如何设置Java以使用用户特定的Eclipse证书？ [英] How to set up Java to use user specific certificates for Eclipse?

问题描述

我不敢相信我是唯一一个反对这个问题的人。我一直在搜索几个小时，没有任何运气。 Java安全文档似乎没有彻底解决PKCS12证书。

I can't believe I'm the only person to run up against this problem. I've been googling for hours and have not had any luck. The Java security documentation doesn't seem to address PKCS12 certificates thoroughly.

我正在尝试为用户指定的PKCS12证书设置Java。除此之外，这将被使用，以便在Eclipse中，我可以访问通过证书进行身份验证的Trac服务器。我正在使用Trac Mylyn集成插件进行eclipse。

I am trying to setup Java for user specific PKCS12 certificates. Among other things, this will be used so that, in Eclipse, I can access a Trac server that is authenticated via certificates. I am using the Trac Mylyn integration plugin for eclipse.

这是设置：

• 用户主目录位于/ home


• 多用户安装在/ central


• 每个用户都有一个个人证书：〜/ user.p12


• 个人证书密码为：pass1234


• 用户密码以〜/ password.txt
$ b存储在0400文件中$ b
• ca的只读信任商店位于：/central/ca.jks


• 信任商店的密码


• JDK 1.6安装在/central/jdk_1.6.0


• Eclipse 3.4安装在/central/eclipse_3.4.0


• JAVA_HOME = / central / jdk_1.6.0


• JAVA_HOME设置为JDK位置，因为Eclipse需要这个


• ECLIPSE_HOME = / central / eclipse_3.4.0


• JRE生活在$ JAVA_HOME / jre


• 每个用户都有一个〜/ .java.policy文件


• 有一个trac服务器运行在< a href =https：//trac.internal/trac =noreferre r> https：//trac.internal/trac


• trac服务器使用证书进行身份验证

• user home directories are at /home
• multiuser mount at /central
• each user has a personal certificate at: ~/user.p12
• password for personal certificates is: pass1234
• the users password is stored in a 0400 file at ~/password.txt
• a read-only trust store for the ca is at: /central/ca.jks
• no password for the truststore
• JDK 1.6 installed at /central/jdk_1.6.0
• Eclipse 3.4 installed at /central/eclipse_3.4.0
• JAVA_HOME=/central/jdk_1.6.0
• JAVA_HOME is set to the JDK location because Eclipse needs this
• ECLIPSE_HOME=/central/eclipse_3.4.0
• JRE lives at $JAVA_HOME/jre
• each user has a ~/.java.policy file
• there is a trac server running at https://trac.internal/trac
• the trac server authenticates using certificates

现在，我想要让每个用户只需修改自己拥有的一些文件（例如〜/ .java.policy文件），并且能够启动中央Eclipse应用程序并访问Trac存储库。似乎很简单。

Now, I want to be able to have each user simply modify some file that they own (like the ~/.java.policy file, for example), and be able to launch the central Eclipse application and access the Trac repository. Seems simple enough.

现在，我可以得到这个工作的唯一方法是编辑$ ECLIPSE_HOME / eclipse.ini文件并添加

Right now, the only way I can get this to work is to edit the $ECLIPSE_HOME/eclipse.ini file and add

-Djavax.net.ssl.keyStore="/home/user/user.p12"
-Djavax.net.ssl.keyStoreType="PKCS12"
-Djavax.net.ssl.keyStorePassword="pass1234"
-Djavax.net.ssl.trustStore="/central/ca.jks"

好的，这是有效的，但有两个问题：

Ok, that works, but there are two problems with it:

• 每个用户必须拥有自己的ecipse安装。 （或可以eclipse从用户文件读取？）


• 这是Eclipse特定的，我最终希望将其作为Java配置。

此外，我记得从一段时间以来，您可以编辑$ JAVA_HOME / jre / lib / security / java.security文件，并添加

Also, I remember from some time back that you can edit the $JAVA_HOME/jre/lib/security/java.security file and add

keystore=/home/user/user.p12
keystore.type=PKCS12
keystore.password=pass1234
truststore=/central/ca.jks

但Eclipse似乎没有选择。可能是因为我的JAVA_HOME指向JDK，而不是JDK的嵌套JRE？

But Eclipse doesn't seem to pick that up. Could it be because my JAVA_HOME points to a JDK, and not the JDK's nested JRE?

我看到了 Java PKCS＃11参考：
keyStoreURL =NONE
keyStoreType =PKCS11
keyStorePasswordURL = some_pin_url

I've seen the Java PKCS#11 Reference that references the following properties: keyStoreURL="NONE" keyStoreType="PKCS11" keyStorePasswordURL=some_pin_url

还有另一个参考，我看到说可以编辑〜/ .java.policy文件以包括：

There was another reference I saw that said you could edit the ~/.java.policy file to include:

keyStore "file:///home/user/user.p12", "PKCS12", "SunJSSE";
keyStorePasswordUrl "file:///home/user/password.txt";

但是也没有收到。也许它实际上可以工作，而且由于同样的原因，java.security文件不起作用，或者根本不起作用。

But that doesn't get picked up either. Maybe it actually does work and its not getting read for the same reason the java.security file doesn't work, or maybe it just doesn't work at all.

我看到的一些系统属性：

Some system properties I've seen:

javax.net.ssl.keyStore="/home/user/user.p12"
javax.net.ssl.keyStoreType="PKCS12"
javax.net.ssl.keyStorePassword="password"
javax.net.ssl.keyStoreProvider="SunJSSE"
javax.net.ssl.trustStore="/home/user/ca.jks"
javax.net.ssl.trustStoreType="JKS"
javax.net.ssl.trustStorePassword=""
javax.net.ssl.trustStoreProvider="Sun"

所以，现在，我想我是阻止每个用户拥有自己的Eclipse intall。我知道这听起来像一个复杂的设置，但是这不应该真的与Eclipse有关，只要证书设置...它真的是用于特定用户证书的Java设置。

So, right now, I guess I'm stuck with having each user to have their own Eclipse intall. I know it sounds like a complicated setup, but this shouldn't really have anything to do with Eclipse as far as the certificate setup... its really a Java setup for user specific certificates.

任何想法？

推荐答案

使用用户特定的配置。

设置私人配置区域位置

Setting the private configuration area location

私有配置区域的默认位置为：

The default location for a private configuration area is:

user-home-dir / .eclipse /< product-id> _< product-version> / configuration

user-home-dir/.eclipse/<product-id>_<product-version>/configuration

user home dir由user.home Java系统属性确定。产品ID和版本是从Eclipse安装下的产品标记文件.eclipseproduct获得的。

The user home dir is determined by the user.home Java system property. The product id and version are obtained from the product marker file .eclipseproduct under the Eclipse install.

这篇关于如何设置Java以使用用户特定的Eclipse证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！