zoukankan      html  css  js  c++  java
  • CAS(客户端)程序获取安全证书

    以下是获取安全证书的一种方法,通过以下程序获取安全证书:

    import java.io.BufferedReader;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.FileOutputStream;
    import java.io.InputStream;
    import java.io.InputStreamReader;
    import java.io.OutputStream;
    import java.security.KeyStore;
    import java.security.MessageDigest;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLException;
    import javax.net.ssl.SSLSocket;
    import javax.net.ssl.SSLSocketFactory;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.TrustManagerFactory;
    import javax.net.ssl.X509TrustManager;
    
    public class InstallCert {
    
        public static void main(String[] args) throws Exception {
            String host;
            int port;
            char[] passphrase;
            if ((args.length == 1) || (args.length == 2)) {
                String[] c = args[0].split(":");
                host = c[0];
                port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
                String p = (args.length == 1) ? "changeit" : args[1];
                passphrase = p.toCharArray();
            } else {
                System.out
                        .println("Usage: java InstallCert <host>[:port] [passphrase]");
                return;
            }
    
            File file = new File("jssecacerts");
            if (file.isFile() == false) {
                char SEP = File.separatorChar;
                File dir = new File(System.getProperty("java.home") + SEP + "lib"
                        + SEP + "security");
                file = new File(dir, "jssecacerts");
                if (file.isFile() == false) {
                    file = new File(dir, "cacerts");
                }
            }
            System.out.println("Loading KeyStore " + file + "...");
            InputStream in = new FileInputStream(file);
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            ks.load(in, passphrase);
            in.close();
    
            SSLContext context = SSLContext.getInstance("TLS");
            TrustManagerFactory tmf = TrustManagerFactory
                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(ks);
            X509TrustManager defaultTrustManager = (X509TrustManager) tmf
                    .getTrustManagers()[0];
            SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
            context.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory factory = context.getSocketFactory();
    
            System.out
                    .println("Opening connection to " + host + ":" + port + "...");
            SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
            socket.setSoTimeout(10000);
            try {
                System.out.println("Starting SSL handshake...");
                socket.startHandshake();
                socket.close();
                System.out.println();
                System.out.println("No errors, certificate is already trusted");
            } catch (SSLException e) {
                System.out.println();
                e.printStackTrace(System.out);
            }
    
            X509Certificate[] chain = tm.chain;
            if (chain == null) {
                System.out.println("Could not obtain server certificate chain");
                return;
            }
    
            BufferedReader reader = new BufferedReader(new InputStreamReader(
                    System.in));
    
            System.out.println();
            System.out.println("Server sent " + chain.length + " certificate(s):");
            System.out.println();
            MessageDigest sha1 = MessageDigest.getInstance("SHA1");
            MessageDigest md5 = MessageDigest.getInstance("MD5");
            for (int i = 0; i < chain.length; i++) {
                X509Certificate cert = chain[i];
                System.out.println(" " + (i + 1) + " Subject "
                        + cert.getSubjectDN());
                System.out.println("   Issuer  " + cert.getIssuerDN());
                sha1.update(cert.getEncoded());
                System.out.println("   sha1    " + toHexString(sha1.digest()));
                md5.update(cert.getEncoded());
                System.out.println("   md5     " + toHexString(md5.digest()));
                System.out.println();
            }
    
            System.out
                    .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
            String line = reader.readLine().trim();
            int k;
            try {
                k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
            } catch (NumberFormatException e) {
                System.out.println("KeyStore not changed");
                return;
            }
    
            X509Certificate cert = chain[k];
            String alias = host + "-" + (k + 1);
            ks.setCertificateEntry(alias, cert);
    
            OutputStream out = new FileOutputStream("jssecacerts");
            ks.store(out, passphrase);
            out.close();
    
            System.out.println();
            System.out.println(cert);
            System.out.println();
            System.out
                    .println("Added certificate to keystore 'jssecacerts' using alias '"
                            + alias + "'");
        }
    
        private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
    
        private static String toHexString(byte[] bytes) {
            StringBuilder sb = new StringBuilder(bytes.length * 3);
            for (int b : bytes) {
                b &= 0xff;
                sb.append(HEXDIGITS[b >> 4]);
                sb.append(HEXDIGITS[b & 15]);
                sb.append(' ');
            }
            return sb.toString();
        }
    
        private static class SavingTrustManager implements X509TrustManager {
    
            private final X509TrustManager tm;
            private X509Certificate[] chain;
    
