustedCert();
                System.out.println(cert);
            }


Answer 3:

我经历了keytool 的源代码 ,并与这个(扩大DNA的答案的版本)想出了: 

String filename = "path to your keystore";
String keyPassword = "your key password";
String keyAlias = "your key alias";

FileInputStream is = new FileInputStream(filename);

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

keystore.load(is, keyPassword.toCharArray());

/* Gets the requested finger print of the certificate. */
X509Certificate cert = keystore.getCertificate(keyAlias);
byte[] encCertInfo = cert.getEncoded();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(encCertInfo);

/* Converts a byte array to hex string */
StringBuffer buf = new StringBuffer();
int len = digest.length;
for (int i = 0; i < len; i++) {
    /* Converts a byte to hex digit and writes to the supplied buffer */
    char[] hexChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' ];
    int high = ((digest[i] & 0xf0) >> 4);
    int low = (digest[i] & 0x0f);
    buf.append(hexChars[high]);
    buf.append(hexChars[low]);

    if (i < len-1) {
        buf.append(":");
    }
}

String your_md5_fingerprint = buf.toString();

我测试了它在Android上,就像一个魅力。



文章来源: Java Programmatically read informations from a Key/Certificate
标签: java security
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~