获取网站SSL证书

tiancaisq

1. package jsoup.as.catchs;
   
2. 
   
3. 
   
4. /*
   
5. 
   
6. * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
   
7. 
   
8. *
   
9. 
   
10. * Redistribution and use in source and binary forms, with or without
    
11. 
    
12. * modification, are permitted provided that the following conditions
    
13. 
    
14. * are met:
    
15. 
    
16. *
    
17. 
    
18. *   - Redistributions of source code must retain the above copyright
    
19. 
    
20. *     notice, this list of conditions and the following disclaimer.
    
21. 
    
22. *
    
23. 
    
24. *   - Redistributions in binary form must reproduce the above copyright
    
25. 
    
26. *     notice, this list of conditions and the following disclaimer in the
    
27. 
    
28. *     documentation and/or other materials provided with the distribution.
    
29. 
    
30. *
    
31. 
    
32. *   - Neither the name of Sun Microsystems nor the names of its
    
33. 
    
34. *     contributors may be used to endorse or promote products derived
    
35. 
    
36. *     from this software without specific prior written permission.
    
37. 
    
38. *
    
39. 
    
40. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
    
41. 
    
42. * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    
43. 
    
44. * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    
45. 
    
46. * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
    
47. 
    
48. * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
    
49. 
    
50. * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
    
51. 
    
52. * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
    
53. 
    
54. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
    
55. 
    
56. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    
57. 
    
58. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
    
59. 
    
60. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    
61. 
    
62. */
    
63. 
    
64. 
    
65. 
    
66. import java.io.BufferedReader;
    
67. 
    
68. import java.io.File;
    
69. 
    
70. import java.io.FileInputStream;
    
71. 
    
72. import java.io.FileOutputStream;
    
73. 
    
74. import java.io.InputStream;
    
75. 
    
76. import java.io.InputStreamReader;
    
77. 
    
78. import java.io.OutputStream;
    
79. 
    
80. import java.security.KeyStore;
    
81. 
    
82. import java.security.MessageDigest;
    
83. 
    
84. import java.security.cert.CertificateException;
    
85. 
    
86. import java.security.cert.X509Certificate;
    
87. 
    
88. 
    
89. 
    
90. import javax.net.ssl.SSLContext;
    
91. 
    
92. import javax.net.ssl.SSLException;
    
93. 
    
94. import javax.net.ssl.SSLSocket;
    
95. 
    
96. import javax.net.ssl.SSLSocketFactory;
    
97. 
    
98. import javax.net.ssl.TrustManager;
    
99. 
    
100. import javax.net.ssl.TrustManagerFactory;
     
101. 
     
102. import javax.net.ssl.X509TrustManager;
     
103. 
     
104. 
     
105. 
     
106. public class InstallCert {
     
107. 
     
108. 
     
109. 
     
110.         public static void main(String[] args) throws Exception {
     
111. 
     
112.                 String host;
     
113. 
     
114.                 int port;
     
115. 
     
116.                 char[] passphrase;
     
117. 
     
118.                 if ((args.length == 1) || (args.length == 2)) {
     
119. 
     
120.                         String[] c = args[0].split(":");
     
121. 
     
122.                         host = c[0];
     
123. 
     
124.                         port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
     
125. 
     
126.                         String p = (args.length == 1) ? "changeit" : args[1];
     
127. 
     
128.                         passphrase = p.toCharArray();
     
129. 
     
130.                 } else {
     
131. 
     
132.                         System.out
     
133. 
     
134.                                         .println("Usage: java InstallCert <host>[:port] [passphrase]");
     
135. 
     
136.                         return;
     
137. 
     
138.                 }
     
139. 
     
140. 
     
141. 
     
142.                 File file = new File("jssecacerts");
     
143. 
     
144.                 if (file.isFile() == false) {
     
145. 
     
146.                         char SEP = File.separatorChar;
     
147. 
     
148.                         File dir = new File(System.getProperty("java.home") + SEP + "lib"
     
149. 
     
150.                                         + SEP + "security");
     
151. 
     
152.                         file = new File(dir, "jssecacerts");
     
153. 
     
154.                         if (file.isFile() == false) {
     
155. 
     
156.                                 file = new File(dir, "cacerts");
     
157. 
     
158.                         }
     
159. 
     
160.                 }
     
161. 
     
162.                 System.out.println("Loading KeyStore " + file + "...");
     
163. 
     
164.                 InputStream in = new FileInputStream(file);
     
165. 
     
166.                 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
     
167. 
     
168.                 ks.load(in, passphrase);
     
169. 
     
170.                 in.close();
     
171. 
     
172. 
     
173. 
     
174.                 SSLContext context = SSLContext.getInstance("TLS");
     
175. 
     
176.                 TrustManagerFactory tmf = TrustManagerFactory
     
177. 
     
178.                                 .getInstance(TrustManagerFactory.getDefaultAlgorithm());
     
179. 
     
180.                 tmf.init(ks);
     
181. 
     
182.                 X509TrustManager defaultTrustManager = (X509TrustManager) tmf
     
183. 
     
184.                                 .getTrustManagers()[0];
     
185. 
     
186.                 SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
     
187. 
     
188.                 context.init(null, new TrustManager[] { tm }, null);
     
189. 
     
190.                 SSLSocketFactory factory = context.getSocketFactory();
     
191. 
     
192. 
     
193. 
     
194.                 System.out
     
195. 
     
196.                                 .println("Opening connection to " + host + ":" + port + "...");
     
197. 
     
198.                 SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
     
199. 
     
200.                 socket.setSoTimeout(10000);
     
201. 
     
202.                 try {
     
203. 
     
204.                         System.out.println("Starting SSL handshake...");
     
205. 
     
