|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Class Summary | |
---|---|
CertificateDN | Lightweight wrapper object for an X.509 certificate distinguished name. |
JarHelper | Extracts certificates used to sign a specified JAR file and optionally save them to disk. |
SSLHelper | Extracts SSL certificates from a specified webserver and optionally adds them to the JSSE truststore. |
Trustee | Utility class that performs common certificate trust operations, such as writing to disk, updating the trust database and printing verbose certficate info. |
This package contains serveral useful utilities for managing common security operations, such as SSL certificate extraction, JAR certificate extraction, and policy file manipulation.
SSLHelper is a command-line based utility that examines the SSL certificates and certificate chains for a given host and port. If the SSL certificate chain is untrusted, the utility offers the user the option of placing the certificates in the JSSE certificate store. It also outputs all of the certificates it finds (including the server's) as DER-encoded files in the current directory. These files can then be double-clicked and imported straight into the Windows certificate store, or appended (using Keychain) to the Mac OS X trust anchors! Incredibly handy for troubleshooting certificate trust issues with (for instance) self-signed JNLP applications.
On the command line type the following:
java -cp freshcookies-security-0.3.jar org.freshcookies.security.cert.SSLHelper www.example.com
SSLHelper will connect to the target website (here, www.example.com) and download its SSL certificates and CA chains (if provided in the handshake). An optional second parameter specifies a port to use (the default is 443).
In addition to the command-line version, the
SSLHelper
class itself has a method called
extractSSLCertificates(String hostname, int port)
that performs the same operation.that returns an array of
java.security.cert.Certificate
. (It does not offer
to add the certificates to the JSSE certificate store if they are
untrusted.)
JarHelper is a command-line utility that extracts certificates used to sign a specified JAR file and, if any are found, saves them to disk. If the certificate chain is untrusted, the utility offers the user the option of placing the certificates in the java certificate trust store.
On the command line type the following:
java -cp freshcookies-security-0.3.jar org.freshcookies.security.cert.JarHelper mysignedcode.jar
In addition to the command-line version, the
JarHelper
class itself has two methods called
extractCACertificates(JarFile jar)
and
extractSigningCertificates
that returns arrays of
java.security.cert.Certificate
. (They do not offer
to add the certificates to the JSSE certificate store if they are
untrusted.)
|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |