访问SSL私钥从一个Servlet [英] Accessing SSL Private Key From a Servlet
问题描述
我在本地运行Tomcat和Apache安装使用OpenSSL自签名证书。我也有一个servlet的运行。
I'm running Apache Tomcat locally and have installed a self signed certificate using OpenSSL. I also have a servlet running.
我想要做的是以下几点:
该servlet发生在POST参数,将回显使用服务器的PrivateKey签署的参数。即,对待输入参数作为一个整数,它提高到私钥的功率
What I want to do is the following: The servlet takes in POST parameters and will echo back the parameters signed using the PrivateKey of the server. That is, treat the input parameter as an integer and raise it to the power of the private key.
问题:它甚至有可能从servlet的访问服务器的PrivateKey?如果在一些其他托管部署,它可能无法直接访问它。那么,有没有办法,我可以请求服务器符号的一些数据块用自己的私钥?
The problem: Is it even possible to access the server's PrivateKey from the servlet? If deployed on some other hosting, it's probably not possible to access it directly. So is there any way that I can request that the server 'sign' some piece of data with its Private key?
先谢谢了。
推荐答案
这取决于容器的配置方式。在一般情况下,在容器的SSL配置不会是由包含一个servlet访问。例如,在的Apache Tomcat,该连接器的SSL配置可以完全独立的通过servlet访问的设置。 (此外,SSL可以由APR或apache httpd的前端处理,例如,它不会有太大的做Java密钥库配置)。
This depends on the way the container is configured. In the general case, the SSL configuration of the container will not be accessible by a servlet it contains. For example, in Apache Tomcat, that connector's SSL configuration can be completely independent of the settings accessible by a servlet. (In addition, SSL may be handled by APR or an Apache Httpd front-end, for example, which won't have much to do with the Java keystore configuration).
您很可能是能够获得密钥库访问,如果他们使用的是 javax.net.ssl中进行配置。* 属性。然而,这并不一定是的的SSLContext 服务器连接器从配置方式。这不是一般通过其中在生产环境中的命令行上这些参数是一个好主意。
You would probably be able to gain access to the keystore if they are configured using the javax.net.ssl.* properties. However, that's not necessarily the way the SSLContext of the server connector is configured from. It's not generally a good idea to pass those parameters on the command line either in a production environment.
你可能能够做的就是装载容器使用密钥库,从你的servlet,但你必须知道它在哪里,在前进。此外,我会假设托管服务将与安全管理器打开,这可以从这样$ P $ pvent你运行Tomcat。
What you may be able to do is to load the keystore used by the container, from your servlet, but you'd have to know where it is, in advance. In addition, I would suppose that a hosting service would run Tomcat with a security manager turned on, which may prevent you from doing this.
请注意,你可以使用自己的密钥库,你的web应用内发货(它甚至可以从classpath中作为资源流加载)。这是否密钥库将包含相同的专用密钥由服务器的SSL层的一个用途是到服务器的管理员(如果他们让你拥有它)。
Note that you could use your own keystore, shipped within your webapp (it can even be loaded from the classpath as a resource stream). Whether this keystore will contain the same private key as the one use by the server's SSL layer is up to the server's administrators (if they let you have it).
这篇关于访问SSL私钥从一个Servlet的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
