How can I get a list of trusted root certificates in Java?

Question

I would like to be able to get access to all trusted root certificates programmatically in a Java app.

I was looking at the keystore interface, but I'm hoping to get the list of trusted roots that's implicit with the JRE.

Is this accessible anywhere?

Answer 1

There's an example that shows how to get a Set of the root certificates and iterate through them called Listing the Most-Trusted Certificate Authorities (CA) in a Key Store. Here's a slightly modified version that prints out each certificate (tested on Windows Vista).

import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.Iterator;   public class Main {      public static void main(String[] args) {         try {             // Load the JDK's cacerts keystore file             String filename = System.getProperty("java.home") + "/lib/security/cacerts".replace('/', File.separatorChar);             FileInputStream is = new FileInputStream(filename);             KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());             String password = "changeit";             keystore.load(is, password.toCharArray());              // This class retrieves the most-trusted CAs from the keystore             PKIXParameters params = new PKIXParameters(keystore);              // Get the set of trust anchors, which contain the most-trusted CA certificates             Iterator it = params.getTrustAnchors().iterator();             while( it.hasNext() ) {                 TrustAnchor ta = (TrustAnchor)it.next();                 // Get certificate                 X509Certificate cert = ta.getTrustedCert();                 System.out.println(cert);             }         } catch (CertificateException e) {         } catch (KeyStoreException e) {         } catch (NoSuchAlgorithmException e) {         } catch (InvalidAlgorithmParameterException e) {         } catch (IOException e) {         }      } }