Java 检查CA';在输入证书之前,是否先输入证书?
我正在使用以下代码将客户端证书插入我的servertruststoreJava 检查CA';在输入证书之前,是否先输入证书?,java,certificate,keystore,Java,Certificate,Keystore,我正在使用以下代码将客户端证书插入我的servertruststore FileInputStream fileInputStream = new FileInputStream( "c:/server.jks" ); keyStore.load( fileInputStream, "keystore".toCharArray() ); fileInputStream.close(); keyStore.setCertificateEntry( alias, new
FileInputStream fileInputStream = new FileInputStream( "c:/server.jks" );
keyStore.load( fileInputStream, "keystore".toCharArray() );
fileInputStream.close();
keyStore.setCertificateEntry( alias, new X509Certificate( trustedCertificate ) );
FileOutputStream fileOutputStream = new FileOutputStream("c:/server.jks" );
keyStore.store( fileOutputStream, "keystore".toCharArray() );
fileOutputStream.close();
现在我看到该证书已输入到我的信任库中,但签名客户端证书的CA证书不在我的信任库中。因此,我想知道,在将证书输入密钥库之前,是否有任何方法可以检查CA证书是否可用?我想您需要做的是验证该证书是否由根颁发机构颁发或是否已自签名。我假定您使用的是默认的java密钥库,即cacerts。 我尚未测试代码,但我认为这可能是您问题的解决方案:
String filename=System.getProperty(“java.home”)+“/lib/security/cacerts.replace(“/”,File.separatorChar);
Set additionalCerts=new HashSet();
FileInputStream is=新的FileInputStream(文件名);
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
字符串password=“changeit”;
load(is,password.toCharArray());
//此类从密钥库检索最受信任的CA
PKIXParameters params=新的PKIXParameters(密钥库);
//获取信任锚点集,其中包含最受信任的CA证书
迭代器it=params.getTrustAnchors().Iterator();
while(it.hasNext()){
信任锚ta=(信任锚)it.next();
//拿到证书
X509CertificateCert=ta.getTrustedCert();
附加证书添加(证书);
}
String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
Set<X509Certificate> additionalCerts = new HashSet<X509Certificate>();
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "changeit";
keystore.load(is, password.toCharArray());
// This class retrieves the most-trusted CAs from the keystore
PKIXParameters params = new PKIXParameters(keystore);
// Get the set of trust anchors, which contain the most-trusted CA certificates
Iterator it = params.getTrustAnchors().iterator();
while( it.hasNext() ) {
TrustAnchor ta = (TrustAnchor)it.next();
// Get certificate
X509Certificate cert = ta.getTrustedCert();
additionalCerts.add(cert);
}