以下是获取安全证书的一种方法,通过以下程序获取安全证书:

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out

                    .println("Usage: java InstallCert <host>[:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib"

                    + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory

                .getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf

                .getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out

                .println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(

                System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject "

                    + cert.getSubjectDN());

            System.out.println("   Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("   sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("   md5     " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out

                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out

                .println("Added certificate to keystore 'jssecacerts' using alias '"

                        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }

        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            throw new UnsupportedOperationException();

        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }

    }

}

编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443

或者在Eclipse下更改上面程序main方法添加两行

String[] a = {"test.report.com:8443"};
args =a;

直接运行

会看到如下信息:

Loading KeyStore jssecacerts...

Opening connection to test.report.com:8443...

Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   Issuer  CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   sha1    37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21

   md5     55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 

Enter certificate to add to trusted keystore or 'q' to quit: [1]   ///////这个会停顿输入1即可

1

[

[

  Version: V3

  Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873

  public exponent: 65537

  Validity: [From: Fri Aug 01 08:27:33 CST 2014,

               To: Sat Aug 01 08:27:33 CST 2015]

  Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  SerialNumber: [    53dadef5]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 29 85 FC 3A 53 22 B3 BF   7B 47 FF 2A 57 94 B5 C2  )..:S"...G.*W...

0010: 1A 04 AF B6 EE 6B AC 08   49 60 7B 42 07 0A F2 23  .....k..I`.B...#

0020: 85 8F 93 50 CD 86 5D AC   97 8D 6C DF 2C 1E 10 71  ...P..]...l.,..q

0030: 64 4D ED CA 06 8E 79 9C   00 A7 94 D0 5C 36 39 B3  dM....y.....\69.

0040: 32 D4 7C 40 25 A0 B7 CB   B3 F8 1B A7 6A CC D4 D4  2..@%.......j...

0050: 26 C7 3E 04 9A 27 8D 63   74 4B D1 5E 97 51 E0 7E  &.>..'.ctK.^.Q..

0060: E3 25 0D 6A 19 51 F8 D1   B5 B4 FA 23 98 41 70 D0  .%.j.Q.....#.Ap.

0070: BC 57 21 CE 75 2E 7B F3   5B 2E 13 A5 F0 27 63 2C  .W!.u...[....'c,

]

Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'

将证书拷贝到$JAVA_HOME/jre/lib/security目录下

注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。

CAS(客户端)程序获取安全证书的更多相关文章

  1. CAS客户端和服务器配置https证书

    关于如何生成https证书可以看这篇文章: java生成Https证书,及证书导入的步骤和过程 下面整理cas如何整合https: cas服务器端部署(TLS[https]) 1.生成证书: 参照ja ...

  2. 客户端程序获取自己的ip、isp、地理位置等信息

    @ 比如说你需要收集用户信息,又或者要通过这些信息让用户登陆合适的服务器(北京联通用户登陆北京联通服务器). @ 淘宝和新浪都提供了类似的API,你只需要发送一个http请求,它就返回一个json格式 ...

  3. Cas 服务器 Service(Cas客户端)注册信息维护

    作为Cas服务器,允许哪些客户端接入与否是通过配置来定义的.对Cas服务器来说,每一个接入的客户端与一个Service配置对应:在Cas服务器启动时加载并注册上这些Service,与之对应的客户端才能 ...

  4. 轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录,Hello World版

    概述说明 按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server.那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到<轻松搭建CAS 5.x ...

  5. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  6. cas sso单点登录系列2:cas客户端和cas服务端交互原理动画图解,cas协议终极分析

    转:http://blog.csdn.net/ae6623/article/details/8848107 1)PPT流程图:ppt下载:http://pan.baidu.com/s/1o7KIlom ...

  7. springboot之cas客户端

    一.CAS Client 与受保护的客户端应用部署在一起,以 Filter 方式保护受保护的资源.对于访问受保护资源的每个 Web 请求,CAS Client 会分析该请求的 Http 请求中是否包含 ...

  8. JavaScript和微信小程序获取IP地址的方法

    最近公司新加了一个需求,根据用户登录的IP地址判断是否重复登录,重复登录就进行逼退,那么怎么获取到浏览器的IP地址呢?最后发现搜狐提供了一个JS接口,可以通过它获取到客户端的IP. 接口地址如下: h ...

  9. 【Tech】单点登录系统CAS客户端demo

    服务器端配置请参考: http://www.cnblogs.com/sunshineatnoon/p/4064632.html 工具:myeclipse或者javaee-eclipse 1.启动jav ...

随机推荐

  1. truncate、delete、drop

    相同点: 1.三者共同点: truncate.不带where字句的delete.drop都会删除表内的数据 2.drop.truncate的共同点: drop.truncate都得DDL语句(数据库定 ...

  2. leetcode-第10周双周赛-5099验证回文字符串③

    题目描述: 方法:动态规划 class Solution: def isValidPalindrome(self, s: str, k: int) -> bool: def isKPalRec( ...

  3. 尚学linux课程---10、linux环境下安装python

    尚学linux课程---10.linux环境下安装python 一.总结 一句话总结: 直接在官网下载python的源码包即可,然后在linux下安装 linux下安装软件优先想到的的确是yum,但是 ...

  4. arcmap分类标注问题

    在给图层标注的时候,经常出现冲突后有些标注出不来,需要将某些个别的点要素进行标注位置调整,如下图: 处理步骤如下, (1)打开Maplex标注引擎.从ToolBars中打开Labeling工具,勾选U ...

  5. hexo next中遇到的bug,引发出的关于jquery中click()函数和on("click",function())的区别

    个人博客:https://mmmmmm.me 源码:https://github.com/dataiyangu/dataiyangu.github.io 背景: 本人在维护博客的时候加入了aplaye ...

  6. 零基础入门学习python--第二章 用Python设计第一个游戏

    知识点汇总1. 什么是BIF? BIF(Built-in Functions)内置函数,共68个,可直接调用,方便程序员快速编写脚本程序.输入dir(__builtins__)即可查看所有内置函数,h ...

  7. Walk Through Squares HDU - 4758 AC自动机+简单状压DP

    题意:给你两个串,求用m个R,n个D能组成多少个包含这两个串 题解:先构造一个AC自动机记录每个状态包含两个串的状态, 状态很容易定义 dp[i][j][k][status]表示在AC自动机K这个节点 ...

  8. 2019 Multi-University Training Contest 7 Kejin Player Final Exam

    Kejin Player 期望DP 题意: 初始等级为1,每一级有四个参数 r , s , x , a . 每一级有一个概率p=r/s花费a的代价升级到下一级,失败可能会倒退到x级 设从 l 到 r ...

  9. 面试系列24 dubbo负载均衡策略和集群容错策略

    (1)dubbo负载均衡策略 1)random loadbalance 默认情况下,dubbo是random load balance随机调用实现负载均衡,可以对provider不同实例设置不同的权重 ...

  10. springcloud(十六)、feign+hystrix+ribbon+zuul应用案例

    在 基于 " sringcloud(十四).ribbon负载均衡策略应用案例 "所有工程的基础上,进行如下操作进行网关设置 1.创建eureka-client-consumer-z ...