I'm experimenting with OSGi conditional permissions mechanism. More specifically, I'm trying to use org.osgi.service.condpermadmin.BundleSignerCondition to restrict which bundles can be started. Documentation I have states that in order to use this permission, I must specify the path to JKS keystores using org.osgi.framework.trust.repositories framework configuration property. However, the same documentation mentions that JKS mentioned in this property must not have a password. So the question is: how to create a JKS without a password? Keytool utility refuses to create JKS with blank password.
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
You cannot create a keystore with a blank password with keytool since a while, but you can still do it programmatically.
Read a cert like this:
private static Certificate readCert(String path) throws IOException, CertificateException {
try (FileInputStream fin = new FileInputStream(path)) {
return CertificateFactory.getInstance("X.509").generateCertificate(fin);
}
}
Than create the keystore with the empty password like this:
try {
// Reading the cert
Certificate cert = readCert("/tmp/cert.cert");
// Creating an empty JKS keystore
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
// Adding the cert to the keystore
keystore.setCertificateEntry("somecert", cert);
// Saving the keystore with a zero length password
FileOutputStream fout = new FileOutputStream("/tmp/keystore");
keystore.store(fout, new char[0]);
} catch (GeneralSecurityException | IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Run the command:
keytool -list -keystore keystore
It will ask for a password but you can simply push an enter. You will get the following warning, but the content of the keystore will be listed:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
This might work for you.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 冷血范 的文章《Is it possible to create JKS keystore file without》','https://www.manongdao.com/article-955722.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}