我希望能够以编程方式在Java应用程序中访问所有受信任的根证书。
我当时在看密钥库接口,但我希望获得JRE隐式的受信任根列表。
这可以在任何地方访问吗?
有一个示例显示了如何获取一组根证书,并通过它们进行遍历,这称为在密钥存储区中列出最受信任的证书颁发机构(CA)。这是经过稍微修改的版本,可打印出每个证书(在Windows Vista上测试)。
import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Iterator; public class Main { public static void main(String[] args) { try { // Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // This class retrieves the most-trusted CAs from the keystore PKIXParameters params = new PKIXParameters(keystore); // Get the set of trust anchors, which contain the most-trusted CA certificates Iterator it = params.getTrustAnchors().iterator(); while( it.hasNext() ) { TrustAnchor ta = (TrustAnchor)it.next(); // Get certificate X509Certificate cert = ta.getTrustedCert(); System.out.println(cert); } } catch (CertificateException e) { } catch (KeyStoreException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidAlgorithmParameterException e) { } catch (IOException e) { } } }
