我正在尝试从Windows的“受信任的根证书颁发机构”证书库中删除证书。可以使用SunMSCAPI提供程序从java访问此存储,根据oracle's documentation,应该能够读取和写入“个人”存储和“受信任的根证书颁发机构”。至少这是我对句子的解释
此外,在对密钥库进行修改时会立即反映更改,例如KeyStore.setKeyEntry(...),KeyStore.deleteEntry(...)。
但是,在尝试删除条目时,我会收到java.security.KeyStoreException: Access is denied.
我的代码看起来像
final KeyStore msCertStore = KeyStore.getInstance("Windows-ROOT", "SunMSCAPI");
msCertStore.load(null, null);
if (msCertStore.containsAlias(mCertificateName))
{
getLogger().info("Removing certificate with alias '{}' from store '{}'", mCertificateName,
mCertificateStore.getStoreName());
msCertStore.deleteEntry(mCertificateName);
}
我得到的是
Exception in thread "main" java.security.KeyStoreException: Access is denied.
at sun.security.mscapi.KeyStore.removeCertificate(Native Method)
at sun.security.mscapi.KeyStore.engineDeleteEntry(KeyStore.java:542)
at sun.security.mscapi.KeyStore$ROOT.engineDeleteEntry(KeyStore.java:68)
at java.security.KeyStore.deleteEntry(Unknown Source)
at my.playground.DeleteCertificateCommand.execute(DeleteCertificateInstallerCommand.java:67)
...
用于执行代码的用户帐户是本地管理员,我可以在Windows的certmgr.msc GUI中手动从商店中删除证书。但是使用上面的代码无法正常工作。
从个人存储Windows-MY中删除证书有效,但似乎与访问权限有关。但我需要什么样的权利?
BTW:操作系统是Windows Server 2008 RC2
答案 0 :(得分:0)
每http://www.oracle.com/technetwork/articles/javase/security-137537.html
// Note: When a security manager is installed,
// the following call requires SecurityPermission
// "authProvider.SunMSCAPI".
ks.load(null, null);