Package org.freshcookies.security.cert

This package contains serveral useful utilities for managing common security operations, such as SSL certificate extraction, JAR certificate extraction, and policy file manipulation.

See:
          Description

Class Summary
CertificateDN Lightweight wrapper object for an X.509 certificate distinguished name.
JarHelper Extracts certificates used to sign a specified JAR file and optionally save them to disk.
SSLHelper Extracts SSL certificates from a specified webserver and optionally adds them to the JSSE truststore.
Trustee Utility class that performs common certificate trust operations, such as writing to disk, updating the trust database and printing verbose certficate info.
 

Package org.freshcookies.security.cert Description

This package contains serveral useful utilities for managing common security operations, such as SSL certificate extraction, JAR certificate extraction, and policy file manipulation.

JarHelper

SSLHelper is a command-line based utility that examines the SSL certificates and certificate chains for a given host and port. If the SSL certificate chain is untrusted, the utility offers the user the option of placing the certificates in the JSSE certificate store. It also outputs all of the certificates it finds (including the server's) as DER-encoded files in the current directory. These files can then be double-clicked and imported straight into the Windows certificate store, or appended (using Keychain) to the Mac OS X trust anchors! Incredibly handy for troubleshooting certificate trust issues with (for instance) self-signed JNLP applications.

Usage

On the command line type the following:

java -cp freshcookies-security-0.3.jar org.freshcookies.security.cert.SSLHelper www.example.com

SSLHelper will connect to the target website (here, www.example.com) and download its SSL certificates and CA chains (if provided in the handshake). An optional second parameter specifies a port to use (the default is 443).

In addition to the command-line version, the SSLHelper class itself has a method called extractSSLCertificates(String hostname, int port) that performs the same operation.that returns an array of java.security.cert.Certificate. (It does not offer to add the certificates to the JSSE certificate store if they are untrusted.)

JarHelper

JarHelper is a command-line utility that extracts certificates used to sign a specified JAR file and, if any are found, saves them to disk. If the certificate chain is untrusted, the utility offers the user the option of placing the certificates in the java certificate trust store.

Usage

On the command line type the following:

java -cp freshcookies-security-0.3.jar org.freshcookies.security.cert.JarHelper mysignedcode.jar

In addition to the command-line version, the JarHelper class itself has two methods called extractCACertificates(JarFile jar) and extractSigningCertificates that returns arrays of java.security.cert.Certificate. (They do not offer to add the certificates to the JSSE certificate store if they are untrusted.)