Re: fingerprint of a x.509 certificate
emrefan wrote:
My question is this: how to calculate the fingerprint of an x.509
certificate, programmatically in java, that is. I have already tried
this below but the result didn't look like what I
obtained otherwise (running "openssl x509 -noout -fingerprint -sha1 -in
<the cert file>"), so...
MessageDigest md = MessageDigest.getInstance( "SHA1" );
X509Certificate cert = X509Certificate.getInstance( new
FileInputStream( "somecert.crt" ) );
md.update( cert.getEncoded() );
byte[] fp = md.digest();
In my experience the above method of obtaining the fingerprint works
fine, and does give results that match with openssl outputs. How are
you comparing the two ? Here's a utility routine that I use to dump the
fingerprint in a format that matches the output of openssl. Try using
this to dump the byte array "fp" and see if matches.
public static char[] HEX_CHARS =
{'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
public static String dumpHex(byte[] data)
{
int n = data.length;
StringBuffer sb = new StringBuffer(n*3-1);
for (int i=0; i < n; i++)
{
if (i > 0) sb.append(':');
sb.append(HEX_CHARS[(data[i] >> 4) & 0x0F]);
sb.append(HEX_CHARS[data[i] & 0x0F]);
}
return sb.toString();
}
BK