找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 316|回复: 0

获取网站SSL证书

[复制链接]

378

主题

55

回帖

2063

积分

管理员

积分
2063
发表于 2018-11-20 09:07:16 | 显示全部楼层 |阅读模式
  1. package jsoup.as.catchs;


  2. /*

  3. * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.

  4. *

  5. * Redistribution and use in source and binary forms, with or without

  6. * modification, are permitted provided that the following conditions

  7. * are met:

  8. *

  9. *   - Redistributions of source code must retain the above copyright

  10. *     notice, this list of conditions and the following disclaimer.

  11. *

  12. *   - Redistributions in binary form must reproduce the above copyright

  13. *     notice, this list of conditions and the following disclaimer in the

  14. *     documentation and/or other materials provided with the distribution.

  15. *

  16. *   - Neither the name of Sun Microsystems nor the names of its

  17. *     contributors may be used to endorse or promote products derived

  18. *     from this software without specific prior written permission.

  19. *

  20. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

  21. * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,

  22. * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  23. * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  24. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

  25. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

  26. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

  27. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

  28. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

  29. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

  30. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  31. */



  32. import java.io.BufferedReader;

  33. import java.io.File;

  34. import java.io.FileInputStream;

  35. import java.io.FileOutputStream;

  36. import java.io.InputStream;

  37. import java.io.InputStreamReader;

  38. import java.io.OutputStream;

  39. import java.security.KeyStore;

  40. import java.security.MessageDigest;

  41. import java.security.cert.CertificateException;

  42. import java.security.cert.X509Certificate;



  43. import javax.net.ssl.SSLContext;

  44. import javax.net.ssl.SSLException;

  45. import javax.net.ssl.SSLSocket;

  46. import javax.net.ssl.SSLSocketFactory;

  47. import javax.net.ssl.TrustManager;

  48. import javax.net.ssl.TrustManagerFactory;

  49. import javax.net.ssl.X509TrustManager;



  50. public class InstallCert {



  51.         public static void main(String[] args) throws Exception {

  52.                 String host;

  53.                 int port;

  54.                 char[] passphrase;

  55.                 if ((args.length == 1) || (args.length == 2)) {

  56.                         String[] c = args[0].split(":");

  57.                         host = c[0];

  58.                         port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

  59.                         String p = (args.length == 1) ? "changeit" : args[1];

  60.                         passphrase = p.toCharArray();

  61.                 } else {

  62.                         System.out

  63.                                         .println("Usage: java InstallCert <host>[:port] [passphrase]");

  64.                         return;

  65.                 }



  66.                 File file = new File("jssecacerts");

  67.                 if (file.isFile() == false) {

  68.                         char SEP = File.separatorChar;

  69.                         File dir = new File(System.getProperty("java.home") + SEP + "lib"

  70.                                         + SEP + "security");

  71.                         file = new File(dir, "jssecacerts");

  72.                         if (file.isFile() == false) {

  73.                                 file = new File(dir, "cacerts");

  74.                         }

  75.                 }

  76.                 System.out.println("Loading KeyStore " + file + "...");

  77.                 InputStream in = new FileInputStream(file);

  78.                 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

  79.                 ks.load(in, passphrase);

  80.                 in.close();



  81.                 SSLContext context = SSLContext.getInstance("TLS");

  82.                 TrustManagerFactory tmf = TrustManagerFactory

  83.                                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());

  84.                 tmf.init(ks);

  85.                 X509TrustManager defaultTrustManager = (X509TrustManager) tmf

  86.                                 .getTrustManagers()[0];

  87.                 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

  88.                 context.init(null, new TrustManager[] { tm }, null);

  89.                 SSLSocketFactory factory = context.getSocketFactory();



  90.                 System.out

  91.                                 .println("Opening connection to " + host + ":" + port + "...");

  92.                 SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

  93.                 socket.setSoTimeout(10000);

