Java Tutorial/Security/Public Key Infrastructure X.509
Getting the Subject and Issuer Distinguished Names of an X509 Certificate
<source lang="java">
import java.io.FileInputStream; import java.security.KeyStore; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception { FileInputStream is = new FileInputStream("your.keystore"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(is, "my-keystore-password".toCharArray()); Enumeration e = keystore.aliases(); for (; e.hasMoreElements();) { String alias = (String) e.nextElement(); java.security.cert.Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) { X509Certificate x509cert = (X509Certificate) cert; // Get subject Principal principal = x509cert.getSubjectDN(); String subjectDn = principal.getName(); // Get issuer principal = x509cert.getIssuerDN(); String issuerDn = principal.getName(); } } }
}</source>
Listing the Most-Trusted Certificate Authorities (CA) in a Key Store
<source lang="java">
import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Iterator; public class Main {
public static void main(String[] argv) throws Exception { String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace("/", File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "password"; keystore.load(is, password.toCharArray()); PKIXParameters params = new PKIXParameters(keystore); Iterator it = params.getTrustAnchors().iterator(); for (; it.hasNext();) { TrustAnchor ta = (TrustAnchor) it.next(); X509Certificate cert = ta.getTrustedCert(); System.out.println(cert.getSigAlgName()); } }
}</source>
PKIX Demo
<source lang="java">
import java.io.FileInputStream; import java.math.BigInteger; import java.security.KeyStore; import java.security.PublicKey; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.PKIXCertPathValidatorResult; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception { CertificateFactory cf = CertificateFactory.getInstance("X.509"); List mylist = new ArrayList(); FileInputStream in = new FileInputStream(args[0]); Certificate c = cf.generateCertificate(in); mylist.add(c); CertPath cp = cf.generateCertPath(mylist); FileInputStream kin = new FileInputStream(args[0]); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(kin, args[1].toCharArray()); PKIXParameters params = new PKIXParameters(ks); params.setRevocationEnabled(false); CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, params); PublicKey pbk = result.getPublicKey(); byte[] pkenc = pbk.getEncoded(); BigInteger pk = new BigInteger(pkenc); System.out.println(pk.toString(16)); TrustAnchor anc = result.getTrustAnchor(); X509Certificate xc = anc.getTrustedCert(); System.out.println(xc.getSubjectDN()); System.out.println(xc.getIssuerDN()); }
}</source>