我想从服务器本身正在执行的 java 代码中获取服务器指纹。我已经阅读了一些内容,似乎每个人都建议从证书本身中提取它。有没有办法在不使用证书的情况下获得它,比如打开 httpconnection/httprequest 之类的?
问问题
799 次
2 回答
1
- 使用 SSL 连接从服务器下载证书。这是一个例子。
- 计算指纹(哈希)
于 2012-10-11T20:19:15.503 回答
0
我试图使用一个新的 TrustManager 并且它在那里崩溃了。我删除了它并使用了其余的代码并且它有效。
static X509TrustManager tm = new X509TrustManager()
{
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException
{
// TODO Auto-generated method stub
}
@SuppressWarnings("synthetic-access")
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException
{
}
@Override
public X509Certificate[] getAcceptedIssuers()
{
// TODO Auto-generated method stub
return null;
}
// public static X509Certificate[] getChain() { return chain; }
};
TrustManager[] tm1 = { tm };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tm1, new SecureRandom());
sslFactory = sslContext.getSocketFactory();
sslSocket = (SSLSocket) sslFactory.createSocket("localhost", port);
// timeout: 10secs
sslSocket.setSoTimeout(10 * 1000);
sslSocket.startHandshake();
// add certificate to keystore
X509Certificate[] vCenterServerCert = chain;
for (int i = 0; i < vCenterServerCert.length; i++) {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = vCenterServerCert[i].getEncoded();
md.update(der);
byte[] digest = md.digest();
System.out.print("-----BEGIN CERTIFICATE-----\n");
System.out.print(hexify(digest));
//System.out.print(new sun.misc.BASE64Encoder().encode(servercerts[i].getEncoded()));
System.out.print("\n-----END CERTIFICATE-----\n");
}
于 2012-10-16T15:21:48.707 回答