            SavingTrustManager(X509TrustManager tm) {
                this.tm = tm;
            }
    
            public X509Certificate[] getAcceptedIssuers() {
                throw new UnsupportedOperationException();
            }
    
            public void checkClientTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
                throw new UnsupportedOperationException();
            }
    
            public void checkServerTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
                this.chain = chain;
                tm.checkServerTrusted(chain, authType);
            }
        }
    
    }

    编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443

    或者在Eclipse下更改上面程序main方法添加两行

    String[] a = {"test.report.com:8443"};
    args =a;

    直接运行

    会看到如下信息:

    Loading KeyStore jssecacerts...
    Opening connection to test.report.com:8443...
    Starting SSL handshake...
    
    No errors, certificate is already trusted
    
    Server sent 1 certificate(s):
    
     1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
       Issuer  CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
       sha1    37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21 
       md5     55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 
    
    Enter certificate to add to trusted keystore or 'q' to quit: [1]   ///////这个会停顿输入1即可
    1
    
    [
    [
      Version: V3
      Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
      Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
    
      Key:  Sun RSA public key, 1024 bits
      modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873
      public exponent: 65537
      Validity: [From: Fri Aug 01 08:27:33 CST 2014,
                   To: Sat Aug 01 08:27:33 CST 2015]
      Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
      SerialNumber: [    53dadef5]
    
    ]
      Algorithm: [SHA1withRSA]
      Signature:
    0000: 29 85 FC 3A 53 22 B3 BF   7B 47 FF 2A 57 94 B5 C2  )..:S"...G.*W...
    0010: 1A 04 AF B6 EE 6B AC 08   49 60 7B 42 07 0A F2 23  .....k..I`.B...#
    0020: 85 8F 93 50 CD 86 5D AC   97 8D 6C DF 2C 1E 10 71  ...P..]...l.,..q
    0030: 64 4D ED CA 06 8E 79 9C   00 A7 94 D0 5C 36 39 B3  dM....y.....69.
    0040: 32 D4 7C 40 25 A0 B7 CB   B3 F8 1B A7 6A CC D4 D4  2..@%.......j...
    0050: 26 C7 3E 04 9A 27 8D 63   74 4B D1 5E 97 51 E0 7E  &.>..'.ctK.^.Q..
    0060: E3 25 0D 6A 19 51 F8 D1   B5 B4 FA 23 98 41 70 D0  .%.j.Q.....#.Ap.
    0070: BC 57 21 CE 75 2E 7B F3   5B 2E 13 A5 F0 27 63 2C  .W!.u...[....'c,
    
    ]
    
    Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'

    将证书拷贝到$JAVA_HOME/jre/lib/security目录下


    注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。

  • 相关阅读:
    Python爬虫入门教程 45-100 Charles抓取兔儿故事-下载小猪佩奇故事-手机APP爬虫部分
    Python爬虫入门教程 44-100 Charles的安装与使用-手机APP爬虫部分
    Python爬虫入门教程 42-100 爬取儿歌多多APP数据-手机APP爬虫部分
    Python爬虫入门教程 43-100 百思不得姐APP数据-手机APP爬虫部分
    Python爬虫入门教程 41-100 Fiddler+夜神模拟器+雷电模拟器配置手机APP爬虫部分
    Python爬虫入门教程 40-100 博客园Python相关40W博客抓取 scrapy
    Python爬虫入门教程 39-100 天津市科技计划项目成果库数据抓取 scrapy
    Python爬虫入门教程 38-100 教育部高校名单数据爬虫 scrapy
    Python爬虫入门教程 37-100 云沃客项目外包网数据爬虫 scrapy
    Python爬虫入门教程 36-100 酷安网全站应用爬虫 scrapy
  • 原文地址:https://www.cnblogs.com/cxyj/p/3884507.html
Copyright © 2011-2022 走看看