java 获取JVM默认加载的keystore实例
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3139853/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get instance of keystore that JVM loads by default
提问by Martin
I was playing with security in Java and Tomcat and I came to the point where I was curious which keystore/truststore was loaded by the JVM at the end. Even though I had my own keystore created and in Tomcat configuration, this was used both as keystore and trustore, the reality was that default cacerts file was loaded as truststore (as keystore, my file was used properly).
我在 Java 和 Tomcat 中研究安全性,我很好奇最后 JVM 加载了哪个密钥库/信任库。尽管我创建了自己的密钥库并在 Tomcat 配置中,这被用作密钥库和信任库,但实际情况是默认 cacerts 文件被加载为信任库(作为密钥库,我的文件被正确使用)。
I was trying to get the name of the file that JVM loads, but I haven't found the solution. My idea was to get System.getProperty("javax.net.ssl.keyStore") but this gave me null. I tried to set this both in Tomcat's server.xml via Connector and as a command line parameter -Djavax.net.ssl.keyStore="file". I am sure that the command line parameter was provided correctly as I am setting JMX paramneters at the same place.
我试图获取 JVM 加载的文件的名称,但我还没有找到解决方案。我的想法是获取 System.getProperty("javax.net.ssl.keyStore") 但这给了我空值。我试图通过连接器在 Tomcat 的 server.xml 中设置它,并将其设置为命令行参数 -Djavax.net.ssl.keyStore="file"。我确信命令行参数已正确提供,因为我在同一位置设置了 JMX 参数。
br, Martin
br, 马丁
回答by Bruno
You won't necessarily be able to get exactly what you want from the file name of even the type and setting the keystorein the connector will have absolutely no effect on the system property.
您不一定能够从类型的文件名中准确获得您想要的内容,并且keystore在连接器中设置对系统属性绝对没有影响。
In addition, the keystore, whether specified from the javax.net.ssl.keyStoreproperty or instantiated explicitly is only one part of the setup of the KeyManagerand the SSLContext. (By default, Apache Tomcat will use files and a relatively simple loading mechanism, but it's also possible to customize this using Tomcat's SSLImplementation.)
If you really want to see what's being loaded, I would look at the JSSE debugging flags, more specifically, something like this:
此外,密钥库,无论是从指定的javax.net.ssl.keyStore属性或显式实例是只有一个的设置的一部分KeyManager和SSLContext。(默认情况下,Apache Tomcat 将使用文件和相对简单的加载机制,但也可以使用 Tomcat 的 自定义它SSLImplementation。)如果您真的想查看正在加载的内容,我会查看JSSE 调试标志,更具体地说,一些东西像这样:
-Djavax.net.debug=SSL,keymanager,trustmanager
EDIT:
I should add that there is no default keystore generally speaking (outside the context of Tomcat), only a default truststore. Tomcat's JSSEImplementationuses System.getProperty("user.home") + "/.keystore"by default.
编辑:我应该补充一点,一般来说没有默认的密钥库(在 Tomcat 的上下文之外),只有一个默认的信任库。Tomcat 的默认JSSEImplementation使用System.getProperty("user.home") + "/.keystore"。
回答by JoseK
Are you on Tomcat 6?
你在 Tomcat 6 上吗?
I've tried setting this in catalina.bat as
我试过在 catalina.bat 中将其设置为
set JAVA_OPTS=%JAVA_OPTS% %LOGGING_CONFIG% -Djavax.net.ssl.keyStore="path-to-file"
and it reflects in my code used as System.getProperty("javax.net.ssl.keyStore")
它反映在我用作的代码中 System.getProperty("javax.net.ssl.keyStore")
Also, for your info, there was a Bugzilla onother SSL attributes being ignored which was fixed in 6.0.16. keyStore is not specifically mentioned there, but my version is 6.0.20 and it works
此外,对于您的信息,有一个关于其他 SSL 属性的Bugzilla被忽略,已在 6.0.16 中修复。那里没有特别提到 keyStore,但我的版本是 6.0.20 并且它有效
