java 在同一个 JVM 上设置多个信任库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7591281/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Setting multiple truststore on the same JVM
提问by user825258
I have an Java application running on a weblogic server. The application has two distinct modules which use SSL to connect to external web services - let's say module A and module B.
我有一个在 weblogic 服务器上运行的 Java 应用程序。该应用程序有两个不同的模块,它们使用 SSL 连接到外部 Web 服务 - 假设模块 A 和模块 B。
Module A - Built on Axis - Uses truststore A Moudle B - Built on Spring-ws - Uses truststore B.
模块 A - 构建在 Axis - 使用信任库 A 模块 B - 构建在 Spring-ws 上 - 使用信任库 B。
Module A is existing. Module B is being introduced.
模块 A 已存在。正在引入模块 B。
I need to be able to set the truststore dynamically in the JVM based on which module is being invoked.
我需要能够根据正在调用的模块在 JVM 中动态设置信任库。
Due to some constraints I do not have the option - to create a custom key manager. - use one truststore
由于某些限制,我没有选择 - 创建自定义密钥管理器。- 使用一个信任库
I tried to use System.setProperty im Module B codebase to set truststore. However it works only if Module B got invoked first. For example - Say I have a fresh restart of the JVM then I invoke module A - it set's it's own truststore in the JVM then I invoke module B - It fails - it's does not set it's own truststore in the JVM even though I have used System.setProperty method.
我尝试使用 System.setProperty im 模块 B 代码库来设置信任库。但是,它只有在首先调用模块 B 时才有效。例如 - 假设我重新启动了 JVM,然后我调用了模块 A - 它在 JVM 中设置了它自己的信任库,然后我调用了模块 B - 它失败了 - 它没有在 JVM 中设置它自己的信任库,即使我已经使用过System.setProperty 方法。
Am I missing something or it's just that System.setProperty doesn't override existing set values. If so what are my options here.
我是不是遗漏了什么,或者只是 System.setProperty 没有覆盖现有的设置值。如果是这样,我在这里有什么选择。
回答by Kohányi Róbert
You can load trusted key stores dynamically at runtime.
您可以在运行时动态加载可信密钥库。
// load your key store as a stream and initialize a KeyStore
InputStream trustStream = ...
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
// if your store is password protected then declare it (it can be null however)
char[] trustPassword = ...
// load the stream to your store
trustStore.load(trustStream, trustPassword);
// initialize a trust manager factory with the trusted store
TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
// get the trust managers from the factory
TrustManager[] trustManagers = trustFactory.getTrustManagers();
// initialize an ssl context to use these managers and set as default
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);
Watch out, because SSLContext.getDefault()would give you back the defaultcontext which you cannot modify, so you have to create a new one, initialize it then set this newcontext as the default.
当心,因为SSLContext.getDefault()会给你返回你无法修改的默认上下文,所以你必须创建一个新上下文,初始化它,然后将此新上下文设置为默认值。
The bottom line is that you canuse any number of trust stores if you want to.
最重要的是,您可以根据需要使用任意数量的信任存储。
