有兩種方式
一.
Untitled如何把Https網站中的安全證書導入到java中的cacerts證書庫中?在項目開發中,有時會遇到與SSL安全證書導入打交道的,如何把證書導入java中的cacerts證書庫呢?
其實很簡單,方法如下:
每一步:進入某個https://www.xxx.com開頭的網站,把要導入的證書下載下傳過來,
在該網頁上右鍵
>> 屬性 >> 點選"證書" >>
再點選上面的"詳細資訊"切換欄
>>
再點選右下角那個"複制到檔案"的按鈕
就會彈出一個證書導出的向導對話框,按提示一步一步完成就行了。
例如:儲存為abc.cer,放在C槽下
第二步:如何把上面那步的(abc.cer)這個證書導入java中的cacerts證書庫裡?
方法如下
假設你的jdk安裝在C:\jdk1.5這個目錄,
開始
>> 運作 >> 輸入cmd 進入dos指令行 >>
再用cd進入到C:\jdk1.5\jre\lib\security這個目錄下
敲入如下指令回車執行
keytool -import -alias cacerts -keystore %java_home%\jre\lib\security\cacerts -file C:\abc.cer -trustcacerts
此時指令行會提示你輸入cacerts證書庫的密碼,
你敲入changeit就行了,這是java中cacerts證書庫的預設密碼,
你自已也可以修改的。
二.
import java.io.*;
import java.net.URL; import java.security.*;
import java.security.cert.*; import javax.net.ssl.*;
public class InstallCert { public static void main(String[] args) throws Exception
{
String host;
int port;
char[]
passphrase;
//傳如參數 192.168.84.84:443 changeit
if ((args.length
== 1) || (args.length == 2)) {
String[] c =
args[0].split(":");
host =
c[0];
//預設取443端口
port =
(c.length == 1) ? 443 : Integer.parseInt(c[1]);
//預設密碼為changeit
String p = (args.length == 1) ?
"changeit" : args[1];
passphrase =
p.toCharArray();
} else {
System.out.println("Usage: java InstallCert <host>[:port]
[passphrase]");
return;
} //建立jssecacerts檔案
File file = new
File("jssecacerts");
if (file.isFile() == false)
{
char SEP =
File.separatorChar;
File dir = new
File(System.getProperty("java.home") + SEP
+
"lib" + SEP + "security");
file = new File(dir,
"jssecacerts");
if (file.isFile() == false)
{
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file +
"...");
InputStream in = new
FileInputStream(file);
//預設使用JKS的KEYSTORE TYPE
KeyStore ks =
KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in,
passphrase);
in.close(); SSLContext context =
SSLContext.getInstance("TLS");
TrustManagerFactory tmf
=
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager
defaultTrustManager =
(X509TrustManager)tmf.getTrustManagers()[0];
SavingTrustManager tm =
new SavingTrustManager(defaultTrustManager);
context.init(null, new
TrustManager[] {tm}, null);
SSLSocketFactory factory =
context.getSocketFactory(); System.out.println("Opening connection to " + host + ":" + port +
"...");
SSLSocket socket = (SSLSocket)factory.createSocket(host,
port);
socket.setSoTimeout(10000);
try
{
System.out.println("Starting SSL
handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors,
certificate is already trusted");
} catch (SSLException e)
{
System.out.println();
e.printStackTrace(System.out);
} X509Certificate[] chain = tm.chain;
if (chain == null)
{
System.out.println("Could not obtain server
certificate chain");
return;
} BufferedReader reader =
new BufferedReader(new
InputStreamReader(System.in)); System.out.println();
System.out.println("Server sent " +
chain.length + "
certificate(s):");
System.out.println();
MessageDigest sha1 =
MessageDigest.getInstance("SHA1");
MessageDigest md5 =
MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length;
i++) {
X509Certificate cert =
chain[i];
System.out.println
(" " + (i + 1) + " Subject
" + cert.getSubjectDN());
System.out.println(" Issuer " +
cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " +
toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " +
toHexString(md5.digest()));
System.out.println();
} System.out.println("Enter certificate to add to trusted keystore or
'q' to quit: [1]");
String line =
reader.readLine().trim();
int k;
try
{
k = (line.length() == 0) ? 0 :
Integer.parseInt(line) - 1;
} catch (NumberFormatException e)
{
System.out.println("KeyStore not
changed");
return;
} X509Certificate cert = chain[k];
String alias = host + "-" +
(k + 1);
ks.setCertificateEntry(alias, cert); OutputStream out = new
FileOutputStream("jssecacerts");
ks.store(out,
passphrase);
out.close(); System.out.println();
System.out.println(cert);
System.out.println();
System.out.println
("Added
certificate to keystore 'jssecacerts' using alias '"
+ alias +
"'");
} private static final char[] HEXDIGITS =
"0123456789abcdef".toCharArray(); private static String toHexString(byte[] bytes)
{
StringBuilder sb = new StringBuilder(bytes.length * 3);
for
(int b : bytes) {
b &=
0xff;
sb.append(HEXDIGITS[b >>
4]);
sb.append(HEXDIGITS[b &
15]);
sb.append(' ');
}
return
sb.toString();
} private static class SavingTrustManager implements
X509TrustManager { private final X509TrustManager tm;
private X509Certificate[]
chain; SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
} public X509Certificate[] getAcceptedIssuers()
{
throw new
UnsupportedOperationException();
} public void checkClientTrusted(X509Certificate[] chain, String
authType)
throws CertificateException
{
throw new
UnsupportedOperationException();
} public void checkServerTrusted(X509Certificate[] chain, String
authType)
throws CertificateException
{
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
} }