Beside Serial Number is an unique value to identify a certificate, thumbprint is usually used by organizations as well. In Java, java.security.cert.Certificate and java.security.cert.X509Certificate is presented for a certificate but they just have getSerialNumber() interface to obtain its Serial Number. In this post, I will show you how to get thumbprint value of a certificate.
Actually, certificate thumbprint can be obtained by hash the encoded value certificate java.security.cert.Certificate and java.security.cert.X509Certificate is already supported this API.
java.security.cert.Certificate.getEncoded()
Now we start coding:
String cert_str = "MIIFszCCA5ugAwIBAgIQVAEnuGSOzEuFM4gnjfiCAzANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJWTjETMBEGA1UEChMKVk5QVCBHcm91cDEeMBwGA1UECxMVVk5QVC1DQSBUcnVzdCBOZXR3b3JrMSUwIwYDVQQDExxWTlBUIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MTAyMTAzMTgwMFoXDTE3MTAyMTE1MTgwMFowgZIxCzAJBgNVBAYTAlZOMRcwFQYDVQQIDA5I4buTIENow60gTWluaDEVMBMGA1UEBwwMQsOsbmggQ2jDoW5oMR0wGwYDVQQDDBRExrDGoW5nIFBoxrDGoW5nIFbFqTEeMBwGCgmSJomT8ixkAQEMDkNNTkQ6MDI0NDMwMTQ2MRQwEgYDVQQUEwswMTY3ODkzMjg4NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxU8irm8oINmW+cd6dc3lRm0RtmegVtWVglitqMgMuZIawqNkNoVrrWy5v8uabyPYnQwc/f6Kma6pX1DOj1F6B/LASZfrEI1MlQgl246z9ZguXb4xmlF4bxdM0UKsHlN+1gbgc+d/R7dah9Slc4eAUBHtGkiKcRirM/SLENDqjpkCAwEAAaOCAa8wggGrMHAGCCsGAQUFBwEBBGQwYjAyBggrBgEFBQcwAoYmaHR0cDovL3B1Yi52bnB0LWNhLnZuL2NlcnRzL3ZucHRjYS5jZXIwLAYIKwYBBQUHMAGGIGh0dHA6Ly9vY3NwLnZucHQtY2Eudm4vcmVzcG9uZGVyMB0GA1UdDgQWBBStlU6DBudFtRKU6sHMBlpfFTCogjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFAZpwNXVAooVjUZ96XziaApVrGqvMGYGA1UdIARfMF0wWwYMKwYBBAGB7QMBAQMHMEswIgYIKwYBBQUHAgIwFh4UAE0AQgBQAC0AUwBUAC0AMQAuADAwJQYIKwYBBQUHAgEWGWh0dHA6Ly9wdWIudm5wdC1jYS52bi9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC52bnB0LWNhLnZuL3ZucHRjYS5jcmwwDgYDVR0PAQH/BAQDAgTwMB8GA1UdJQQYMBYGCCsGAQUFBwMEBgorBgEEAYI3CgMMMB0GA1UdEQQWMBSBEnZ1ZHBAdG9taWNhbGFiLmNvbTANBgkqhkiG9w0BAQUFAAOCAgEAcjmp3e+fbPB/rzbqPkk6zEPYGy9Vzd7AumCPqa+q1sbddWgDDtn/VVoCgCbrSNfXPwaEeNGjGmgz+eDN9J9TjqAiIG0YzHerQ5kCMoA5VN4plrls+lOAHoC2DwltrZa67KQU125EjAy0YTq6x35+a/IMke+uOw0EcvCV7Tfg8bdkWkucQGQSh3fvSjfTvd+bywti0WUkj5Zxp1Auaky5HPChhQe6Ea2D+Qakv0yjlb6x5IPFXdMGVzB0lWB/T1mZ69LeOwUAb3Rs3ZNwM6ypJV6yJNT8XmNmGhUxLVbxEb11x28UrR1WdyowZ5NE/+e16BnDHYhof8yWZ15pEcWlUuZt2HdmCFK1tRNtPgYgBBH9FfyCu68aAVY2OTqIDaH19dd9wtKNISE9oJ2vt6zkC1PGyqqZfOmjjNSsAM8/qUFsjhgHd0g3w+qRcpZBxeyHGuVO8X1rFHNhYhns9Do36o8cUcQDn6MileMb5pAVc1t2LnQxA71kuOwjF6IlFXwyiSkx3cx3rUYk0KsXXOA2PvTMCS4rwYfPFaZu5uQnpmr3pJcJ/DuktjRCFlAKCGDWgsUiBAZlIRnQUQvd/tTnb0n7l/TePYaBTg9wPycmU9HD+xua2QmG/esnDaJtS3kx8xfLpSk3XiEGtD4HpiML5Zuw6oxIr5nyeVxU59add2o=";
CertificateFactory certFactory = CertificateFactory
.getInstance("X.509");
InputStream in = new ByteArrayInputStream(DatatypeConverter.parseBase64Binary(cert_str));
X509Certificate cert = (X509Certificate) certFactory
.generateCertificate(in);
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = cert.getEncoded();
md.update(der);
byte[] digest = md.digest();
System.out.println(DatatypeConverter.printHexBinary(digest));
Output:
9899CAC65300F10012D3D3BAFC4345CEA5BC6669
You can check that value on Windows by opening certificate
Depends on hash algorithm you will get the different thumbprint value. In this sample, certificate thumbprint is calculate by SHA1 algorithm. As far as I know, thumbprint is popularly computed with SHA1 or MD5.
References
No comments:
Post a Comment