以下是获取安全证书的一种方法,通过以下程序获取安全证书:

import java.io.BufferedReader;

import java.io.File;

import java.io.FileInputStream;

import java.io.FileOutputStream;

import java.io.InputStream;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.security.KeyStore;

import java.security.MessageDigest;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLException;

import javax.net.ssl.SSLSocket;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class InstallCert {

    public static void main(String[] args) throws Exception {

        String host;

        int port;

        char[] passphrase;

        if ((args.length == 1) || (args.length == 2)) {

            String[] c = args[0].split(":");

            host = c[0];

            port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);

            String p = (args.length == 1) ? "changeit" : args[1];

            passphrase = p.toCharArray();

        } else {

            System.out

                    .println("Usage: java InstallCert <host>[:port] [passphrase]");

            return;

        }

        File file = new File("jssecacerts");

        if (file.isFile() == false) {

            char SEP = File.separatorChar;

            File dir = new File(System.getProperty("java.home") + SEP + "lib"

                    + SEP + "security");

            file = new File(dir, "jssecacerts");

            if (file.isFile() == false) {

                file = new File(dir, "cacerts");

            }

        }

        System.out.println("Loading KeyStore " + file + "...");

        InputStream in = new FileInputStream(file);

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

        ks.load(in, passphrase);

        in.close();

        SSLContext context = SSLContext.getInstance("TLS");

        TrustManagerFactory tmf = TrustManagerFactory

                .getInstance(TrustManagerFactory.getDefaultAlgorithm());

        tmf.init(ks);

        X509TrustManager defaultTrustManager = (X509TrustManager) tmf

                .getTrustManagers()[0];

        SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

        context.init(null, new TrustManager[] { tm }, null);

        SSLSocketFactory factory = context.getSocketFactory();

        System.out

                .println("Opening connection to " + host + ":" + port + "...");

        SSLSocket socket = (SSLSocket) factory.createSocket(host, port);

        socket.setSoTimeout(10000);

        try {

            System.out.println("Starting SSL handshake...");

            socket.startHandshake();

            socket.close();

            System.out.println();

            System.out.println("No errors, certificate is already trusted");

        } catch (SSLException e) {

            System.out.println();

            e.printStackTrace(System.out);

        }

        X509Certificate[] chain = tm.chain;

        if (chain == null) {

            System.out.println("Could not obtain server certificate chain");

            return;

        }

        BufferedReader reader = new BufferedReader(new InputStreamReader(

                System.in));

        System.out.println();

        System.out.println("Server sent " + chain.length + " certificate(s):");

        System.out.println();

        MessageDigest sha1 = MessageDigest.getInstance("SHA1");

        MessageDigest md5 = MessageDigest.getInstance("MD5");

        for (int i = 0; i < chain.length; i++) {

            X509Certificate cert = chain[i];

            System.out.println(" " + (i + 1) + " Subject "

                    + cert.getSubjectDN());

            System.out.println("   Issuer  " + cert.getIssuerDN());

            sha1.update(cert.getEncoded());

            System.out.println("   sha1    " + toHexString(sha1.digest()));

            md5.update(cert.getEncoded());

            System.out.println("   md5     " + toHexString(md5.digest()));

            System.out.println();

        }

        System.out

                .println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");

        String line = reader.readLine().trim();

        int k;

        try {

            k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;

        } catch (NumberFormatException e) {

            System.out.println("KeyStore not changed");

            return;

        }

        X509Certificate cert = chain[k];

        String alias = host + "-" + (k + 1);

        ks.setCertificateEntry(alias, cert);

        OutputStream out = new FileOutputStream("jssecacerts");

        ks.store(out, passphrase);

        out.close();

        System.out.println();

        System.out.println(cert);

        System.out.println();

        System.out

                .println("Added certificate to keystore 'jssecacerts' using alias '"

                        + alias + "'");

    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {

        StringBuilder sb = new StringBuilder(bytes.length * 3);

        for (int b : bytes) {

            b &= 0xff;

            sb.append(HEXDIGITS[b >> 4]);

            sb.append(HEXDIGITS[b & 15]);

            sb.append(' ');

