有没有办法从同一服务器上运行的代码获取服务器指纹?

时间:2012-10-11 20:15:12

标签: java x509certificate

我想从服务器本身正在执行的java代码中获取服务器指纹。我已经阅读了一些内容,似乎eveyone建议从证书本身中提取它。有没有办法在不使用证书的情况下获得它,可能就像打开httpconnection / httprequest或其他东西一样?

2 个答案:

答案 0 :(得分:1)

  1. 使用SSL连接从服务器下载证书。 Here is an example
  2. 计算指纹(哈希)

答案 1 :(得分:0)

我试图使用新的TrustManager,它正在那里打破。我删除了它并使用了其余的代码并且工作正常。

static X509TrustManager tm = new X509TrustManager()
{

    @Override
    public void checkClientTrusted(X509Certificate[] arg0, String arg1)
            throws CertificateException
    {
        // TODO Auto-generated method stub
    }

    @SuppressWarnings("synthetic-access")
    @Override
    public void checkServerTrusted(X509Certificate[] arg0, String arg1)
            throws CertificateException
    {


    }

    @Override
    public X509Certificate[] getAcceptedIssuers()
    {
        // TODO Auto-generated method stub
        return null;
    }

    // public static X509Certificate[] getChain() { return chain; }

};


TrustManager[] tm1 = { tm };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tm1, new SecureRandom());
sslFactory = sslContext.getSocketFactory();

sslSocket = (SSLSocket) sslFactory.createSocket("localhost", port);
// timeout: 10secs
sslSocket.setSoTimeout(10 * 1000); 
sslSocket.startHandshake();

// add certificate to keystore
X509Certificate[] vCenterServerCert = chain;

 for (int i = 0; i < vCenterServerCert.length; i++) {
            MessageDigest md = MessageDigest.getInstance("SHA-1");
            byte[] der = vCenterServerCert[i].getEncoded();
            md.update(der);
            byte[] digest = md.digest();

            System.out.print("-----BEGIN CERTIFICATE-----\n");
            System.out.print(hexify(digest));
            //System.out.print(new sun.misc.BASE64Encoder().encode(servercerts[i].getEncoded()));
            System.out.print("\n-----END CERTIFICATE-----\n");

        }
相关问题
最新问题