CAS(客户端)程序获取安全证书
以下是获取安全证书的一种方法,通过以下程序获取安全证书:
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; public class InstallCert { public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
String[] c = args[0].split(":");
host = c[0];
port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
String p = (args.length == 1) ? "changeit" : args[1];
passphrase = p.toCharArray();
} else {
System.out
.println("Usage: java InstallCert <host>[:port] [passphrase]");
return;
} File file = new File("jssecacerts");
if (file.isFile() == false) {
char SEP = File.separatorChar;
File dir = new File(System.getProperty("java.home") + SEP + "lib"
+ SEP + "security");
file = new File(dir, "jssecacerts");
if (file.isFile() == false) {
file = new File(dir, "cacerts");
}
}
System.out.println("Loading KeyStore " + file + "...");
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, passphrase);
in.close(); SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf
.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory factory = context.getSocketFactory(); System.out
.println("Opening connection to " + host + ":" + port + "...");
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.setSoTimeout(10000);
try {
System.out.println("Starting SSL handshake...");
socket.startHandshake();
socket.close();
System.out.println();
System.out.println("No errors, certificate is already trusted");
} catch (SSLException e) {
System.out.println();
e.printStackTrace(System.out);
} X509Certificate[] chain = tm.chain;
if (chain == null) {
System.out.println("Could not obtain server certificate chain");
return;
} BufferedReader reader = new BufferedReader(new InputStreamReader(
System.in)); System.out.println();
System.out.println("Server sent " + chain.length + " certificate(s):");
System.out.println();
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
MessageDigest md5 = MessageDigest.getInstance("MD5");
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
System.out.println(" " + (i + 1) + " Subject "
+ cert.getSubjectDN());
System.out.println(" Issuer " + cert.getIssuerDN());
sha1.update(cert.getEncoded());
System.out.println(" sha1 " + toHexString(sha1.digest()));
md5.update(cert.getEncoded());
System.out.println(" md5 " + toHexString(md5.digest()));
System.out.println();
} System.out
.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader.readLine().trim();
int k;
try {
k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
} catch (NumberFormatException e) {
System.out.println("KeyStore not changed");
return;
} X509Certificate cert = chain[k];
String alias = host + "-" + (k + 1);
ks.setCertificateEntry(alias, cert); OutputStream out = new FileOutputStream("jssecacerts");
ks.store(out, passphrase);
out.close(); System.out.println();
System.out.println(cert);
System.out.println();
System.out
.println("Added certificate to keystore 'jssecacerts' using alias '"
+ alias + "'");
} private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray(); private static String toHexString(byte[] bytes) {
StringBuilder sb = new StringBuilder(bytes.length * 3);
for (int b : bytes) {
b &= 0xff;
sb.append(HEXDIGITS[b >> 4]);
sb.append(HEXDIGITS[b & 15]);
sb.append(' ');
}
return sb.toString();
} private static class SavingTrustManager implements X509TrustManager { private final X509TrustManager tm;
private X509Certificate[] chain; SavingTrustManager(X509TrustManager tm) {
this.tm = tm;
} public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
} public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
} public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
this.chain = chain;
tm.checkServerTrusted(chain, authType);
}
} }
编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443
或者在Eclipse下更改上面程序main方法添加两行
String[] a = {"test.report.com:8443"};
args =a;
直接运行
会看到如下信息:
Loading KeyStore jssecacerts...
Opening connection to test.report.com:8443...
Starting SSL handshake... No errors, certificate is already trusted Server sent 1 certificate(s): 1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
Issuer CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
sha1 37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21
md5 55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 Enter certificate to add to trusted keystore or 'q' to quit: [1] ///////这个会停顿输入1即可
1 [
[
Version: V3
Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, 1024 bits
modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873
public exponent: 65537
Validity: [From: Fri Aug 01 08:27:33 CST 2014,
To: Sat Aug 01 08:27:33 CST 2015]
Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn
SerialNumber: [ 53dadef5] ]
Algorithm: [SHA1withRSA]
Signature:
0000: 29 85 FC 3A 53 22 B3 BF 7B 47 FF 2A 57 94 B5 C2 )..:S"...G.*W...
0010: 1A 04 AF B6 EE 6B AC 08 49 60 7B 42 07 0A F2 23 .....k..I`.B...#
0020: 85 8F 93 50 CD 86 5D AC 97 8D 6C DF 2C 1E 10 71 ...P..]...l.,..q
0030: 64 4D ED CA 06 8E 79 9C 00 A7 94 D0 5C 36 39 B3 dM....y.....\69.
0040: 32 D4 7C 40 25 A0 B7 CB B3 F8 1B A7 6A CC D4 D4 2..@%.......j...
0050: 26 C7 3E 04 9A 27 8D 63 74 4B D1 5E 97 51 E0 7E &.>..'.ctK.^.Q..
