我在 Java 中使用以下代码打印出 Google 证书的各种属性。
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.SocketFactory;
import java.io.*;
import java.math.*;
import java.net.*;
import java.security.*;
import javax.net.*;
import javax.security.cert.X509Certificate;
/*
* Start an connection with google.com and submit to Google to figure out how to get the certificate.
* Should not pull from artificial context.
*/
public class MWE{
public static void main(String[] args) throws Exception{
SSLContext sslContext = SSLContext.getDefault();
SocketFactory clientSocketFactory = sslContext.getSocketFactory();
String remoteHost = "google.com";
int remotePort = 443;
SSLSocket socket = null;
try {
//Lookup the "common name" field of the certificate from the remote server:
socket = (SSLSocket) clientSocketFactory.createSocket(remoteHost, remotePort);
socket.setEnabledCipherSuites(socket.getSupportedCipherSuites());
socket.startHandshake();
} catch (IOException ioe) {
ioe.printStackTrace();
}
X509Certificate[] c = socket.getSession().getPeerCertificateChain();
X509Certificate serverCertificate = c[0]; //can I control which instance of this is used?
Principal serverDN = serverCertificate.getSubjectDN();
BigInteger serverSerialNumber = serverCertificate.getSerialNumber();
System.out.println(serverCertificate.getClass());
System.out.println(serverDN);
System.out.println(serverSerialNumber.toString(16));
System.out.println(serverCertificate.getSigAlgName());
System.out.println(serverCertificate.getNotBefore());
System.out.println(serverCertificate.getNotAfter());
}
}
我得到的输出如下所示:
CN=*.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
1484d9a3000000007d35
SHA1withRSA
Wed Feb 20 05:34:43 PST 2013
Fri Jun 07 12:43:27 PDT 2013
但是,当我从 Firefox 或 Chrome 查看证书时,除了序列号外,其他所有内容都匹配。
