Java以编程方式从密钥/证书中读取信息
我正在尝试构建证书/密钥管理工具,但我不明白如何获取证书/密钥的md5指纹。
例如,如果我在密钥库上使用keytool命令,我将获得
Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: myname Creation date: 21-Aug-2011 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=bla bla, L=bla, ST=bla Issuer: CN=bla bla, L=bla, ST=bla Serial number: 123w3qa Valid from: Sun Aug 21 00:12:31 CEST 2011 until: Mon Jul 28 00:12:31 CEST 2110 Certificate fingerprints: MD5: 1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E SHA1: 72:3A:D9:2E:1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E Signature algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AA EA FA FE 34 DA 6E C6 FC 8B 6C DE S9 21 S9 S4 ......^...lI!.D 0010: S3 33 29 SD .S.. ] ] ******************************************* ******************************************* 现在我想通过java获得以下信息:1。MD5指纹2. KeyIdentifier
我使用X500Certificate对象和X500Principal获取了一些信息(例如日期来自和所有者,发行者,别名),但我没有找到我可以获得其他信息的地方。 有人能帮我吗?
如果您检查keytool的源代码 ,您可以看到以下内容:
2830 getCertFingerPrint("MD5", cert),
哪个叫:
3167 /** 3168 * Gets the requested finger print of the certificate. 3169 */ 3170 private String getCertFingerPrint(String mdAlg, Certificate cert) 3171 throws Exception 3172 { 3173 byte[] encCertInfo = cert.getEncoded(); 3174 MessageDigest md = MessageDigest.getInstance(mdAlg); 3175 byte[] digest = md.digest(encCertInfo); 3176 return toHexString(digest); 3177 }
您可以尝试以下代码 –
// Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // This class retrieves the most-trusted CAs from the keystore PKIXParameters params = new PKIXParameters(keystore); // Get the set of trust anchors, which contain the most-trusted CA certificates Iterator it = params.getTrustAnchors().iterator(); while( it.hasNext() ) { TrustAnchor ta = (TrustAnchor)it.next(); // Get certificate X509Certificate cert = ta.getTrustedCert(); System.out.println(cert); }
我浏览了keytool 源代码并想出了这个(扩展版的DNA答案):
String filename = "path to your keystore"; String keyPassword = "your key password"; String keyAlias = "your key alias"; FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, keyPassword.toCharArray()); /* Gets the requested finger print of the certificate. */ X509Certificate cert = keystore.getCertificate(keyAlias); byte[] encCertInfo = cert.getEncoded(); MessageDigest md = MessageDigest.getInstance("MD5"); byte[] digest = md.digest(encCertInfo); /* Converts a byte array to hex string */ StringBuffer buf = new StringBuffer(); int len = digest.length; for (int i = 0; i < len; i++) { /* Converts a byte to hex digit and writes to the supplied buffer */ char[] hexChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' ]; int high = ((digest[i] & 0xf0) >> 4); int low = (digest[i] & 0x0f); buf.append(hexChars[high]); buf.append(hexChars[low]); if (i < len-1) { buf.append(":"); } } String your_md5_fingerprint = buf.toString();
我在Android上测试它,就像一个魅力。