Authors Top

If you have a few years of experience in the Java ecosystem, and you’d like to share that with the community, have a look at our Contribution Guidelines.

Security Top – Temp

I just announced the new Learn Spring Security course, including the full material focused on the new OAuth2 stack in Spring Security 5:

>> CHECK OUT THE COURSE
Frontegg – Security – Text1
announcement - icon User management is very complex, when implemented properly. No surprise here.

Not having to roll all of that out manually, but instead integrating a mature, fully-fledged solution - yeah, that makes a lot of sense.
That's basically what Frontegg is - User Management for your application. It's focused on making your app scalable, secure and enjoyable for your users.
From signup to authentication, it supports simple scenarios all the way to complex and custom application logic.

Have a look:

>> Elegant User Management, Tailor-made for B2B SaaS

1. Overview

A certificate's thumbprint (or fingerprint) is the unique identifier of the certificate. It's not part of the certificate, but it's calculated from it.

In this short tutorial, we'll see how to compute an X509 certificate's thumbprint in Java.

2. Use Plain Java

First, let's get an X509Certificate object from our certificate file:

public static X509Certificate getCertObject(String filePath) 
  throws IOException, CertificateException {
     try (FileInputStream is = new FileInputStream(filePath)) {
        CertificateFactory certificateFactory = CertificateFactory
          .getInstance("X.509");
        return (X509Certificate) certificateFactory.generateCertificate(is);
    }
}

Next, let's get the thumbprint from this object:

private static String getThumbprint(X509Certificate cert) 
  throws NoSuchAlgorithmException, CertificateEncodingException {
    MessageDigest md = MessageDigest.getInstance("SHA-1");
    md.update(cert.getEncoded());
    return DatatypeConverter.printHexBinary(md.digest()).toLowerCase();
}

For example, if we have an X509 certificate file named baeldung.pem, we can use the methods above to easily print its thumbprint:

X509Certificate certObject = getCertObject("baeldung.pem");
System.out.println(getThumbprint(certObject));

The result will look something like:

c9fa9f008655c8401ad27e213b985804854d928c

3. Use Apache Commons Codec

We can also use the DigestUtils class from the Apache Commons Codec library to achieve the same goal.

Let's add a dependency to our pom.xml file:

<dependency>
    <groupId>commons-codec</groupId>
    <artifactId>commons-codec</artifactId>
    <version>1.15</version>
</dependency>

Now, we simply use the sha1Hex() method to get the thumbprint from our X509Certificate object:

DigestUtils.sha1Hex(certObject.getEncoded());

4. Conclusion

In this quick tutorial, we've learned two ways to compute an X509 certificate's thumbprint in Java.

As always, the example code from this article can be found over on GitHub.

Security bottom

I just announced the new Learn Spring Security course, including the full material focused on the new OAuth2 stack in Spring Security 5:

>> CHECK OUT THE COURSE
Security footer banner
Comments are closed on this article!