有一个示例显示了如何获取一组根证书,并通过它们进行遍历,这称为在密钥存储区中列出最受信任的证书颁发机构(CA)。这是经过稍微修改的版本,可打印出每个证书(在Windows
Vista上测试)。
import java.io.File;import java.io.FileInputStream;import java.io.IOException;import java.security.InvalidAlgorithmParameterException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.cert.CertificateException;import java.security.cert.PKIXParameters;import java.security.cert.TrustAnchor;import java.security.cert.X509Certificate;import java.util.Iterator;public class Main { public static void main(String[] args) { try { // Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // This class retrieves the most-trusted CAs from the keystore PKIXParameters params = new PKIXParameters(keystore); // Get the set of trust anchors, which contain the most-trusted CA certificates Iterator it = params.getTrustAnchors().iterator(); while( it.hasNext() ) { TrustAnchor ta = (TrustAnchor)it.next(); // Get certificate X509Certificate cert = ta.getTrustedCert(); System.out.println(cert); } } catch (CertificateException e) { } catch (KeyStoreException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidAlgorithmParameterException e) { } catch (IOException e) { } }}
