dcsimg
How To Read a Websites Certificate
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Paul_Sala
Posted On:   Friday, January 3, 2003 01:20 PM

I have used JSSE to read web pages from SSL websites. Is there a way I can use JSSE to read the public information in a website's certificate? What I need to read is how long the website's certifate is valid for. I can view these dates in a website's certificate using a broswer, but I need to read it in my java program.

Re: How To Read a Websites Certificate

Posted By:   Paul_Sala  
Posted On:   Wednesday, January 22, 2003 05:17 AM

I found out how to do this:


import java.net.*;
import java.io.*;
import java.security.*;
import java.security.Security;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import javax.net.*;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.*;
import java.util.*;

SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

// Connect to the server
socket.startHandshake();
SSLSession session = socket.getSession();

//- get all the certs in the chain for this server
javax.security.cert.X509Certificate certchain[] =
(javax.security.cert.X509Certificate[])session.getPeerCertificateChain();

//- follow cert chain, look at each cert
for (int ii = 0; ii < certchain.length; ii++) {
System.out.println( "---- Certchain Cert number: " + ii + " ----");

// Check validity
String validity = "Cert is valid";
try { certchain[ii].checkValidity();
} catch (javax.security.cert.CertificateExpiredException ex ) {
System.out.println( "Certificate has expired!" );
validity = "Certificate Expired!";
} catch (javax.security.cert.CertificateNotYetValidException ex ) {
System.out.println( "Certificate is not yet valid!" );
validity = "Certificate Not Yet Valid";
}

String subjectDN = certchain[ii].getSubjectDN().getName();
String issuerDN = certchain[ii].getIssuerDN().getName();
Date notAfter = certchain[ii].getNotAfter();
Date notBefore = certchain[ii].getNotBefore();
int version = certchain[ii].getVersion();

String peerHost = session.getPeerHost();
String sessionProto = session.getProtocol();
String cipherSuite = session.getCipherSuite();
boolean needClientAuth = socket.getNeedClientAuth();
String stringImageOfCert = certchain[ii].toString();

System.out.println("IssuerDN ===== " + issuerDN);
System.out.println("Validity ===== " + validity);
System.out.println("NotAfter ===== " + notAfter.toString());
System.out.println("NotBefore ==== " + notBefore.toString());
System.out.println("Version ===== " + version);
System.out.println("SubjectDN === " + subjectDN);
System.out.println("PeerHost ==== " + peerHost);
System.out.println("SessionProto = " + sessionProto);
System.out.println("CipherSuite == " + cipherSuite);
System.out.println("NeedClntAuth = " + needClientAuth);
System.out.println("StringImageOfCert = "+ stringImageOfCert);
.
.
.

..............Paul Sala
About | Sitemap | Contact