如何在Java中检索/计算X509证书的指纹? [英] How to retrieve/compute an X509 certificate's thumbprint in Java?
问题描述
我有一个java客户端,它调用一个Web服务操作,它接受证书指纹作为参数。我相信指纹是某种类型的SHA1散列,以十六进制字符串格式,证书的公钥,但我不知道。
I have a java client that is calling a web service operation which takes a certificate "thumbprint" as a parameter. I believe the thumbprint is some kind of SHA1 hash, in hexadecimal string format, of the cert's public key, but I'm not sure.
.NET框架似乎包括一个获取此值的简单方法( X509Certificate2.Thumbprint 属性)。在Windows中查看.cer文件的属性还会显示指纹,如下所示:
The .NET framework seems to include a simple way to get this value (X509Certificate2.Thumbprint property). Viewing a .cer file's properties in Windows also displays the thumbprint, which looks like:
a6 9c fd b0 58 0d a4 ee ae 9a 47 75 24 c3 0b 9f 5d b6 1c 77
因此我的问题是:在Java中检索或计算此指纹字符串,如果我有一个 java.security.cert.X509Certificate ?
My question is therefore: Does anybody know how to retrieve or compute this thumbprint string within Java, if I have an instance of a java.security.cert.X509Certificate?
推荐答案
Thumbprint是一个.NET东西。为什么在Java中需要它?
Thumbprint is a .NET thing. Why do you need it in Java?
它不是证书的一部分。它只是证书的 DER编码的SHA1哈希。您可以像这样轻松计算:
It's not part of certificate. It's simply SHA1 hash of the DER encoding of the certificate. You can calculate it easily like this,
public class X509 {
public static void main(String[] args) {
FileInputStream is;
try {
is = new FileInputStream("/tmp/certificate_x509.pem");
CertificateFactory x509CertFact = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)x509CertFact.generateCertificate(is);
String thumbprint = getThumbPrint(cert);
System.out.println(thumbprint);
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static String getThumbPrint(X509Certificate cert)
throws NoSuchAlgorithmException, CertificateEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = cert.getEncoded();
md.update(der);
byte[] digest = md.digest();
return hexify(digest);
}
public static String hexify (byte bytes[]) {
char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
}
return buf.toString();
}
}
这篇关于如何在Java中检索/计算X509证书的指纹?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!