Java以编程方式从密钥/证书读取信息
我正在尝试构建一个证书/密钥管理工具,但我不知道如何获取证书/密钥的md5指纹 例如,如果我对密钥库使用keytool命令,我将获得Java以编程方式从密钥/证书读取信息,java,security,Java,Security,我正在尝试构建一个证书/密钥管理工具,但我不知道如何获取证书/密钥的md5指纹 例如,如果我对密钥库使用keytool命令,我将获得 Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: myname Creation date: 21-Aug-2011 Entry type: PrivateKeyEntry Certificate chain length: 1 Certif
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: myname
Creation date: 21-Aug-2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=bla bla, L=bla, ST=bla
Issuer: CN=bla bla, L=bla, ST=bla
Serial number: 123w3qa
Valid from: Sun Aug 21 00:12:31 CEST 2011 until: Mon Jul 28 00:12:31 CEST 2110
Certificate fingerprints:
MD5: 1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
SHA1: 72:3A:D9:2E:1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA EA FA FE 34 DA 6E C6 FC 8B 6C DE S9 21 S9 S4 ......^...l.I!.D
0010: S3 33 29 SD .S..
]
]
*******************************************
*******************************************
keytool 2830 getCertFingerPrint("MD5", cert),
3167 /**
3168 * Gets the requested finger print of the certificate.
3169 */
3170 private String getCertFingerPrint(String mdAlg, Certificate cert)
3171 throws Exception
3172 {
3173 byte[] encCertInfo = cert.getEncoded();
3174 MessageDigest md = MessageDigest.getInstance(mdAlg);
3175 byte[] digest = md.digest(encCertInfo);
3176 return toHexString(digest);
3177 }
您可以尝试以下代码-
// Load the JDK's cacerts keystore file
String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
keystore.load(is, password.toCharArray());
// This class retrieves the most-trusted CAs from the keystore
PKIXParameters params = new PKIXParameters(keystore);
// Get the set of trust anchors, which contain the most-trusted CA certificates
Iterator it = params.getTrustAnchors().iterator();
while( it.hasNext() ) {
TrustAnchor ta = (TrustAnchor)it.next();
// Get certificate
X509Certificate cert = ta.getTrustedCert();
System.out.println(cert);
}
我通过
keytoolString filename=“密钥库的路径”;
String keyPassword=“您的密钥密码”;
String keyalis=“您的密钥别名”;
FileInputStream is=新的FileInputStream(文件名);
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
load(is,keyPassword.toCharArray());
/*获取请求的证书指纹*/
X509Certificate cert=keystore.getCertificate(keyAlias);
字节[]encCertInfo=cert.getEncoded();
MessageDigest md=MessageDigest.getInstance(“MD5”);
字节[]摘要=md.digest(encCertInfo);
/*将字节数组转换为十六进制字符串*/
StringBuffer buf=新的StringBuffer();
int len=摘要长度;
对于(int i=0;i>4);
int低=(摘要[i]&0x0f);
buf.append(六角字符[高]);
buf.append(hexChars[low]);
如果(i 我在安卓系统上测试过,效果很好。你可以试着看看
keytoolString filename = "path to your keystore";
String keyPassword = "your key password";
String keyAlias = "your key alias";
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyPassword.toCharArray());
/* Gets the requested finger print of the certificate. */
X509Certificate cert = keystore.getCertificate(keyAlias);
byte[] encCertInfo = cert.getEncoded();
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] digest = md.digest(encCertInfo);
/* Converts a byte array to hex string */
StringBuffer buf = new StringBuffer();
int len = digest.length;
for (int i = 0; i < len; i++) {
/* Converts a byte to hex digit and writes to the supplied buffer */
char[] hexChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' ];
int high = ((digest[i] & 0xf0) >> 4);
int low = (digest[i] & 0x0f);
buf.append(hexChars[high]);
buf.append(hexChars[low]);
if (i < len-1) {
buf.append(":");
}
}
String your_md5_fingerprint = buf.toString();