Re: fingerprint of a x.509 certificate
Babu Kalakrishnan wrote:
emrefan wrote:
My question is this: how to calculate the fingerprint of an x.509
certificate, programmatically in java, that is. I have already tried
this below but the result didn't look like what I
obtained otherwise (running "openssl x509 -noout -fingerprint -sha1 -in
<the cert file>"), so...
MessageDigest md = MessageDigest.getInstance( "SHA1" );
X509Certificate cert = X509Certificate.getInstance( new
FileInputStream( "somecert.crt" ) );
md.update( cert.getEncoded() );
byte[] fp = md.digest();
In my experience the above method of obtaining the fingerprint works
fine, and does give results that match with openssl outputs. How are
you comparing the two ? Here's a utility routine that I use to dump the
fingerprint in a format that matches the output of openssl. Try using
this to dump the byte array "fp" and see if matches.
public static char[] HEX_CHARS =
{'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
public static String dumpHex(byte[] data)
{
int n = data.length;
StringBuffer sb = new StringBuffer(n*3-1);
for (int i=0; i < n; i++)
{
if (i > 0) sb.append(':');
sb.append(HEX_CHARS[(data[i] >> 4) & 0x0F]);
sb.append(HEX_CHARS[data[i] & 0x0F]);
}
return sb.toString();
}
Thanks for Babu for the answer! Yes indeed I had the correct
fingerprint but was misprinting it. How silly! I was using a
left-pad-string function (lPad()) written by a colleague without close
examination. <blush>
public static String bytesToHexString( byte[] paBytes ) {
StringBuffer sbRsltStr = new StringBuffer( paBytes.length * 3 );
for (int aryNdx=0; aryNdx < paBytes.length; aryNdx++) {
sbRsltStr.append(
Integer.toHexString( lPad( paBytes[ aryNdx ] & 0xFF, 2,
'0' ) ) );
}
return sbRsltStr.toString();
}
I think the way I called lPad() caused this definition of lPad() to be
matched:
public static String lPad( String str, int length, char padChr )
And the automatic conversion from int to String was quite beyond my
expectation.