RFE: SecretKeyEntry support for Apple KeychainStore
Hendrik Schreiber
hs at tagtraum.com
Wed Mar 12 09:35:50 UTC 2014
Hey...
I was pleasantly surprised to learn that Apple and subsequently OpenJDK provides support for using the Apple KeyChain as a keystore.
As I common use case, I tried to use it to store passwords for third party services (Twitter, git, whatever), but couldn't get it to work.
Apparently the implementation lacks support for SecretKeyEntry, as pointed out in http://stackoverflow.com/questions/727812/storing-username-password-on-mac-using-java#727840
Would it be possible to implement this?
Thanks,
-hendrik
PS: As illustration, I would expect the following code to work (it works with JCEKS as KeyStore and appropriate input/output streams in load/store calls):
final char[] keyStorePassword = "KeyStorePassword".toCharArray();
final char[] servicePassword = "ServicePassword".toCharArray();
final String alias = "MyService";
// store password for some service
final KeyStore keystore = KeyStore.getInstance("KeychainStore", "Apple");
keystore.load(null, keyStorePassword);
final KeyStore.PasswordProtection keyStorePP = new KeyStore.PasswordProtection(keyStorePassword);
final SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
final SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec(servicePassword));
keystore.setEntry(alias, new KeyStore.SecretKeyEntry(generatedSecret), keyStorePP);
keystore.store(null, keyStorePassword);
// retrieve password for some service
final KeyStore keystore2 = KeyStore.getInstance("KeychainStore", "Apple");
keystore2.load(null, keyStorePassword);
final KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry)keystore2.getEntry(alias, keyStorePP);
final PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class);
char[] password = keySpec.getPassword();
System.out.println(new String(password));
More information about the macosx-port-dev
mailing list