So, here is the scenario I am shooting for.
I have an application server. On that application server is a password-protected keystore file. Inside the keystore file is a private key that I must programmatically gain access to from a deployed war file.
I do n开发者_JS百科ot want to store a password in my code.
The war file is built on a separate developer machine. At build time, a developer private key is supplied, signing the war file.
Said developer's public certificate has been imported into the application server's keystore trusted certificates.
From within the code, I want to be able to load up the keystore, and retrieve the private key, without supplying the password for the key. I was hoping that having the code signed by a trusted certificate would be authentication enough to successfully retrieve the key.
If a malicious user were to gain access to the application server, they would not be able to modify the signed code, because that would break the signature. They also would not be able to deploy their own code, as they don't have a trusted private key. Finally, they would not be able to import their own certificate as a trusted certificate into the keystore, because they do not have the keystore password.
Is this possible? If not, then why not?
You can't retrieve your private key in a "Java Key Store" format key store without a password.
It has nothing to do with "authentication." In a JKS file, private keys are encrypted, and the password is the key. Without that key, there is no way to recover the private key.
You don't have to store private keys in a Java Key Store though. For example, you could store it in an unencrypted file.
Or, if you need compatibility with existing code, you could implement your own Provider
and create a KeyStore
implementation that does not use encryption. Most applications that require a KeyStore
support options to control the provider and type of key store that is instantiated.
In either of these approaches, you're relying solely on the operating system's file permissions to restrict access to the private key.
A safer approach would be to have the application prompt for the password as it starts up.
There isn't a way to translate the fact that the application is signed by a particular certificate's key to being able to access a keystore file. The best you can do is provide the keystore's password to the application some other way - with a property or JNDI or a config file or something of that sort.
精彩评论