Spring accessing keystore file

Question

I currently have a Spring server with Maven that stores a KeyStore file with users private keys in src/main/java/com.resource package. The problem is that when a maven update is performed the keystore file is reset so all the private keys are lost. I started doing research on where a keystore file should be placed and found Apaches documentation on handling keystore files but how would I access that file from the servlet code when needing to put or get a key? Because it isn't in Tomcat's scope.

Is this the correct convention when dealing with keystore files to place then in "%JAVA_HOME%\bin\keytool"?

Currently to access the keystore file with in the resources directory I do:

ApplicationContext appContext = new ClassPathXmlApplicationContext();
Resource resource = appContext.getResource("classpath:com/resources/" +fileName);
((ClassPathXmlApplicationContext) appContext).close();
InputStream inpusStream = resource.getInputStream();
KeyStore keyStore = null;
try {
    keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(inpusStream, );
} finally {
    if (inpusStream != null)
        inpusStream.close();
}

lane.maxwell · Accepted Answer

Anything that you put into src/main/resources gets bundled into the jar, like Andrea suggests. However, this also means that any time you repackage and deploy your jar you lose any changes made to those files, as you have observed.

If you are running your service on a single host, deploy the java keystore onto the filesystem and inform your java app of its location via a property. If you plan on deploying it into a cluster, you'll probably want to persist those keys into a database.

Also, just so you know, JAVA_HOME/bin/keytool is a binary used to manage keys and certificates (e.g. use this tool to create a JKS file).

Spring accessing keystore file

Answers (2)

Related Questions