Java Tutorial/Security/Public Key Infrastructure X.509
Getting the Subject and Issuer Distinguished Names of an X509 Certificate
<source lang="java">
import java.io.FileInputStream; import java.security.KeyStore; import java.security.Principal; import java.security.cert.X509Certificate; import java.util.Enumeration; public class Main {
public static void main(String[] argv) throws Exception {
FileInputStream is = new FileInputStream("your.keystore");
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, "my-keystore-password".toCharArray());
Enumeration e = keystore.aliases();
for (; e.hasMoreElements();) {
String alias = (String) e.nextElement();
java.security.cert.Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509cert = (X509Certificate) cert;
// Get subject
Principal principal = x509cert.getSubjectDN();
String subjectDn = principal.getName();
// Get issuer
principal = x509cert.getIssuerDN();
String issuerDn = principal.getName();
}
}
}
}</source>
Listing the Most-Trusted Certificate Authorities (CA) in a Key Store
<source lang="java">
import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Iterator; public class Main {
public static void main(String[] argv) throws Exception {
String filename = System.getProperty("java.home")
+ "/lib/security/cacerts".replace("/", File.separatorChar);
FileInputStream is = new FileInputStream(filename);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
String password = "password";
keystore.load(is, password.toCharArray());
PKIXParameters params = new PKIXParameters(keystore);
Iterator it = params.getTrustAnchors().iterator();
for (; it.hasNext();) {
TrustAnchor ta = (TrustAnchor) it.next();
X509Certificate cert = ta.getTrustedCert();
System.out.println(cert.getSigAlgName());
}
}
}</source>
PKIX Demo
<source lang="java">
import java.io.FileInputStream; import java.math.BigInteger; import java.security.KeyStore; import java.security.PublicKey; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.PKIXCertPathValidatorResult; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; public class MainClass {
public static void main(String args[]) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List mylist = new ArrayList();
FileInputStream in = new FileInputStream(args[0]);
Certificate c = cf.generateCertificate(in);
mylist.add(c);
CertPath cp = cf.generateCertPath(mylist);
FileInputStream kin = new FileInputStream(args[0]);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(kin, args[1].toCharArray());
PKIXParameters params = new PKIXParameters(ks);
params.setRevocationEnabled(false);
CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) cpv.validate(cp, params);
PublicKey pbk = result.getPublicKey();
byte[] pkenc = pbk.getEncoded();
BigInteger pk = new BigInteger(pkenc);
System.out.println(pk.toString(16));
TrustAnchor anc = result.getTrustAnchor();
X509Certificate xc = anc.getTrustedCert();
System.out.println(xc.getSubjectDN());
System.out.println(xc.getIssuerDN());
}
}</source>
