以下是获取安全证书的一种方法,通过以下程序获取安全证书:

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out

                    .println("Usage: java InstallCert <host>[:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib"

                    + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory

                .getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf

                .getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out

                .println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(

                System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject "

                    + cert.getSubjectDN());

            System.out.println("   Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("   sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("   md5     " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out

                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out

                .println("Added certificate to keystore 'jssecacerts' using alias '"

                        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }

        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            throw new UnsupportedOperationException();

        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }

    }

}

编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443

或者在Eclipse下更改上面程序main方法添加两行

String[] a = {"test.report.com:8443"};
args =a;

直接运行

会看到如下信息:

Loading KeyStore jssecacerts...

Opening connection to test.report.com:8443...

Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   Issuer  CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   sha1    37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21

   md5     55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 

Enter certificate to add to trusted keystore or 'q' to quit: [1]   ///////这个会停顿输入1即可

1

[

[

  Version: V3

  Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873

  public exponent: 65537

  Validity: [From: Fri Aug 01 08:27:33 CST 2014,

               To: Sat Aug 01 08:27:33 CST 2015]

  Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  SerialNumber: [    53dadef5]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 29 85 FC 3A 53 22 B3 BF   7B 47 FF 2A 57 94 B5 C2  )..:S"...G.*W...

0010: 1A 04 AF B6 EE 6B AC 08   49 60 7B 42 07 0A F2 23  .....k..I`.B...#

0020: 85 8F 93 50 CD 86 5D AC   97 8D 6C DF 2C 1E 10 71  ...P..]...l.,..q

0030: 64 4D ED CA 06 8E 79 9C   00 A7 94 D0 5C 36 39 B3  dM....y.....\69.

0040: 32 D4 7C 40 25 A0 B7 CB   B3 F8 1B A7 6A CC D4 D4  2..@%.......j...

0050: 26 C7 3E 04 9A 27 8D 63   74 4B D1 5E 97 51 E0 7E  &.>..'.ctK.^.Q..

0060: E3 25 0D 6A 19 51 F8 D1   B5 B4 FA 23 98 41 70 D0  .%.j.Q.....#.Ap.

0070: BC 57 21 CE 75 2E 7B F3   5B 2E 13 A5 F0 27 63 2C  .W!.u...[....'c,

]

Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'

将证书拷贝到$JAVA_HOME/jre/lib/security目录下

注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。

CAS(客户端)程序获取安全证书的更多相关文章

  1. CAS客户端和服务器配置https证书

    关于如何生成https证书可以看这篇文章: java生成Https证书,及证书导入的步骤和过程 下面整理cas如何整合https: cas服务器端部署(TLS[https]) 1.生成证书: 参照ja ...

  2. 客户端程序获取自己的ip、isp、地理位置等信息

    @ 比如说你需要收集用户信息,又或者要通过这些信息让用户登陆合适的服务器(北京联通用户登陆北京联通服务器). @ 淘宝和新浪都提供了类似的API,你只需要发送一个http请求,它就返回一个json格式 ...

  3. Cas 服务器 Service(Cas客户端)注册信息维护

    作为Cas服务器,允许哪些客户端接入与否是通过配置来定义的.对Cas服务器来说,每一个接入的客户端与一个Service配置对应:在Cas服务器启动时加载并注册上这些Service,与之对应的客户端才能 ...

  4. 轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录,Hello World版

    概述说明 按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server.那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到<轻松搭建CAS 5.x ...

  5. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  6. cas sso单点登录系列2:cas客户端和cas服务端交互原理动画图解,cas协议终极分析

    转:http://blog.csdn.net/ae6623/article/details/8848107 1)PPT流程图:ppt下载:http://pan.baidu.com/s/1o7KIlom ...

  7. springboot之cas客户端

    一.CAS Client 与受保护的客户端应用部署在一起,以 Filter 方式保护受保护的资源.对于访问受保护资源的每个 Web 请求,CAS Client 会分析该请求的 Http 请求中是否包含 ...

  8. JavaScript和微信小程序获取IP地址的方法

    最近公司新加了一个需求,根据用户登录的IP地址判断是否重复登录,重复登录就进行逼退,那么怎么获取到浏览器的IP地址呢?最后发现搜狐提供了一个JS接口,可以通过它获取到客户端的IP. 接口地址如下: h ...

  9. 【Tech】单点登录系统CAS客户端demo

    服务器端配置请参考: http://www.cnblogs.com/sunshineatnoon/p/4064632.html 工具:myeclipse或者javaee-eclipse 1.启动jav ...

随机推荐

  1. leetcode-11-盛水最多的容器

    题目描述: 方法一:双指针 class Solution: def maxArea(self, height: List[int]) -> int: left = 0 right = len(h ...

  2. 软件设计师_C语言基础

    1.常量 表示八进制,不带前缀则默认表示十进制.整数常量也可以带一个后缀,后缀是 U 和 L 的组合,U 表示无符号整数(unsigned),L 表示长整数(long).后缀可以是大写,也可以是小写, ...

  3. thinkphp 比较标签

    比较标签用于简单的变量比较,复杂的判断条件可以用if标签替换,比较标签是一组标签的集合,基本上用法都一致,如下: <比较标签 name="变量" value="值& ...

  4. 服务器断过一次电之后,mysql启动不了了

    公司内部服务器,周末会直接拉闸断电,之前也没问题,但这次回来发现mysql启动不了了. service mysqld start 提示: Starting MySQL.The server quit ...

  5. Hadoop yarn任务调度策略介绍

    二.Capacity Scheduler(容器调度器)的配置 2.1 容器调度介绍 Capacity 调度器允许多个组织共享整个集群,每个组织可以获得集群的一部分计算能力.通过为每个组织分配专门的队列 ...

  6. vue.js+web storm安装及第一个vue.js

    小白还是自己写一遍吧 1.下载node.js https://nodejs.org/en/download/ 2.安装淘宝镜像(类似于阿里云的maven中央仓库镜像) 安装时间有点长 安装命令:npm ...

  7. UVA 511 Do You Know the Way to San Jose?

    题目链接:https://vjudge.net/problem/UVA-511 题目翻译摘自<算法禁赛入门经典> 题目大意 有 n 张地图(已知名称和某两个对角线端点的坐标)和 m 个地名 ...

  8. Java中方法的定义与使用,以及对数组的初步了解。

    方法 方法的含义 定义: 方法就是用来完成解决某件事情或实现某个功能的办法. 方法实现的过程中,会包含很多条语句用于完成某些有意义的功能——通常是处理文本,控制输入或计算数值. 我们可以通过在程序代码 ...

  9. POJ 1696 /// 凸包

    题目大意: 不能向左拐 不能重复走 就是求一个螺旋凸包 把已经是凸包内的点标记一下就行 因为凸包的性质 所有点都能走到 注意起点的选择 还有 反复求凸包的过程中边界的改变 #include <c ...

  10. shell脚本练习01

    ######################################################################### # File Name: 4.5.sh # Auth ...