获取JVM默认加载的密钥库实例 [英] Get instance of keystore that JVM loads by default

问题描述

我正在使用Java和Tomcat中的安全性进行操作，然后我开始讨论JVM最后加载了哪个密钥库/信任库。即使我创建了自己的密钥库并使用Tomcat配置，这也被用作密钥库和可信任，现实情况是默认cacerts文件作为信任库加载（作为密钥库，我的文件使用得当）。

我试图获取JVM加载的文件的名称，但我还没有找到解决方案。我的想法是获取System.getProperty（javax.net.ssl.keyStore），但这给了我null。我尝试通过Connector在Tomcat的server.xml中设置它，并作为命令行参数-Djavax.net.ssl.keyStore =file。我确信命令行参数是正确提供的，因为我在同一个地方设置了JMX paramneters。

br，Martin

解决方案

您不一定能够从甚至类型的文件名中获取您想要的内容并设置密钥库在连接器中对系统属性完全没有影响。

此外，密钥库，无论是从 javax.net指定的.ssl.keyStore 属性或显式实例化只是 KeyManager 和 SSLContext 。 （默认情况下，Apache Tomcat将使用文件和相对简单的加载机制，但也可以使用Tomcat的 SSLImplementation 进行自定义。）
如果你真的想要看看正在加载什么，我会看看 JSSE调试标志，更具体地说，是这样的：

  -Djavax.net.debug = SSL， keymanager，trustmanager 
  

编辑：
我应该补充说一般来说没有默认密钥库（在Tomcat的上下文之外），只有一个默认的信任库。默认情况下，Tomcat的 JSSEImplementation 使用 System.getProperty（user.home）+/。keystore。 p>


I was playing with security in Java and Tomcat and I came to the point where I was curious which keystore/truststore was loaded by the JVM at the end. Even though I had my own keystore created and in Tomcat configuration, this was used both as keystore and trustore, the reality was that default cacerts file was loaded as truststore (as keystore, my file was used properly).

I was trying to get the name of the file that JVM loads, but I haven't found the solution. My idea was to get System.getProperty("javax.net.ssl.keyStore") but this gave me null. I tried to set this both in Tomcat's server.xml via Connector and as a command line parameter -Djavax.net.ssl.keyStore="file". I am sure that the command line parameter was provided correctly as I am setting JMX paramneters at the same place.

br, Martin

解决方案

You won't necessarily be able to get exactly what you want from the file name of even the type and setting the keystore in the connector will have absolutely no effect on the system property.

In addition, the keystore, whether specified from the javax.net.ssl.keyStore property or instantiated explicitly is only one part of the setup of the KeyManager and the SSLContext. (By default, Apache Tomcat will use files and a relatively simple loading mechanism, but it's also possible to customize this using Tomcat's SSLImplementation.) If you really want to see what's being loaded, I would look at the JSSE debugging flags, more specifically, something like this:

-Djavax.net.debug=SSL,keymanager,trustmanager

EDIT: I should add that there is no default keystore generally speaking (outside the context of Tomcat), only a default truststore. Tomcat's JSSEImplementation uses System.getProperty("user.home") + "/.keystore" by default.

这篇关于获取JVM默认加载的密钥库实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！