java 如何以编程方式在磁盘上查找当前信任库?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13657299/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to find current truststore on disk programatically?
提问by user93353
Is there any function which tells me what's the current truststore being used in my program. On windows, the default trust store is at JAVA_HOME\lib\security\cacerts.
是否有任何函数可以告诉我程序中当前使用的信任库是什么。在 Windows 上,默认信任库位于 JAVA_HOME\lib\security\cacerts。
However, the default can be changed in a variety of ways.
但是,可以通过多种方式更改默认值。
Using
-Djavax.net.ssl.keyStorein the command lineUsing
Keystoreclass.If the program is running on an App Server under which the application runs may set the store path through it's panel.
If the program is running on Tomcat, then Tomcat settings may change the truststore.
使用
-Djavax.net.ssl.keyStore命令行使用
Keystore类。如果程序在运行应用程序的应用程序服务器上运行,则可以通过它的面板设置商店路径。
如果程序在 Tomcat 上运行,则 Tomcat 设置可能会更改信任库。
and many other ways.
以及许多其他方式。
Is there a programmatic way by which I can find out the disk path of the truststore which is currently active?
是否有一种编程方式可以让我找出当前处于活动状态的信任库的磁盘路径?
回答by Bruno
Generally speaking, you can't (this is quite similar to this question).
一般来说,你不能(这与这个问题非常相似)。
In the JSSE API, trusting a certificate isn't actually determined by a trust store, but by a TrustManager. Whilst it's often initialised with a keystore (the truststore), this is not necessary. In addition, the keystores themselves don't have to be files. There is nothing in the default trust manager API that lets you check where and how a potential trust store was used.
在 JSSE API 中,信任证书实际上不是由信任库决定的,而是由TrustManager. 虽然它通常使用密钥库(信任库)进行初始化,但这不是必需的。此外,密钥库本身不必是 files。默认信任管理器 API 中没有任何内容可让您检查潜在信任存储的使用位置和方式。
There isn't even anything in the SSLSocketthat lets you get back to its SSLSocketFactory, and nothing there that lets you get back to its originating SSLContext, and nothing there that lets you get the trust managers.
甚至没有任何东西SSLSocket可以让你回到它的SSLSocketFactory,那里没有任何东西可以让你回到它的原始SSLContext,也没有任何东西可以让你得到信任经理。
Which truststore/trust manager is currently active also depends very much on the application. Nothing tells you in general that the connections an application is making are using the default SSLContext, which can be initialised by the javax.net.ssl.*system properties. Applications are free to initialise their own SSLContexts to create their sockets (this is what Tomcat do for its connectors when you specify certain values).
哪个信任库/信任管理器当前处于活动状态也很大程度上取决于应用程序。一般情况下SSLContext,没有什么可以告诉您应用程序正在使用的连接使用默认值,它可以由javax.net.ssl.*系统属性初始化。应用程序可以自由地初始化它们自己的SSLContexts 以创建它们的套接字(当您指定某些值时,这是 Tomcat 为其连接器所做的)。
Since Java 6, the default (current) SSLContextcan also be changed globally (via SSLContext.setDefault(...).
从 Java 6 开始,默认值(当前)SSLContext也可以全局更改(通过SSLContext.setDefault(...).
You can find what's being used by default from the JSSE Reference Guide. The rest will depend on the documentation of each application. Using -Djavax.net.debug=SSL,trustmanagermay help if you need, but this isn't API access.
您可以从JSSE 参考指南 中找到默认使用的内容。其余的将取决于每个应用程序的文档。-Djavax.net.debug=SSL,trustmanager如果需要,使用可能会有所帮助,但这不是 API 访问。
(By the way, -Djavax.net.ssl.keyStorewill set up the keystore for the default key manager, not the trust store.)
(顺便说一下,-Djavax.net.ssl.keyStore将为默认密钥管理器设置密钥库,而不是信任库。)
