Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/search/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 检查CA';在输入证书之前,是否先输入证书?_Java_Certificate_Keystore - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 检查CA';在输入证书之前,是否先输入证书?

Java 检查CA';在输入证书之前,是否先输入证书?

java certificate

Java 检查CA';在输入证书之前,是否先输入证书?,java,certificate,keystore,Java,Certificate,Keystore,我正在使用以下代码将客户端证书插入我的servertruststore FileInputStream fileInputStream = new FileInputStream( "c:/server.jks" ); keyStore.load( fileInputStream, "keystore".toCharArray() ); fileInputStream.close(); keyStore.setCertificateEntry( alias, new

我正在使用以下代码将客户端证书插入我的servertruststore

  FileInputStream fileInputStream = new FileInputStream( "c:/server.jks" );
    keyStore.load( fileInputStream, "keystore".toCharArray() );
    fileInputStream.close();
    keyStore.setCertificateEntry( alias, new X509Certificate( trustedCertificate ) );

    FileOutputStream fileOutputStream = new FileOutputStream("c:/server.jks" );
    keyStore.store( fileOutputStream, "keystore".toCharArray() );
    fileOutputStream.close();
现在我看到该证书已输入到我的信任库中,但签名客户端证书的CA证书不在我的信任库中。因此,我想知道,在将证书输入密钥库之前,是否有任何方法可以检查CA证书是否可用?

我想您需要做的是验证该证书是否由根颁发机构颁发或是否已自签名。我假定您使用的是默认的java密钥库,即cacerts。 我尚未测试代码,但我认为这可能是您问题的解决方案:

  • 从以下链接获取并修改代码:

    • String filename=System.getProperty(“java.home”)+“/lib/security/cacerts.replace(“/”,File.separatorChar);
Set additionalCerts=new HashSet();
FileInputStream is=新的FileInputStream(文件名);
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
字符串password=“changeit”;
load(is,password.toCharArray());
//此类从密钥库检索最受信任的CA
PKIXParameters params=新的PKIXParameters(密钥库);
//获取信任锚点集,其中包含最受信任的CA证书
迭代器it=params.getTrustAnchors().Iterator();
while(it.hasNext()){
信任锚ta=(信任锚)it.next();
//拿到证书
X509CertificateCert=ta.getTrustedCert();
附加证书添加(证书);
}
  • 然后,您可以使用以下代码将客户端证书和包含所有根CA的集合传递给以下代码的verifyCertificate(X509Certificate cert,Set additionalCerts)方法:

    • 可能存在的副本 
            String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
        Set<X509Certificate> additionalCerts = new HashSet<X509Certificate>();
        FileInputStream is = new FileInputStream(filename);
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        String password = "changeit";
        keystore.load(is, password.toCharArray());

        // This class retrieves the most-trusted CAs from the keystore
        PKIXParameters params = new PKIXParameters(keystore);

        // Get the set of trust anchors, which contain the most-trusted CA certificates
        Iterator it = params.getTrustAnchors().iterator();
        while( it.hasNext() ) {
            TrustAnchor ta = (TrustAnchor)it.next();
            // Get certificate
            X509Certificate cert = ta.getTrustedCert();
            additionalCerts.add(cert);
        }