Listing the Most-Trusted Certificate Authorities (CA) in a Key Store : Public Key Infrastructure X.509 « Security « Java Tutorial






  1. Java Tutorial
  2. Security
  3. Public Key Infrastructure X.509
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Iterator;

public class Main {
  public static void main(String[] argv) throws Exception {

    String filename = System.getProperty("java.home")
        + "/lib/security/cacerts".replace('/', File.separatorChar);
    FileInputStream is = new FileInputStream(filename);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    String password = "password";
    keystore.load(is, password.toCharArray());

    PKIXParameters params = new PKIXParameters(keystore);

    Iterator it = params.getTrustAnchors().iterator();
    for (; it.hasNext();) {
      TrustAnchor ta = (TrustAnchor) it.next();

      X509Certificate cert = ta.getTrustedCert();
      System.out.println(cert.getSigAlgName());
    }
  }
}








36.37.Public Key Infrastructure X.509
36.37.1.PKIX Demo
36.37.2.Listing the Most-Trusted Certificate Authorities (CA) in a Key Store
36.37.3.Getting the Subject and Issuer Distinguished Names of an X509 Certificate