如何在Java中以编程方式检查SSL证书到期日期 [英] how to check SSL certificate expiration date programmatically in Java
问题描述
我需要从Java网站上的SSL证书中提取到期日期,应该同时支持
可信和自签名证书,例如:
1.trusted
https://github.com
2.self-signed
https://mms.nw.ru/
I need to extract expiration date from SSL certificate on web site in Java,should support both trusted and self-signed certificate,such as: 1.trusted https://github.com 2.self-signed https://mms.nw.ru/
我已经将一些代码复制为:
I already copy some code as:
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SSLTest {
public static void main(String [] args) throws Exception {
// configure the SSLContext with a TrustManager
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
SSLContext.setDefault(ctx);
URL url = new URL("https://github.com");//https://mms.nw.ru
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
});
System.out.println(conn.getResponseCode());
Certificate[] certs = conn.getServerCertificates();
for (Certificate cert :certs){
System.out.println(cert.getType());
System.out.println(cert);
}
conn.disconnect();
}
private static class DefaultTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
}
问题是:
-
如何从证书中解析过期日期,在我的代码中,toString()确实输出了日期,但很难解析。
How to parse the expiration date from the certificate, in my code the toString() did output the date,but it is hard to parse.
如何确定证书链,例如带链3的github证书,我如何知道从哪个证书中获取到期日期?
How to determine the certificate chain, eg, the github certificate with chains 3, how did i know which certificate to get the expiration date from?
推荐答案
如何解析到期日期证书
How to parse the expiration date from the certificate
将其投放到 X509Certificate 并致电 getNotAfter()。
如何确定证书链,例如带链的github证书
How to determine the certificate chain, eg, the github certificate with chains
你已经知道了。这就是 Certificate [] 数组,就像在 Javadoc 。
You've got it. That's what the Certificate[] array is, as it says in the Javadoc.
怎么做我知道从哪个证书中获取到期日期?
How did i know which certificate to get the expiration date from?
阅读 Javadoc 。 对等方自己的证书首先跟随任何证书颁发机构。
Read the Javadoc. "The peer's own certificate first followed by any certificate authorities".
但是我不知道你为什么这么做。 Java应该已经为你完成了所有工作。
However I don't know why you're doing any of this. Java should already do it all for you.
请丢弃那些不安全且不正确的TrustManager实现。处理自签名证书的正确方法是将它们导入客户端信任库。还请丢弃您不安全的HostnameVerifier,并使用默认的或安全的。如果您不希望它安全,为什么要使用HTTPS呢?
And please throw away that insecure and incorrect TrustManager implementation. The correct way to handle self-signed certificates is to import them into the client truststore. Please also throw away your insecure HostnameVerifier, and use the default one, or a secure one. Why use HTTPS at all if you don't want it to be secure?
这篇关于如何在Java中以编程方式检查SSL证书到期日期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