206.                         socket.startHandshake();
     
207. 
     
208.                         socket.close();
     
209. 
     
210.                         System.out.println();
     
211. 
     
212.                         System.out.println("No errors, certificate is already trusted");
     
213. 
     
214.                 } catch (SSLException e) {
     
215. 
     
216.                         System.out.println();
     
217. 
     
218.                         e.printStackTrace(System.out);
     
219. 
     
220.                 }
     
221. 
     
222. 
     
223. 
     
224.                 X509Certificate[] chain = tm.chain;
     
225. 
     
226.                 if (chain == null) {
     
227. 
     
228.                         System.out.println("Could not obtain server certificate chain");
     
229. 
     
230.                         return;
     
231. 
     
232.                 }
     
233. 
     
234. 
     
235. 
     
236.                 BufferedReader reader = new BufferedReader(new InputStreamReader(
     
237. 
     
238.                                 System.in));
     
239. 
     
240. 
     
241. 
     
242.                 System.out.println();
     
243. 
     
244.                 System.out.println("Server sent " + chain.length + " certificate(s):");
     
245. 
     
246.                 System.out.println();
     
247. 
     
248.                 MessageDigest sha1 = MessageDigest.getInstance("SHA1");
     
249. 
     
250.                 MessageDigest md5 = MessageDigest.getInstance("MD5");
     
251. 
     
252.                 for (int i = 0; i < chain.length; i++) {
     
253. 
     
254.                         X509Certificate cert = chain[i];
     
255. 
     
256.                         System.out.println(" " + (i + 1) + " Subject "
     
257. 
     
258.                                         + cert.getSubjectDN());
     
259. 
     
260.                         System.out.println("   Issuer  " + cert.getIssuerDN());
     
261. 
     
262.                         sha1.update(cert.getEncoded());
     
263. 
     
264.                         System.out.println("   sha1    " + toHexString(sha1.digest()));
     
265. 
     
266.                         md5.update(cert.getEncoded());
     
267. 
     
268.                         System.out.println("   md5     " + toHexString(md5.digest()));
     
269. 
     
270.                         System.out.println();
     
271. 
     
272.                 }
     
273. 
     
274. 
     
275. 
     
276.                 System.out
     
277. 
     
278.                                 .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
     
279. 
     
280.                 String line = reader.readLine().trim();
     
281. 
     
282.                 int k;
     
283. 
     
284.                 try {
     
285. 
     
286.                         k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
     
287. 
     
288.                 } catch (NumberFormatException e) {
     
289. 
     
290.                         System.out.println("KeyStore not changed");
     
291. 
     
292.                         return;
     
293. 
     
294.                 }
     
295. 
     
296. 
     
297. 
     
298.                 X509Certificate cert = chain[k];
     
299. 
     
300.                 String alias = host + "-" + (k + 1);
     
301. 
     
302.                 ks.setCertificateEntry(alias, cert);
     
303. 
     
304. 
     
305. 
     
306.                 OutputStream out = new FileOutputStream("jssecacerts");
     
307. 
     
308.                 ks.store(out, passphrase);
     
309. 
     
310.                 out.close();
     
311. 
     
312. 
     
313. 
     
314.                 System.out.println();
     
315. 
     
316.                 System.out.println(cert);
     
317. 
     
318.                 System.out.println();
     
319. 
     
320.                 System.out
     
321. 
     
322.                                 .println("Added certificate to keystore 'jssecacerts' using alias '"
     
323. 
     
324.                                                 + alias + "'");
     
325. 
     
326.         }
     
327. 
     
328. 
     
329. 
     
330.         private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();
     
331. 
     
332. 
     
333. 
     
334.         private static String toHexString(byte[] bytes) {
     
335. 
     
336.                 StringBuilder sb = new StringBuilder(bytes.length * 3);
     
337. 
     
338.                 for (int b : bytes) {
     
339. 
     
340.                         b &= 0xff;
     
341. 
     
342.                         sb.append(HEXDIGITS[b >> 4]);
     
343. 
     
344.                         sb.append(HEXDIGITS[b & 15]);
     
345. 
     
346.                         sb.append(' ');
     
347. 
     
348.                 }
     
349. 
     
350.                 return sb.toString();
     
351. 
     
352.         }
     
353. 
     
354. 
     
355. 
     
356.         private static class SavingTrustManager implements X509TrustManager {
     
357. 
     
358. 
     
359. 
     
360.                 private final X509TrustManager tm;
     
361. 
     
362.                 private X509Certificate[] chain;
     
363. 
     
364. 
     
365. 
     
366.                 SavingTrustManager(X509TrustManager tm) {
     
367. 
     
368.                         this.tm = tm;
     
369. 
     
370.                 }
     
371. 
     
372. 
     
373. 
     
374.                 public X509Certificate[] getAcceptedIssuers() {
     
375. 
     
376.                         throw new UnsupportedOperationException();
     
377. 
     
378.                 }
     
379. 
     
380. 
     
381. 
     
382.                 public void checkClientTrusted(X509Certificate[] chain, String authType)
     
383. 
     
384.                                 throws CertificateException {
     
385. 
     
386.                         throw new UnsupportedOperationException();
     
387. 
     
388.                 }
     
389. 
     
390. 
     
391. 
     
392.                 public void checkServerTrusted(X509Certificate[] chain, String authType)
     
393. 
     
394.                                 throws CertificateException {
     
395. 
     
396.                         this.chain = chain;
     
397. 
     
398.                         tm.checkServerTrusted(chain, authType);
     
399. 
     
400.                 }
     
401. 
     
402.         }
     
403. 
     
404. 
     
405. 
     
406. }
     
407. 
     

复制代码