在同一JVM上设置多个信任库 [英] Setting multiple truststore on the same JVM

问题描述

我在weblogic服务器上运行了一个Java应用程序。该应用程序有两个不同的模块，使用SSL连接到外部Web服务 - 比如模块A和模块B.

I have an Java application running on a weblogic server. The application has two distinct modules which use SSL to connect to external web services - let's say module A and module B.

模块A - 基于轴构建 - 使用信任库A
Moudle B - 建立在Spring-ws上 - 使用信任库B.

Module A - Built on Axis - Uses truststore A Moudle B - Built on Spring-ws - Uses truststore B.

模块A存在。正在引入模块B.

Module A is existing. Module B is being introduced.

我需要能够根据调用的模块在JVM中动态设置信任库。

I need to be able to set the truststore dynamically in the JVM based on which module is being invoked.

由于一些限制，我没有选项
- 来创建自定义密钥管理器。
- 使用一个信任库

Due to some constraints I do not have the option - to create a custom key manager. - use one truststore

我尝试使用System.setProperty模块B代码库来设置信任库。但是，仅当模块B首先被调用时才有效。例如 - Say
我重新启动JVM
然后我调用模块A - 它在JVM
中设置它自己的信任库然后我调用模块B - 它失败了 - 它不是即使我使用了System.setProperty方法，也在JVM中设置它自己的信任库。

I tried to use System.setProperty im Module B codebase to set truststore. However it works only if Module B got invoked first. For example - Say I have a fresh restart of the JVM then I invoke module A - it set's it's own truststore in the JVM then I invoke module B - It fails - it's does not set it's own truststore in the JVM even though I have used System.setProperty method.

我是否遗漏了某些东西，或者只是System.setProperty没有覆盖现有的设置值。如果是这样，我的选择是什么。

Am I missing something or it's just that System.setProperty doesn't override existing set values. If so what are my options here.

推荐答案

您可以在运行时动态加载可信密钥存储区。

You can load trusted key stores dynamically at runtime.

// load your key store as a stream and initialize a KeyStore
InputStream trustStream = ...    
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    

// if your store is password protected then declare it (it can be null however)
char[] trustPassword = ...

// load the stream to your store
trustStore.load(trustStream, trustPassword);

// initialize a trust manager factory with the trusted store
TrustManagerFactory trustFactory = 
  TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    
trustFactory.init(trustStore);

// get the trust managers from the factory
TrustManager[] trustManagers = trustFactory.getTrustManagers();

// initialize an ssl context to use these managers and set as default
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);

小心，因为 SSLContext.getDefault（）会返回你无法修改的默认上下文，所以你必须创建一个新的，初始化然后设置这个 new 上下文作为默认值。

Watch out, because SSLContext.getDefault() would give you back the default context which you cannot modify, so you have to create a new one, initialize it then set this new context as the default.

最重要的是，可以使用任意数量的信任商店。

The bottom line is that you can use any number of trust stores if you want to.

这篇关于在同一JVM上设置多个信任库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！