如何以编程方式在磁盘上查找当前信任库？ [英] How to find current truststore on disk programatically?

问题描述

是否有任何函数告诉我在我的程序中使用的当前信任库是什么。在Windows上，默认信任库位于JAVA_HOME \lib \ security \ cacerts。

但是，可以通过多种方式更改默认值。

• 在命令行中使用 -Djavax.net.ssl.keyStore / p>




• 使用密钥库类。




• 如果程序在运行应用程序的App Server上运行，则可以通过它的面板设置存储路径。




• 如果程序在Tomcat上运行，然后Tomcat设置可能会更改信任库。

以及许多其他方式。

是否有一种编程方式可以找出当前处于活动状态的信任库的磁盘路径？

解决方案

一般来说，你不能（这与这个问题非常相似）。

在JSSE API中，信任证书不是ac由信任商店确定，但由 TrustManager 决定。虽然它通常使用密钥库（信任库）初始化，但这不是必需的。此外，密钥库本身不一定是文件。默认信任管理器API中没有任何内容可以让您检查潜在信任存储的使用位置和方式。

<$ c $中甚至没有任何内容c> SSLSocket ，它可以让你回到它的 SSLSocketFactory ，并且没有任何东西可以让你回到它的原始 SSLContext ，并且没有任何内容可以让您获得信任管理员。

当前活动的信任库/信任管理器也非常依赖于应用程序。一般来说，没有什么能告诉你应用程序正在使用的连接是使用默认的 SSLContext ，可以通过 javax.net.ssl初始化。* 系统属性。应用程序可以自由地初始化自己的 SSLContext 来创建它们的套接字（这是Tomcat在指定特定值时为其连接器所做的事情）。

从Java 6开始，默认（当前） SSLContext 也可以全局更改（通过 SSLContext.setDefault（... ）。

您可以从 JSSE参考指南。其余的将取决于每个应用程序的文档。使用 -Djavax.net.debug = SSL，trustmanager 可能会有所帮助，但这不是API访问。

（按顺便说一句， -Djavax.net.ssl.keyStore 将设置默认密钥管理器的密钥库，而不是信任存储。）

Is there any function which tells me what's the current truststore being used in my program. On windows, the default trust store is at JAVA_HOME\lib\security\cacerts.

However, the default can be changed in a variety of ways.

• Using -Djavax.net.ssl.keyStore in the command line

• Using Keystore class.

• If the program is running on an App Server under which the application runs may set the store path through it's panel.

• If the program is running on Tomcat, then Tomcat settings may change the truststore.

and many other ways.

Is there a programmatic way by which I can find out the disk path of the truststore which is currently active?

解决方案

Generally speaking, you can't (this is quite similar to this question).

In the JSSE API, trusting a certificate isn't actually determined by a trust store, but by a TrustManager. Whilst it's often initialised with a keystore (the truststore), this is not necessary. In addition, the keystores themselves don't have to be files. There is nothing in the default trust manager API that lets you check where and how a potential trust store was used.

There isn't even anything in the SSLSocket that lets you get back to its SSLSocketFactory, and nothing there that lets you get back to its originating SSLContext, and nothing there that lets you get the trust managers.

Which truststore/trust manager is currently active also depends very much on the application. Nothing tells you in general that the connections an application is making are using the default SSLContext, which can be initialised by the javax.net.ssl.* system properties. Applications are free to initialise their own SSLContexts to create their sockets (this is what Tomcat do for its connectors when you specify certain values).

Since Java 6, the default (current) SSLContext can also be changed globally (via SSLContext.setDefault(...).

You can find what's being used by default from the JSSE Reference Guide. The rest will depend on the documentation of each application. Using -Djavax.net.debug=SSL,trustmanager may help if you need, but this isn't API access.

(By the way, -Djavax.net.ssl.keyStore will set up the keystore for the default key manager, not the trust store.)

这篇关于如何以编程方式在磁盘上查找当前信任库？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！