        }

        return sb.toString();

    }

    private static class SavingTrustManager implements X509TrustManager {

        private final X509TrustManager tm;

        private X509Certificate[] chain;

        SavingTrustManager(X509TrustManager tm) {

            this.tm = tm;

        }

        public X509Certificate[] getAcceptedIssuers() {

            throw new UnsupportedOperationException();

        }

        public void checkClientTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            throw new UnsupportedOperationException();

        }

        public void checkServerTrusted(X509Certificate[] chain, String authType)

                throws CertificateException {

            this.chain = chain;

            tm.checkServerTrusted(chain, authType);

        }

    }

}

编译InstallCert.java,然后执行:java InstallCert hostname,比如:java InstallCert test.report.com:8443

或者在Eclipse下更改上面程序main方法添加两行

String[] a = {"test.report.com:8443"};
args =a;

直接运行

会看到如下信息:

Loading KeyStore jssecacerts...

Opening connection to test.report.com:8443...

Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   Issuer  CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

   sha1    37 14 8a 28 58 2b 3a f3 db 42 0d 92 fd 3f f1 a6 06 13 35 21

   md5     55 69 fa 43 37 41 09 f5 67 da e2 92 27 33 ec 79 

Enter certificate to add to trusted keystore or 'q' to quit: [1]   ///////这个会停顿输入1即可

1

[

[

  Version: V3

  Subject: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits

  modulus: 149873530000197648968384226232142785553649803399692573942793261090630391481722183310320058253183769285146849448847313746048049814923722789854933544076336037287359367641477779694510644756797446990529822078491466388360806777787325862581162302785602922306714668838474079290033075735325490781287260322195248343873

  public exponent: 65537

  Validity: [From: Fri Aug 01 08:27:33 CST 2014,

               To: Sat Aug 01 08:27:33 CST 2015]

  Issuer: CN=localhost, OU=localhost, O=local, L=sh, ST=sh, C=cn

  SerialNumber: [    53dadef5]

]

  Algorithm: [SHA1withRSA]

  Signature:

0000: 29 85 FC 3A 53 22 B3 BF   7B 47 FF 2A 57 94 B5 C2  )..:S"...G.*W...

0010: 1A 04 AF B6 EE 6B AC 08   49 60 7B 42 07 0A F2 23  .....k..I`.B...#

0020: 85 8F 93 50 CD 86 5D AC   97 8D 6C DF 2C 1E 10 71  ...P..]...l.,..q

0030: 64 4D ED CA 06 8E 79 9C   00 A7 94 D0 5C 36 39 B3  dM....y.....\69.

0040: 32 D4 7C 40 25 A0 B7 CB   B3 F8 1B A7 6A CC D4 D4  2..@%.......j...

0050: 26 C7 3E 04 9A 27 8D 63   74 4B D1 5E 97 51 E0 7E  &.>..'.ctK.^.Q..

0060: E3 25 0D 6A 19 51 F8 D1   B5 B4 FA 23 98 41 70 D0  .%.j.Q.....#.Ap.

0070: BC 57 21 CE 75 2E 7B F3   5B 2E 13 A5 F0 27 63 2C  .W!.u...[....'c,

]

Added certificate to keystore 'jssecacerts' using alias 'test.report.com-1'

将证书拷贝到$JAVA_HOME/jre/lib/security目录下

注意:因为是静态加载,所以要重新启动你的Web Server,证书才能生效。

CAS(客户端)程序获取安全证书的更多相关文章

  1. CAS客户端和服务器配置https证书

    关于如何生成https证书可以看这篇文章: java生成Https证书,及证书导入的步骤和过程 下面整理cas如何整合https: cas服务器端部署(TLS[https]) 1.生成证书: 参照ja ...

  2. 客户端程序获取自己的ip、isp、地理位置等信息

    @ 比如说你需要收集用户信息,又或者要通过这些信息让用户登陆合适的服务器(北京联通用户登陆北京联通服务器). @ 淘宝和新浪都提供了类似的API,你只需要发送一个http请求,它就返回一个json格式 ...

