How can I get a list of trusted root certificates in Java?

后端 未结 2 1307
孤独总比滥情好
孤独总比滥情好 2020-11-27 05:21

I would like to be able to get access to all trusted root certificates programmatically in a Java app.

I was looking at the keystore interface, but I\'m hoping to

相关标签:
2条回答
  • 2020-11-27 05:37

    There's an example that shows how to get a Set of the root certificates and iterate through them called Listing the Most-Trusted Certificate Authorities (CA) in a Key Store. Here's a slightly modified version that prints out each certificate (tested on Windows Vista).

    import java.io.File;
    import java.io.FileInputStream;
    import java.io.IOException;
    import java.security.InvalidAlgorithmParameterException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.cert.CertificateException;
    import java.security.cert.PKIXParameters;
    import java.security.cert.TrustAnchor;
    import java.security.cert.X509Certificate;
    import java.util.Iterator;
    
    
    public class Main {
    
        public static void main(String[] args) {
            try {
                // Load the JDK's cacerts keystore file
                String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);
                FileInputStream is = new FileInputStream(filename);
                KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
                String password = "changeit";
                keystore.load(is, password.toCharArray());
    
                // This class retrieves the most-trusted CAs from the keystore
                PKIXParameters params = new PKIXParameters(keystore);
    
                // Get the set of trust anchors, which contain the most-trusted CA certificates
                Iterator it = params.getTrustAnchors().iterator();
                while( it.hasNext() ) {
                    TrustAnchor ta = (TrustAnchor)it.next();
                    // Get certificate
                    X509Certificate cert = ta.getTrustedCert();
                    System.out.println(cert);
                }
            } catch (CertificateException e) {
            } catch (KeyStoreException e) {
            } catch (NoSuchAlgorithmException e) {
            } catch (InvalidAlgorithmParameterException e) {
            } catch (IOException e) {
            } 
        }
    }
    
    0 讨论(0)
  • 2020-11-27 05:42

    This should be more flexible using the default trust store in the system to get all certificates:

    TrustManagerFactory trustManagerFactory =
       TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    List<Certificate> x509Certificates = new ArrayList<>();
    trustManagerFactory.init((KeyStore)null);                 
    Arrays.asList(trustManagerFactory.getTrustManagers()).stream().forEach(t -> {
                        x509Certificates.addAll(Arrays.asList(((X509TrustManager)t).getAcceptedIssuers()));
                    });
    

    ```

    0 讨论(0)
提交回复
热议问题