从SSLContext提取证书 [英] Extract certificate from SSLContext

问题描述

我正在以标准方式创建SSLContext:

I'm creating SSLContext in standard way:

• 获取.p12证书文件，
• 创建KeyStore并将证书加载到其中，
• 创建KeyManagerFactory，使用KeyStore对其进行初始化，并获取KeyManager，
• 创建TrustManagerFactory，将其初始化为null，然后获取TrustManagers.
• 创建SSLContext并使用KeyManagers和TrustManagers对其进行初始化.

问题是-如何从SSLContext提取回KeyStore和证书数据?任务是从证书中获取指纹哈希.

The question is - how can I extract KeyStore and certificate data back from SSLContext? The task is to obtain fingerprint hash from certficate.

是否有可能或者我必须单独获取它，从文件中读取证书?

Is it even possible or I have to get it separately, reading certificate from file?

推荐答案

如果您具有自定义的TrustManager，则可以完成此操作.您可以参考以下链接该自定义类.寻找私有的SavingTrustManager静态类.

It can be done if you have a custom TrustManager. You can refer to this link for that custom class. Look for the private SavingTrustManager static class.

使用Java的默认TrustManager的地方，请使用此类，以便您可以检索服务器发送的证书.

And the place where you are using the java's default TrustManager, use this class so that you can retrieve the certificate that the server sent.

SSLContext context = SSLContext.getInstance("TLS");
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(dummyTrustStore);

X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];

SavingTrustManager savingTrustManager = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { savingTrustManager }, null);
SSLSocketFactory factory = context.getSocketFactory();

并且在开始握手之后，您可以从静态成员变量chain的SavingTrustManager中获取证书，例如:

And after you have started the handshake, you can get the certificates from the SavingTrustManager from the static member variable chain, like:

savingTrustManager.chain

savingTrustManager.chain

这篇关于从SSLContext提取证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！