![]() |
The Java Developers Almanac 1.4Order this book from Amazon. |
e230. Listing the Most-Trusted Certificate Authorities (CA) in a Key StoreThis example lists the most-trusted CAs in the JDK'scacerts file.
The most-trusted CAs are used to validate certification paths.
try { // Load the JDK's cacerts keystore file String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar); FileInputStream is = new FileInputStream(filename); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "changeit"; keystore.load(is, password.toCharArray()); // This class retrieves the most-trusted CAs from the keystore PKIXParameters params = new PKIXParameters(keystore); // Get the set of trust anchors, which contain the most-trusted CA certificates Iterator it = params.getTrustAnchors().iterator(); for (; it.hasNext(); ) { TrustAnchor ta = (TrustAnchor)it.next(); // Get certificate X509Certificate cert = ta.getTrustedCert(); } } catch (CertificateException e) { } catch (KeyStoreException e) { } catch (NoSuchAlgorithmException e) { } catch (InvalidAlgorithmParameterException e) { } catch (IOException e) { }
e229. Creating a Certification Path e231. Validating a Certification Path
© 2002 Addison-Wesley. |