0

What is the best way to compare a public key extracted from a server and a locally stored key in java?

Here is a code to get the public key

public static PublicKey getPublicKey(){

    String hostname = "www.google.com";
    SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();        
    SSLSocket socket = null;
    Certificate[] certs = null;
    try {
        socket = (SSLSocket) factory.createSocket(hostname, 443);
    } catch (IOException e1) {
        // TODO Auto-generated catch block
        e1.printStackTrace();
    }
    try {
        socket.startHandshake();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    try {
        certs = socket.getSession().getPeerCertificates();
    } catch (SSLPeerUnverifiedException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
    Certificate cert = certs[0];
    PublicKey key = cert.getPublicKey();
    System.out.println("$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$");
    System.out.println("Public key \n" + key);
    System.out.println("$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$");

    return key;
}

and i want to compare the public key from the response with a locally stored key for example in a text file.

Thanks

Girma Mamuye
  • 7
  • 1
  • 4
  • That is object to object comparison, i am going to read the public file as a file, and comparing the string with the response from the server doesn't seem a proper way to do it. – Girma Mamuye May 25 '16 at 14:23

2 Answers2

1

Using equals() method, which is implemented in RSAPublicKeyImpl if it is a class of an object you are using.

arseniyandru
  • 760
  • 1
  • 7
  • 16
0

You need to compare public keys using the 'thumbprint' which is the unique identifier of a certificate. This thumbprint is basically the SHA-1 of the certificate.

    public class X509 {

    public static void main(String[] args) {
        FileInputStream is;
        try {
            is = new FileInputStream("/tmp/certificate_x509.pem");
            CertificateFactory x509CertFact = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate)x509CertFact.generateCertificate(is);
            String thumbprint = getThumbPrint(cert);
            System.out.println(thumbprint);

        } catch (FileNotFoundException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }

    }

    public static String getThumbPrint(X509Certificate cert) 
        throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest md = MessageDigest.getInstance("SHA-1");
        byte[] der = cert.getEncoded();
        md.update(der);
        byte[] digest = md.digest();
        return hexify(digest);

    }

    public static String hexify (byte bytes[]) {

        char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', 
                '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

        StringBuffer buf = new StringBuffer(bytes.length * 2);

        for (int i = 0; i < bytes.length; ++i) {
            buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
            buf.append(hexDigits[bytes[i] & 0x0f]);
        }

        return buf.toString();
    }
}