如何获得Java中的受信任的根证书的列表？ [英] How can I get a list of trusted root certificates in Java?

问题描述

我希望能够在Java应用程序中以编程方式访问所有受信任的根证书。

I would like to be able to get access to all trusted root certificates programmatically in a Java app.

我在查看密钥库接口，但我希望获得JRE隐含的受信任根列表。

I was looking at the keystore interface, but I'm hoping to get the list of trusted roots that's implicit with the JRE.

这是否可以在任何地方访问？

Is this accessible anywhere?

推荐答案

Example Depot中有一个示例，根证书并通过它们进行迭代，称为列出最可信的证书颁发机构CA）在密钥存储区。这是一个稍微修改版本，打印每个证书（在Windows Vista上测试）。

There's an example at Example Depot that shows how to get a Set of the root certificates and iterate through them called Listing the Most-Trusted Certificate Authorities (CA) in a Key Store. Here's a slightly modified version that prints out each certificate (tested on Windows Vista).

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Iterator;


public class Main {

    public static void main(String[] args) {
        try {
            // Load the JDK's cacerts keystore file
            String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
            FileInputStream is = new FileInputStream(filename);
            KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            String password = "changeit";
            keystore.load(is, password.toCharArray());

            // This class retrieves the most-trusted CAs from the keystore
            PKIXParameters params = new PKIXParameters(keystore);

            // Get the set of trust anchors, which contain the most-trusted CA certificates
            Iterator it = params.getTrustAnchors().iterator();
            while( it.hasNext() ) {
                TrustAnchor ta = (TrustAnchor)it.next();
                // Get certificate
                X509Certificate cert = ta.getTrustedCert();
                System.out.println(cert);
            }
        } catch (CertificateException e) {
        } catch (KeyStoreException e) {
        } catch (NoSuchAlgorithmException e) {
        } catch (InvalidAlgorithmParameterException e) {
        } catch (IOException e) {
        } 
    }
}

这篇关于如何获得Java中的受信任的根证书的列表？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！