main.java

通过Main函数可以查看并解析https网站的安全证书信息

import com.sun.security.cert.internal.x509.X509V1CertImpl;
import java.io.ByteArrayInputStream;
import java.lang.reflect.Field;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import sun.security.rsa.RSAPrivateKeyImpl;
import sun.security.rsa.RSAPublicKeyImpl;
import java.sql.Timestamp;

public class Main {

    static Field fieldWarpedCert;
    static ThreadLocal<DBConn> conns = new ThreadLocal<DBConn>() {
        protected DBConn initialValue() {
            try {
                return new DBConn();
            } catch (SQLException ex) {
                Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
                throw new RuntimeException(ex);
            }
        }
    };
    

    static {
        try {
            fieldWarpedCert = X509V1CertImpl.class.getDeclaredField("wrappedCert");
            fieldWarpedCert.setAccessible(true);
        } catch (Exception e) {
            throw new ExceptionInInitializerError(e);
        }
    }

    public static void main(String[] args) throws Exception {
    	String url = "shop.mysql.com";
        SSLSocket sk = (SSLSocket) SSLSocketFactory.getDefault().createSocket(url , 443);
        javax.security.cert.X509Certificate[] xcerts = sk.getSession().getPeerCertificateChain();
        X509Certificate[] certs = getWarppedCerts(xcerts);
        X509Certificate PKI_Upper = null;
        for (int i = 1; i <= certs.length; i++) {
            X509Certificate cert = certs[certs.length - i];
            System.out.println(cert.getSubjectDN());
            System.out.println("=====================================");
            storeCert(cert, PKI_Upper == null ? cert.getPublicKey() : PKI_Upper.getPublicKey(), url);
            PKI_Upper = cert;
        }
    }

    public static X509Certificate[] getWarppedCerts(javax.security.cert.X509Certificate[] certs) throws Exception {

        X509Certificate[] ret = new X509Certificate[certs.length];

        for (int i = 0; i < certs.length; i++) {
            javax.security.cert.X509Certificate cert = certs[i];
            ret[i] = (X509Certificate) fieldWarpedCert.get(cert);
        }
        return ret;
    }

    public static int storeCert(X509Certificate cert, PublicKey pk, String serverName) throws Exception {
        boolean goodPk = true;
        RSAPublicKeyImpl rsapk = null;
        try {
            cert.verify(pk);
            System.out.println("PKCLASS:" + pk.getClass());
            System.out.println("PK:" + pk);
            if (pk.getClass().equals(RSAPublicKeyImpl.class)) {
                rsapk = (RSAPublicKeyImpl) pk;
            }
        } catch (Exception e) {
            goodPk = false;
            System.out.println("BAD PK!");
        }
        DBConn conn = conns.get();
        PreparedStatement ps = conn.prepareStatement(
                "INSERT INTO certs "/* +
                "   [ServerName] ," +
                "   [SerialNumber],"+
                "   [Version],"+
                "   [NotBefore] ," +
                "   [NotAfter] ," +
                "   [CertData] ," +
                "   [PK_DUMP] ," +
                "   [PK_N] ," +
                "   [PK_E] ," +
                "   [Signature] ," +
                "   [SigAlgName] ," +
                "   [SigAlgOID] ," +
                "   [SigAlgParams] ," +
                "   [SubjectDN] ," +
                "   [IssuerDN] ," +
                "   [CertDump]) "*/ +
                "VALUES (null , ? , ? , ? ,? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ? , ?)");
        ps.setString(1, serverName);
        ps.setObject(2, cert.getSerialNumber().toByteArray());
        ps.setInt(3, cert.getVersion());
        ps.setTimestamp(4, new Timestamp(cert.getNotBefore().getTime()));
        ps.setTimestamp(5, new Timestamp(cert.getNotAfter().getTime()));
        ps.setBytes(6, cert.getTBSCertificate());
        System.out.println(cert.getTBSCertificate().length);
        if (goodPk) {
            ps.setBytes(7, pk.getEncoded());
            System.out.println(pk.getEncoded().length);
        } else {
            ps.setBytes(7, null);
        }
        if (rsapk != null) {
            ps.setBytes(8, rsapk.getModulus().toByteArray());
            ps.setBytes(9, rsapk.getPublicExponent().toByteArray());
        } else {
            ps.setBytes(8, null);
            ps.setBytes(9, null);
        }
        ps.setBytes(10, cert.getSignature());
        System.out.println(cert.getSignature().length);
        ps.setString(11, cert.getSigAlgName());
        System.out.println(cert.getSigAlgName().length());
        ps.setString(12, cert.getSigAlgOID());
        System.out.println(cert.getSigAlgOID().length());
        if (cert.getSigAlgParams() != null) {
            ps.setBytes(13, cert.getSigAlgParams());
            System.out.println(cert.getSigAlgParams().length);
        } else {
            ps.setBytes(13, null);
        }
        ps.setString(14, cert.getSubjectDN().toString());
        System.out.println(cert.getSubjectDN().toString().length());
        ps.setString(15, cert.getIssuerDN().toString());
        System.out.println(cert.getIssuerDN().toString().length());
        ps.setString(16, cert.toString());
        return ps.executeUpdate();
    }
}