Storing username/password on Mac using Java
https://stackoverflow.com/questions/727812
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm writing a small program (a twitter client) in Java, aimed at Mac OS X. As part of its functionality, it needs to have a place to store the twitter username/password. The natural place would be the mac keychain, but I can't find any way of accessing it.
Is there any way of accessing the mac keychain from Java, or failing that, what is your recommendation for where to store the username/password instead?
Solution
There is Java keychain API, in that there's an implementation of KeyStore on OS X backed by the keychain.
I think the keychain is the best place (if not the place) to store the password. It's encrypted with a good algorithm, the user is free to be as permissive or as paranoid over the availability of the keychain to apps as they like, and the password would then be stored with and configured like all of the other passwords the user stores.
OTHER TIPS
I haven't tried this, but it looks like you can access the key chain with the Apple crypto provider (com.apple.crypto.provider.Apple), creating a KeyStore of type KeychainStore.
Okay, after some experimentation, I was able to access private-key–certificate entries in the KeychainStore. However, passwords in my Keychain did not show up (no alias was listed), and when I tried to add a KeyStore.SecretKeyEntry (which is what you'd need to hold a password) it failed with the message, "Key is not a PrivateKey". Clearly, Apple has not supported SecretKeyEntry.
If you still want to protect your Twitter password through the key chain, I think the closest you can get is to generate an RSA key pair, self-sign a certificate, and add a PrivateKeyEntry to the keychain. Then you can use the key pair to protect the Twitter password.
It isn't terribly difficult to sign certificates yourself, but if you go that route, you might want to check out the BouncyCastle library for help.
You should take a look at twitters API page on OAuth support. By using OAuth, you don't need to know the user's twitter password.
