Storing username/password on Mac using Java

问题

I'm writing a small program (a twitter client) in Java, aimed at Mac OS X. As part of its functionality, it needs to have a place to store the twitter username/password. The natural place would be the mac keychain, but I can't find any way of accessing it.

Is there any way of accessing the mac keychain from Java, or failing that, what is your recommendation for where to store the username/password instead?

回答1:

There is Java keychain API, in that there's an implementation of KeyStore on OS X backed by the keychain.

I think the keychain is the best place (if not the place) to store the password. It's encrypted with a good algorithm, the user is free to be as permissive or as paranoid over the availability of the keychain to apps as they like, and the password would then be stored with and configured like all of the other passwords the user stores.

回答2:

I haven't tried this, but it looks like you can access the key chain with the Apple crypto provider (com.apple.crypto.provider.Apple), creating a KeyStore of type KeychainStore.

Okay, after some experimentation, I was able to access private-key–certificate entries in the KeychainStore. However, passwords in my Keychain did not show up (no alias was listed), and when I tried to add a KeyStore.SecretKeyEntry (which is what you'd need to hold a password) it failed with the message, "Key is not a PrivateKey". Clearly, Apple has not supported SecretKeyEntry.

If you still want to protect your Twitter password through the key chain, I think the closest you can get is to generate an RSA key pair, self-sign a certificate, and add a PrivateKeyEntry to the keychain. Then you can use the key pair to protect the Twitter password.

It isn't terribly difficult to sign certificates yourself, but if you go that route, you might want to check out the BouncyCastle library for help.