以下是获取安全证书的一种方法,通过以下程序获取安全证书:

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out

                    .println("Usage: java InstallCert <host>[:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib"

                    + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory

                .getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf

                .getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out

                .println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(

                System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject "

                    + cert.getSubjectDN());

            System.out.println("   Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("   sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("   md5     " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out

                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out

                .println("Added certificate to keystore 'jssecacerts' using alias '"

                        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }

        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            throw new UnsupportedOperationException();

        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }

    }

}

编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443

或者在Eclipse下更改上面程序main方法添加两行

String[] a = {"test.report.com:8443"};
args =a;

直接运行

会看到如下信息:

Loading KeyStore jssecacerts...

Opening connection to test.report.com:8443...

Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   Issuer  CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   sha1    37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21

   md5     55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 

Enter certificate to add to trusted keystore or 'q' to quit: [1]   ///////这个会停顿输入1即可

1

[

[

  Version: V3

  Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873

  public exponent: 65537

  Validity: [From: Fri Aug 01 08:27:33 CST 2014,

               To: Sat Aug 01 08:27:33 CST 2015]

  Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  SerialNumber: [    53dadef5]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 29 85 FC 3A 53 22 B3 BF   7B 47 FF 2A 57 94 B5 C2  )..:S"...G.*W...

0010: 1A 04 AF B6 EE 6B AC 08   49 60 7B 42 07 0A F2 23  .....k..I`.B...#

0020: 85 8F 93 50 CD 86 5D AC   97 8D 6C DF 2C 1E 10 71  ...P..]...l.,..q

0030: 64 4D ED CA 06 8E 79 9C   00 A7 94 D0 5C 36 39 B3  dM....y.....\69.

0040: 32 D4 7C 40 25 A0 B7 CB   B3 F8 1B A7 6A CC D4 D4  2..@%.......j...

0050: 26 C7 3E 04 9A 27 8D 63   74 4B D1 5E 97 51 E0 7E  &.>..'.ctK.^.Q..

0060: E3 25 0D 6A 19 51 F8 D1   B5 B4 FA 23 98 41 70 D0  .%.j.Q.....#.Ap.

0070: BC 57 21 CE 75 2E 7B F3   5B 2E 13 A5 F0 27 63 2C  .W!.u...[....'c,

]

Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'

将证书拷贝到$JAVA_HOME/jre/lib/security目录下

注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。

CAS(客户端)程序获取安全证书的更多相关文章

  1. CAS客户端和服务器配置https证书

    关于如何生成https证书可以看这篇文章: java生成Https证书,及证书导入的步骤和过程 下面整理cas如何整合https: cas服务器端部署(TLS[https]) 1.生成证书: 参照ja ...

  2. 客户端程序获取自己的ip、isp、地理位置等信息

    @ 比如说你需要收集用户信息,又或者要通过这些信息让用户登陆合适的服务器(北京联通用户登陆北京联通服务器). @ 淘宝和新浪都提供了类似的API,你只需要发送一个http请求,它就返回一个json格式 ...

  3. Cas 服务器 Service(Cas客户端)注册信息维护

    作为Cas服务器,允许哪些客户端接入与否是通过配置来定义的.对Cas服务器来说,每一个接入的客户端与一个Service配置对应:在Cas服务器启动时加载并注册上这些Service,与之对应的客户端才能 ...

  4. 轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录,Hello World版

    概述说明 按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server.那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到<轻松搭建CAS 5.x ...

  5. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  6. cas sso单点登录系列2:cas客户端和cas服务端交互原理动画图解,cas协议终极分析

    转:http://blog.csdn.net/ae6623/article/details/8848107 1)PPT流程图:ppt下载:http://pan.baidu.com/s/1o7KIlom ...

  7. springboot之cas客户端

    一.CAS Client 与受保护的客户端应用部署在一起,以 Filter 方式保护受保护的资源.对于访问受保护资源的每个 Web 请求,CAS Client 会分析该请求的 Http 请求中是否包含 ...

  8. JavaScript和微信小程序获取IP地址的方法

    最近公司新加了一个需求,根据用户登录的IP地址判断是否重复登录,重复登录就进行逼退,那么怎么获取到浏览器的IP地址呢?最后发现搜狐提供了一个JS接口,可以通过它获取到客户端的IP. 接口地址如下: h ...

  9. 【Tech】单点登录系统CAS客户端demo

    服务器端配置请参考: http://www.cnblogs.com/sunshineatnoon/p/4064632.html 工具:myeclipse或者javaee-eclipse 1.启动jav ...

随机推荐

  1. latex 引用文献 bib

    study from : https://jingyan.baidu.com/article/925f8cb8bce1f0c0dce0564f.html 寻找文献 谷歌学术 from: https:/ ...

  2. Delphi窗体间发送消息或字符串

    在Delphi 开发中,常常应用到窗体消息传递,以达成某种操作要求,以下列举一个应用的例子,供大家参考. 自定义过程/函数方法://发送字符串到指字句柄的窗口中 (接收窗体需用发送时的消息常量WM_C ...

  3. BZOJ 1040 (ZJOI 2008) 骑士

    题目描述 Z国的骑士团是一个很有势力的组织,帮会中汇聚了来自各地的精英.他们劫富济贫,惩恶扬善,受到社会各界的赞扬. 最近发生了一件可怕的事情,邪恶的Y国发动了一场针对Z国的侵略战争.战火绵延五百里, ...

  4. AutoLayout(自动布局)入门

    这是WWDC2012笔记系列中的一篇,完整的笔记列表可以参看这里.如果您是首次来到本站,也许您会有兴趣通过RSS的方式订阅本站. AutoLayout在去年的WWDC上被引入Cocoa,而在今年的WW ...

  5. 01_springboot2.x之springboot入门

    1.简介 Spring Boot来简化Spring应用开发,约定大于配置, 去繁从简,just run就能创建一个独立的,产品级别的应用. 优点: 1.简化Spring应用开发的一个框架: 2.整个S ...

  6. <day005>jQuery事件、文档基本操作 + 点赞事件

    任务1: jQuery的基本操作 <!DOCTYPE html> <html lang="zh-CN"> <head> <meta cha ...

  7. more 和less 命令简单介绍以及使用

    一.more命令 more功能类似 cat ,cat命令是整个文件的内容从上到下显示在屏幕上. more会以一页一页的显示方便使用者逐页阅读,而最基本的指令就是按空白键(space)就往下一页显示,按 ...

  8. LeetCode 206.反转链表(Python3)

    题目: 反转一个单链表. 示例: 输入: 1->2->3->4->5->NULL 输出: 5->4->3->2->1->NULL 进阶:你可 ...

  9. Qt下QMainWindow内部QTableView不能自适应大小

    中央窗体设置的是一个QWidget 一直排查不到原因 最后发现为 因为布局中为QTableView设置了对齐方式 取消即可!

  10. 05.Mybatis动态sql

    1.IF标签 需求:根据条件查询用户 在Mapper.xml中编写 <!-- 根据sex和username查询user --> <select id="findbySexa ...