/CheckCertificate.java
Created Aug 3, 2018
Simple java cmd line util to check if a keystore contains a given certificate
| import java.nio.file.Files; | |
| import java.nio.file.Path; | |
| import java.nio.file.Paths; | |
| import java.security.KeyStore; | |
| import java.security.cert.Certificate; | |
| import java.security.cert.CertificateFactory; | |
| import java.security.cert.PKIXParameters; | |
| import java.security.cert.TrustAnchor; | |
| public class CheckCertificate { | |
| public static void main(String[] args) throws Exception { | |
| if (args.length < 1 || args.length > 3) { | |
| System.err.println( | |
| "Usage: java CheckCertificate certificate [keystore [keystorePass]]"); | |
| System.err.println(); | |
| System.err.println(" certificate: file containing the .crt certificate"); | |
| System.err.println(" [keystore]: optional keystore location, " + | |
| "defaults to cacerts of current VM"); | |
| System.err.println(" [keystorePass]: optional keystore password, " + | |
| "defaults to 'changeit'"); | |
| System.exit(1); | |
| } | |
| Path cacertsPath; | |
| if (args.length > 1) { | |
| cacertsPath = Paths.get(args[1]); | |
| } else { | |
| cacertsPath = Paths.get(System.getProperty("java.home"), | |
| "lib", | |
| "security", | |
| "cacerts"); | |
| } | |
| if (!Files.isReadable(cacertsPath)) { | |
| System.err.println("Can't read keystore: " + cacertsPath); | |
| System.exit(-1); | |
| } | |
| Path certificatePath = Paths.get(args[0]); | |
| if (!Files.isReadable(certificatePath)) { | |
| System.err.println("Can't read certificate: " + certificatePath); | |
| System.exit(-2); | |
| } | |
| Certificate certificate = CertificateFactory | |
| .getInstance("X.509") | |
| .generateCertificate(Files.newInputStream(certificatePath)); | |
| String keystorePass = args.length == 3 ? args[2] : "changeit"; | |
| KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); | |
| keystore.load(Files.newInputStream(cacertsPath), keystorePass.toCharArray()); | |
| PKIXParameters params = new PKIXParameters(keystore); | |
| boolean found = params.getTrustAnchors() | |
| .stream() | |
| .map(TrustAnchor::getTrustedCert) | |
| .anyMatch(trustedCert -> trustedCert.equals(certificate)); | |
| if (found) { | |
| System.out.println("The certificate is present on the keystore."); | |
| } else { | |
| System.out.println("Can't found the certificate on the keystore."); | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment