是否可以创建没有密码的JKS密钥库文件? [英] Is it possible to create JKS keystore file without a password?

问题描述

我正在尝试OSGi条件权限机制.更具体地说，我尝试使用org.osgi.service.condpermadmin.BundleSignerCondition来限制可以启动的捆绑软件.文档我声明为了使用此权限，我必须使用org.osgi.framework.trust.repositories框架配置属性指定JKS密钥库的路径.但是，同一文档提到该属性中提到的JKS不能具有密码.所以问题是:如何创建没有密码的JKS? Keytool实用程序拒绝使用空白密码创建JKS.

I'm experimenting with OSGi conditional permissions mechanism. More specifically, I'm trying to use org.osgi.service.condpermadmin.BundleSignerCondition to restrict which bundles can be started. Documentation I have states that in order to use this permission, I must specify the path to JKS keystores using org.osgi.framework.trust.repositories framework configuration property. However, the same documentation mentions that JKS mentioned in this property must not have a password. So the question is: how to create a JKS without a password? Keytool utility refuses to create JKS with blank password.

推荐答案

一段时间以来，您无法使用keytool创建具有空白密码的密钥库，但是您仍然可以通过编程方式进行操作.

You cannot create a keystore with a blank password with keytool since a while, but you can still do it programmatically.

阅读这样的证书:

private static Certificate readCert(String path) throws IOException, CertificateException {
    try (FileInputStream fin = new FileInputStream(path)) {
        return CertificateFactory.getInstance("X.509").generateCertificate(fin);
    }
}

使用像这样的空密码创建密钥库:

Than create the keystore with the empty password like this:

try {
    // Reading the cert
    Certificate cert = readCert("/tmp/cert.cert");

    // Creating an empty JKS keystore
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(null, null);

    // Adding the cert to the keystore
    keystore.setCertificateEntry("somecert", cert);

    // Saving the keystore with a zero length password
    FileOutputStream fout = new FileOutputStream("/tmp/keystore");
    keystore.store(fout, new char[0]);
} catch (GeneralSecurityException | IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

运行命令:

keytool -list -keystore keystore

它将要求输入密码，但您只需按Enter键.您将收到以下警告，但将列出密钥库的内容:

It will ask for a password but you can simply push an enter. You will get the following warning, but the content of the keystore will be listed:

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

这可能对您有用.

这篇关于是否可以创建没有密码的JKS密钥库文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！