/*
* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* Modification, are permitted provided that the following conditions
* Are met:
*
*-Redistributions of source code must retain the above Copyright
* Notice, this list of conditions and the following disclawing.
*
*-Redistributions in binary form must reproduce the above Copyright
* Notice, this list of conditions and the following disclawing in
* Documentation and/or other materials provided with the distribution.
*
*-Neither the name of Sun Microsystems nor the names of its
* Contributors may be used to endorse or promote products derived
* From this software without specific prior written permission.
*
* This software is provided by the copyright holders and contributors"
* Is "and any express or implied warranties, including, but not limited,
* The implied warranties of merchantability and fitness for a participant
* Purpose are disclaimed. In no event shall the copyright owner or
* Contributors be liable for any direct, indirect, incidental, special,
* Exemplary, or consequential damages (including, but not limited,
* Procurement of substitute goods or services; loss of use, data, or
* Profits; or business interruption) however caused and on any theory
* Liability, whether in contract, strict liability, or tort (including
* Negligence or otherwise) arising in any way out of the use of this
* Software, even if advised of the possibility of such damage.
*/
Import java. Io. bufferedreader;
Import java. Io. file;
Import java. Io. fileinputstream;
Import java. Io. fileoutputstream;
Import java. Io. inputstream;
Import java. Io. inputstreamreader;
Import java. Io. outputstream;
Import java. Security. keystore;
Import java. Security. messagedigest;
Import java. Security. cert. certificateexception;
Import java. Security. cert. x509certificate;
Import javax.net. SSL. sslcontext;
Import javax.net. SSL. sslexception;
Import javax.net. SSL. sslsocket;
Import javax.net. SSL. sslsocketfactory;
Import javax.net. SSL. trustmanager;
Import javax.net. SSL. trustmanagerfactory;
Import javax.net. SSL. x509trustmanager;
/**
* Step 1: Execution method: Java installcert hostname
* Eg: Java installcert www.cebbank.com
* Step 2: Enter 1 and press Enter. The following print information is displayed.
* Step 3: A certificate named jssecacerts has been generated in the face-to-face directory.
* Step 4: copy the certificate named jssecacerts \ % java_honme % \ JRE \ Lib \ SECURITY \
* Step 5: restart the Application Service and the certificate will take effect ..
* PS: Remove Chinese comments for execution; otherwise, an error will be reported !!!
* @ Author Ligang
*
* First, compile the Java file directory.
* Javac-D. installcert. Java
* Java COM/ptengine/test/installcert localhost
*/
Public class installcert {
Public static void main (string [] ARGs) throws exception {
String host;
Int port;
Char [] passphrase;
If (ARGs. Length = 1) | (ARGs. Length = 2 )){
String [] C = ARGs [0]. Split (":");
Host = C [0];
Port = (C. Length = 1 )? 443: integer. parseint (C [1]);
String P = (ARGs. Length = 1 )? "Changeit": ARGs [1];
Passphrase = P. tochararray ();
} Else {
System. Out. println ("Usage: Java installcert
Return;
}
File file = new file ("jssecacerts ");
If (file. isfile () = false ){
Char Sep = file. separatorchar;
File dir = new file (system. getproperty ("Java. Home") + Sep + "lib" + Sep + "security ");
File = new file (Dir, "jssecacerts ");
If (file. isfile () = false ){
File = new file (Dir, "cacerts ");
}
}
System. Out. println ("loading keystore" + file + "...");
Inputstream in = new fileinputstream (File );
Keystore Ks = keystore. getinstance (keystore. getdefaulttype ());
KS. Load (in, passphrase );
In. Close ();
Sslcontext context = sslcontext. getinstance ("TLS ");
Trustmanagerfactory TMF = trustmanagerfactory. getinstance (trustmanagerfactory. getdefaultalgorithm ());
TMF. INIT (KS );
X509trustmanager defaulttrustmanager = (x509trustmanager) TMF. gettrustmanagers () [0];
Savingtrustmanager TM = new savingtrustmanager (defatrutrustmanager );
Context. INIT (null, new trustmanager [] {TM}, null );
Sslsocketfactory factory = context. getsocketfactory ();
System. Out. println ("Opening connection to" + host + ":" + port + "...");
Sslsocket socket = (sslsocket) Factory. createsocket (host, Port );
Socket. setsotimeout (10000 );
Try {
System. Out. println ("Starting SSL handshake ...");
Socket. starthandshake ();
Socket. Close ();
System. Out. println ();
System. Out. println ("no errors, certificate is already trusted ");
} Catch (sslexception e ){
System. Out. println ();
E. printstacktrace (system. Out );
}
X509certificate [] Chain = TM. chain;
If (chain = NULL ){
System. Out. println ("cocould not obtain server certificate chain ");
Return;
}
Bufferedreader reader = new bufferedreader (New inputstreamreader (system. In ));
System. Out. println ();
System. Out. println ("server sent" + chain. Length + "certificate (s ):");
System. Out. println ();
Messagedigest sha1 = messagedigest. getinstance ("sha1 ");
Messagedigest MD5 = messagedigest. getinstance ("MD5 ");
For (INT I = 0; I <chain. length; I ++ ){
X509certificate Cert = chain [I];
System. Out. println ("" + (I + 1) + "subject" + cert. getsubjectdn ());
System. Out. println ("issuer" + cert. getissuerdn ());
Sha1.update (CERT. getencoded ());
System. Out. println ("sha1" + tohexstring (sha1.digest ()));
Md5.update (CERT. getencoded ());
System. Out. println ("MD5" + tohexstring (md5.digest ()));
System. Out. println ();
}
System. Out. println ("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader. Readline (). Trim ();
Int K;
Try {
K = (line. Length () = 0 )? 0: integer. parseint (line)-1;
} Catch (numberformatexception e ){
System. Out. println ("keystore not changed ");
Return;
}
X509certificate Cert = chain [k];
String alias = Host + "-" + (k + 1 );
KS. setcertificateentry (alias, Cert );
Outputstream out = new fileoutputstream ("jssecacerts ");
KS. Store (Out, passphrase );
Out. Close ();
System. Out. println ();
System. Out. println (CERT );
System. Out. println ();
System. Out. println ("added certificate to keystore 'jssecacerts' using alias'" + alias + "'");
}
Private Static final char [] hexdigits = "0123456789 abcdef". tochararray ();
Private Static string tohexstring (byte [] bytes ){
Stringbuilder sb = new stringbuilder (bytes. length * 3 );
For (int B: bytes ){
B & = 0xff;
SB. append (hexdigits [B> 4]);
SB. append (hexdigits [B & 15]);
SB. append ('');
}
Return sb. tostring ();
}
Private Static class savingtrustmanager implements x509trustmanager {
Private Final x509trustmanager TM;
Private x509certificate [] chain;
Savingtrustmanager (x509trustmanager TM ){
This. TM = TM;
}
Public x509certificate [] getacceptedissuers (){
Throw new unsupportedoperationexception ();
}
Public void checkclienttrusted (x509certificate [] Chain, string authtype) throws certificateexception {
Throw new unsupportedoperationexception ();
}
Public void checkservertrusted (x509certificate [] Chain, string authtype) throws certificateexception {
This. Chain = chain;
TM. checkservertrusted (chain, authtype );
}
}
}
This article is from "Li Gang's Learning Journey" blog, please be sure to keep this source http://381510688.blog.51cto.com/4623168/1570385
Solve the pkix problem: unable to find valid certification path to requested target