0060: E3 25 0D 6A 19 51 F8 D1 B5 B4 FA 23 98 41 70 D0 .%.j.Q.....#.Ap.
0070: BC 57 21 CE 75 2E 7B F3 5B 2E 13 A5 F0 27 63 2C .W!.u...[....'c, ] Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'
将证书拷贝到$JAVA_HOME/jre/lib/security目录下
注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。
CAS(客户端)程序获取安全证书的更多相关文章
- CAS客户端和服务器配置https证书
关于如何生成https证书可以看这篇文章: java生成Https证书,及证书导入的步骤和过程 下面整理cas如何整合https: cas服务器端部署(TLS[https]) 1.生成证书: 参照ja ...
- 客户端程序获取自己的ip、isp、地理位置等信息
@ 比如说你需要收集用户信息,又或者要通过这些信息让用户登陆合适的服务器(北京联通用户登陆北京联通服务器). @ 淘宝和新浪都提供了类似的API,你只需要发送一个http请求,它就返回一个json格式 ...
- Cas 服务器 Service(Cas客户端)注册信息维护
作为Cas服务器,允许哪些客户端接入与否是通过配置来定义的.对Cas服务器来说,每一个接入的客户端与一个Service配置对应:在Cas服务器启动时加载并注册上这些Service,与之对应的客户端才能 ...
- 轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录,Hello World版
概述说明 按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server.那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到<轻松搭建CAS 5.x ...
- Nginx反向代理后应用程序获取客户端真实IP
Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...
- cas sso单点登录系列2:cas客户端和cas服务端交互原理动画图解,cas协议终极分析
转:http://blog.csdn.net/ae6623/article/details/8848107 1)PPT流程图:ppt下载:http://pan.baidu.com/s/1o7KIlom ...
- springboot之cas客户端
一.CAS Client 与受保护的客户端应用部署在一起,以 Filter 方式保护受保护的资源.对于访问受保护资源的每个 Web 请求,CAS Client 会分析该请求的 Http 请求中是否包含 ...
- JavaScript和微信小程序获取IP地址的方法
最近公司新加了一个需求,根据用户登录的IP地址判断是否重复登录,重复登录就进行逼退,那么怎么获取到浏览器的IP地址呢?最后发现搜狐提供了一个JS接口,可以通过它获取到客户端的IP. 接口地址如下: h ...
- 【Tech】单点登录系统CAS客户端demo
服务器端配置请参考: http://www.cnblogs.com/sunshineatnoon/p/4064632.html 工具:myeclipse或者javaee-eclipse 1.启动jav ...
随机推荐
- PHP算法之IP 地址无效化
给你一个有效的 IPv4 地址 address,返回这个 IP 地址的无效化版本. 所谓无效化 IP 地址,其实就是用 "[.]" 代替了每个 ".". 示例 ...
- Google Projectsheet Planning 插件的WBS
生成 WBS的序列號 在 Sldebar中的 "WBS" 按鈕: "< WBS" 取消下級目錄 "WBS >" 生成下級目錄 G ...
- iptbales无法正常重启
新主机iptables无法启动关闭和重启 一般是由于没有配文件导致 解决办法 直接touch /etc/sysconfig/iptables 然后就可以正常启动. 备注:一般存在于centos6系列中
- python 之单例模式
单例模式1 单例=>只有一个单例2 静态方法+静态字段3 所有实例中等转的内容相同时 用单例模式class Sqllite: __instance=None def __init__(self) ...
- Oracle大数据SQL语句优化
1.对查询进行优化,应尽量避免全表扫描,首先应考虑在 where 及 order by 涉及的列上建立索引. 2.应尽量避免在 where 子句中对字段进行 null 值判断,否则将导致引擎放弃使用索 ...
- 8 包含min函数的栈
0 引言 题目:定义栈的数据结构,请在该类型中实现一个能够得到栈的最小元素的min函数.在该栈中,调用min.push及pop的时间复杂度都是O(). 1 抽象问题具体化 2 具体问题抽象分析 需要解 ...
- kudu安装过程中可能出现的问题
kudu安装过成中可能出现的问题 1.给用户添加sudo权限的时候报错 sudo: /etc/sudoers is world writable 解决方式:pkexec chmod /etc/sudo ...
- android—退出应用程序
在android系统中,当你点击返回按钮时,会默认调用finish方法(还是destroy方法,记不太清楚),这样你就能退出当前Activity.注意是当前Activity,不是应用程序,因为如果这个 ...
- 使用treeNMS管理及监控Redis
Redis做为现在web应用开发的黄金搭担组合,大量的被应用,广泛用于存储session信息,权限信息,交易作业等热数据.做为一名有10年以上JAVA开发经验的程序员,工作中项目也是广泛使用了Redi ...
- PAT甲级——A1123 Is It a Complete AVL Tree【30】
An AVL tree is a self-balancing binary search tree. In an AVL tree, the heights of the two child sub ...