  3. Cas 服务器 Service(Cas客户端)注册信息维护

    作为Cas服务器,允许哪些客户端接入与否是通过配置来定义的.对Cas服务器来说,每一个接入的客户端与一个Service配置对应:在Cas服务器启动时加载并注册上这些Service,与之对应的客户端才能 ...

  4. 轻松搭建CAS 5.x系列(4)-Java客户端程序接入CAS单点登录,Hello World版

    概述说明 按照本系列的前3篇文章描述的步骤,我们已经搭建好cas sso server.那应用程序怎么接入到实现sso呢? (如果您还没有搭建cas server,可以到<轻松搭建CAS 5.x ...

  5. Nginx反向代理后应用程序获取客户端真实IP

    Nginx反向代理后,Servlet应用通过request.getRemoteAddr()取到的IP是Nginx的IP地址,并非客户端真实IP,通过request.getRequestURL()获取的 ...

  6. cas sso单点登录系列2:cas客户端和cas服务端交互原理动画图解,cas协议终极分析

    转:http://blog.csdn.net/ae6623/article/details/8848107 1)PPT流程图:ppt下载:http://pan.baidu.com/s/1o7KIlom ...

  7. springboot之cas客户端

    一.CAS Client 与受保护的客户端应用部署在一起,以 Filter 方式保护受保护的资源.对于访问受保护资源的每个 Web 请求,CAS Client 会分析该请求的 Http 请求中是否包含 ...

  8. JavaScript和微信小程序获取IP地址的方法

    最近公司新加了一个需求,根据用户登录的IP地址判断是否重复登录,重复登录就进行逼退,那么怎么获取到浏览器的IP地址呢?最后发现搜狐提供了一个JS接口,可以通过它获取到客户端的IP. 接口地址如下: h ...

  9. 【Tech】单点登录系统CAS客户端demo

    服务器端配置请参考: http://www.cnblogs.com/sunshineatnoon/p/4064632.html 工具:myeclipse或者javaee-eclipse 1.启动jav ...

随机推荐

  1. git统计项目中成员代码量

    查看git上个人代码量 git log --author="username" --pretty=tformat: --numstat | awk '{ add += $1; su ...

  2. CSIC_716_20191104【流程控制语句】

    流程控制语句 if 语法结构 if 逻辑判断为真 : xxxxxx else: xxxxx while 语法结构  (continue.break) while 逻辑判断为真: xxxxxxx con ...

  3. yum -y install python-devel

    yum -y install python-devel的时候报错如图: Could not retrieve mirrorlist http://mirrorlist.centos.org/?rele ...

  4. jquery高级编程学习

    jquery高级编程 第1章.jQuery入门 类型检查 对象 类型检查表达式 String typeof object === "string" Number typeof ob ...

  5. thinkphp 插件控制器

    3.2.2版本开始支持插件控制器的调用,可以通过更加方便的URL地址访问到模块中的插件定义的控制器. 当URL中传入插件控制器变量的时候,会自动定位到插件控制器中的操作方法. 大理石平台精度等级 插件 ...

  6. npm run server报错

    从git上clone的vue项目npm install后npm run server报错 $ npm run dev > lufei@1.0.0 dev E:\pythonProject\luf ...

  7. vue知识点汇总

    一.学习vue必须了解的几个知识点  1.node.js介绍 node是一个让JavaScript运行在服务端的开发平台,使用JavaScript也可以开发后台服务.说明白些它仅仅是一个平台,我们使用 ...

  8. JSOI 2008 魔兽地图

    题目描述 DotR (Defense of the Robots) Allstars是一个风靡全球的魔兽地图,他的规则简单与同样流行的地图DotA (Defense of the Ancients) ...

  9. fiddler过滤其他网站请求

    1.首先选择filters过滤器,之后选择使用,点击第二个下拉框选择只显示下方主机地址 2.填写需要过滤的IP或网址,点击Actions保存设置 3.最后就可以只抓取固定的数据包了.

  10. (转)详解HttpURLConnection

    请求响应流程 设置连接参数的方法 setAllowUserInteraction setDoInput setDoOutput setIfModifiedSince setUseCaches setD ...