1. 首頁
  2. 問答
  3. Java以編程方式從鑰匙/證書讀取信息

Java以編程方式從鑰匙/證書讀取信息

2012-10-29 59 views
1

我試着構建證書/密鑰管理工具,但我不明白如何獲取證書/密鑰的md5指紋。Java以編程方式從鑰匙/證書讀取信息

例如,如果我在密鑰庫中使用keytool指令i獲得

Keystore type: JKS 
Keystore provider: SUN 

Your keystore contains 1 entry 

Alias name: myname 
Creation date: 21-Aug-2011 
Entry type: PrivateKeyEntry 
Certificate chain length: 1 
Certificate[1]: 
Owner: CN=bla bla, L=bla, ST=bla 
Issuer: CN=bla bla, L=bla, ST=bla 
Serial number: 123w3qa 
Valid from: Sun Aug 21 00:12:31 CEST 2011 until: Mon Jul 28 00:12:31 CEST 2110 
Certificate fingerprints: 
     MD5: 1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E 
     SHA1: 72:3A:D9:2E:1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E 
     Signature algorithm name: SHA256withRSA 
     Version: 3 

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false 
SubjectKeyIdentifier [ 
KeyIdentifier [ 
0000: AA EA FA FE 34 DA 6E C6 FC 8B 6C DE S9 21 S9 S4 ......^...l.I!.D 
0010: S3 33 29 SD          .S.. 
] 
] 

******************************************* 
*******************************************

現在我想通過Java以獲得以下信息: 1. MD5指紋 2. KeyIdentifier

我獲得一些使用X500Certificate對象和X500Principal的信息(例如來自和來自所有者,發行者,別名的日期),但是我沒有找到我可以獲得其他信息的地方。有人能幫我嗎?

來源

2012-10-29 Ivan

+0

你可以試着看看'keytool'本身的來源? – DNA

+0

是啊,你說得對,昨天我看了看源代碼,但我錯過了:( – Ivan

回答

3

如果您檢查source codekeytool你可以看到如下:

2830  getCertFingerPrint("MD5", cert),

的呼叫:

3167  /** 
3168  * Gets the requested finger print of the certificate. 
3169  */ 
3170  private String getCertFingerPrint(String mdAlg, Certificate cert) 
3171   throws Exception 
3172  { 
3173   byte[] encCertInfo = cert.getEncoded(); 
3174   MessageDigest md = MessageDigest.getInstance(mdAlg); 
3175   byte[] digest = md.digest(encCertInfo); 
3176   return toHexString(digest); 
3177  }

來源

2012-10-29 10:24:01 DNA

1

你可以試試下面的代碼 -

// Load the JDK's cacerts keystore file 
      String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); 

      FileInputStream is = new FileInputStream(filename); 
      KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); 
      String password = "changeit"; 
      keystore.load(is, password.toCharArray()); 

      // This class retrieves the most-trusted CAs from the keystore 
      PKIXParameters params = new PKIXParameters(keystore); 

      // Get the set of trust anchors, which contain the most-trusted CA certificates 
      Iterator it = params.getTrustAnchors().iterator(); 
      while(it.hasNext()) { 
       TrustAnchor ta = (TrustAnchor)it.next(); 
       // Get certificate 
       X509Certificate cert = ta.getTrustedCert(); 
       System.out.println(cert); 
      }

來源

2012-10-29 10:35:44 Deepu

0

我去通過keytoolsource code並提出了機智這個(DNA的答案的擴展版本):

String filename = "path to your keystore"; 
String keyPassword = "your key password"; 
String keyAlias = "your key alias"; 

FileInputStream is = new FileInputStream(filename); 

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); 

keystore.load(is, keyPassword.toCharArray()); 

/* Gets the requested finger print of the certificate. */ 
X509Certificate cert = keystore.getCertificate(keyAlias); 
byte[] encCertInfo = cert.getEncoded(); 
MessageDigest md = MessageDigest.getInstance("MD5"); 
byte[] digest = md.digest(encCertInfo); 

/* Converts a byte array to hex string */ 
StringBuffer buf = new StringBuffer(); 
int len = digest.length; 
for (int i = 0; i < len; i++) { 
    /* Converts a byte to hex digit and writes to the supplied buffer */ 
    char[] hexChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' ]; 
    int high = ((digest[i] & 0xf0) >> 4); 
    int low = (digest[i] & 0x0f); 
    buf.append(hexChars[high]); 
    buf.append(hexChars[low]); 

    if (i < len-1) { 
     buf.append(":"); 
    } 
} 

String your_md5_fingerprint = buf.toString();

我在Android上測試它,就像一個魅力。

來源

2017-02-24 11:52:14 arenaq

相關問題

 相關問題