  94.                 try {

  95.                         System.out.println("Starting SSL handshake...");

  96.                         socket.startHandshake();

  97.                         socket.close();

  98.                         System.out.println();

  99.                         System.out.println("No errors, certificate is already trusted");

  100.                 } catch (SSLException e) {

  101.                         System.out.println();

  102.                         e.printStackTrace(System.out);

  103.                 }



  104.                 X509Certificate[] chain = tm.chain;

  105.                 if (chain == null) {

  106.                         System.out.println("Could not obtain server certificate chain");

  107.                         return;

  108.                 }



  109.                 BufferedReader reader = new BufferedReader(new InputStreamReader(

  110.                                 System.in));



  111.                 System.out.println();

  112.                 System.out.println("Server sent " + chain.length + " certificate(s):");

  113.                 System.out.println();

  114.                 MessageDigest sha1 = MessageDigest.getInstance("SHA1");

  115.                 MessageDigest md5 = MessageDigest.getInstance("MD5");

  116.                 for (int i = 0; i < chain.length; i++) {

  117.                         X509Certificate cert = chain[i];

  118.                         System.out.println(" " + (i + 1) + " Subject "

  119.                                         + cert.getSubjectDN());

  120.                         System.out.println("   Issuer  " + cert.getIssuerDN());

  121.                         sha1.update(cert.getEncoded());

  122.                         System.out.println("   sha1    " + toHexString(sha1.digest()));

  123.                         md5.update(cert.getEncoded());

  124.                         System.out.println("   md5     " + toHexString(md5.digest()));

  125.                         System.out.println();

  126.                 }



  127.                 System.out

  128.                                 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

  129.                 String line = reader.readLine().trim();

  130.                 int k;

  131.                 try {

  132.                         k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

  133.                 } catch (NumberFormatException e) {

  134.                         System.out.println("KeyStore not changed");

  135.                         return;

  136.                 }



  137.                 X509Certificate cert = chain[k];

  138.                 String alias = host + "-" + (k + 1);

  139.                 ks.setCertificateEntry(alias, cert);



  140.                 OutputStream out = new FileOutputStream("jssecacerts");

  141.                 ks.store(out, passphrase);

  142.                 out.close();



  143.                 System.out.println();

  144.                 System.out.println(cert);

  145.                 System.out.println();

  146.                 System.out

  147.                                 .println("Added certificate to keystore 'jssecacerts' using alias '"

  148.                                                 + alias + "'");

  149.         }



  150.         private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();



  151.         private static String toHexString(byte[] bytes) {

  152.                 StringBuilder sb = new StringBuilder(bytes.length * 3);

  153.                 for (int b : bytes) {

  154.                         b &= 0xff;

  155.                         sb.append(HEXDIGITS[b >> 4]);

  156.                         sb.append(HEXDIGITS[b & 15]);

  157.                         sb.append(' ');

  158.                 }

  159.                 return sb.toString();

  160.         }



  161.         private static class SavingTrustManager implements X509TrustManager {



  162.                 private final X509TrustManager tm;

  163.                 private X509Certificate[] chain;



  164.                 SavingTrustManager(X509TrustManager tm) {

  165.                         this.tm = tm;

  166.                 }



  167.                 public X509Certificate[] getAcceptedIssuers() {

  168.                         throw new UnsupportedOperationException();

  169.                 }



  170.                 public void checkClientTrusted(X509Certificate[] chain, String authType)

  171.                                 throws CertificateException {

  172.                         throw new UnsupportedOperationException();

  173.                 }



  174.                 public void checkServerTrusted(X509Certificate[] chain, String authType)

  175.                                 throws CertificateException {

  176.                         this.chain = chain;

  177.                         tm.checkServerTrusted(chain, authType);

  178.                 }

  179.         }



  180. }

复制代码


回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|Comsenz Inc.

GMT+8, 2024-12-20 01:11 , Processed in 0.053729 second(s), 18 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表