Mac OS X Keychain access in Java for Generic Passw

2020-06-04 09:36发布

站内问答 / Java
1533 5 6

What is the standard way to retrieve generic passwords in the Keychain of OS X using only Java? Apple Developer Pages provide some good background but the implementation and examples are in C or native code unfortunately.

The Java KeyStore OS X implementation appears to be good only for public/private key pairs and certs but not generic username/password combos.

I see a project started Here: but it is relatively old and not actively maintained.

Is there a more state of the art solution to the problem of securing credentials in Mac OS X in Java?

EDIT: OAuth is not an option for the class of problem and environment that I am operating in ...

5条回答
Juvenile、少年°
2楼-- · 2020-06-04 09:44

I am now using https://github.com/davidafsilva/jkeychain which is a fork of conormcd/osx-keychain-java

Gradle 

compile 'pt.davidafsilva.apple:jkeychain:1.0.0'

Example

final OSXKeychain keychain = OSXKeychain.getInstance();
final Optional<String> mySecret = keychain.findGenericPassword("mySecret", "username");

Example project usage: https://github.com/yschimke/okurl/blob/b3208514b4338a2f57bfedccb2da4e6f54d0d99a/src/main/kotlin/com/baulsupp/okurl/credentials/OSXCredentialsStore.kt

查看更多
0人赞 添加讨论(0) 举报
Root(大扎)
3楼-- · 2020-06-04 09:52

I've done this myself by using the command line, e.g. running /usr/bin/security. However it doesn't have strong access controls. So you can run the /usr/bin/security from a terminal to access the same passwords, but a C++ app calling into the library directly would be blocked.

Because of this I'm using it only for oauth tokens for Social Media accounts. Things that you could do similarly by launching a web browser when logged in as the user.

https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/credentials/OSXCredentialsStore.java

查看更多
0人赞 添加讨论(0) 举报
我只想做你的唯一
4楼-- · 2020-06-04 09:52

There is also JNA + Maven project here which doesn't require compiling any native code in the build. Apparently supports OSX and Windows.

https://bitbucket.org/east301/java-keyring/

It has less features than osx-keychain-java, but supports Add and Get Generic Password.

<dependency>
  <groupId>net.east301</groupId>
  <artifactId>java-keyring</artifactId>
  <version>1.0.0</version>
</dependency>

Example code

import net.east301.keyring.Keyring;
import net.east301.keyring.PasswordRetrievalException;

Keyring keyring = Keyring.create();
String pw = keyring.getPassword(service, account);
查看更多
0人赞 添加讨论(0) 举报
萌系小妹纸
5楼-- · 2020-06-04 10:04

This seems to be a fairly common problem; the only solution I've found that looks like it might meet your requirements is this Github project, but it seems to be extremely old/unmaintained, and I can't speak to the quality or security of the code.

Unfortunately, there does not seem to be native support for accessing passwords stored in the keychain, and this does not seem to be a common enough problem for there to be an actively-developed library to solve it.

查看更多
0人赞 添加讨论(0) 举报
我想做一个坏孩纸
6楼-- · 2020-06-04 10:06

Further to the answer above by f-stephen-q, this library appears to work well still. I'm using a fork of it which is mavenised

$ git clone https://github.com/physion/osx-keychain-java
$ mvn install
$ cp dist/osxkeychain.jar ~/myproject/external

Adding a dependency

<dependency>
  <groupId>us.physion</groupId>
  <artifactId>osx-keychain</artifactId>
  <version>1.0</version>
  <scope>system</scope>
  <systemPath>${project.basedir}/external/osxkeychain.jar</systemPath>
</dependency>

Running it

osx-keychain-java$ jshell -cp ./dist/osxkeychain.jar

jshell> import com.mcdermottroe.apple.*;
jshell> OSXKeychain keychain = OSXKeychain.getInstance();
keychain ==> com.mcdermottroe.apple.OSXKeychain@2286778

jshell> keychain.addGenericPassword("aardvark", "a", "b");

jshell> keychain.findGenericPassword("aardvark", "a");
$4 ==> "b"
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)