Mac OS X Keychain access in Java for Generic Passwords

Question

What is the standard way to retrieve generic passwords in the Keychain of OS X using only Java? Apple Developer Pages provide some good background but the implementation and

Answer 1

I am now using https://github.com/davidafsilva/jkeychain which is a fork of conormcd/osx-keychain-java

Gradle

compile 'pt.davidafsilva.apple:jkeychain:1.0.0'

Example

final OSXKeychain keychain = OSXKeychain.getInstance();
final Optional<String> mySecret = keychain.findGenericPassword("mySecret", "username");

Example project usage: https://github.com/yschimke/okurl/blob/b3208514b4338a2f57bfedccb2da4e6f54d0d99a/src/main/kotlin/com/baulsupp/okurl/credentials/OSXCredentialsStore.kt

Answer 2

There is also JNA + Maven project here which doesn't require compiling any native code in the build. Apparently supports OSX and Windows.

https://bitbucket.org/east301/java-keyring/

It has less features than osx-keychain-java, but supports Add and Get Generic Password.

<dependency>
  <groupId>net.east301</groupId>
  <artifactId>java-keyring</artifactId>
  <version>1.0.0</version>
</dependency>

Example code

import net.east301.keyring.Keyring;
import net.east301.keyring.PasswordRetrievalException;

Keyring keyring = Keyring.create();
String pw = keyring.getPassword(service, account);

Answer 3

This seems to be a fairly common problem; the only solution I've found that looks like it might meet your requirements is this Github project, but it seems to be extremely old/unmaintained, and I can't speak to the quality or security of the code.

Unfortunately, there does not seem to be native support for accessing passwords stored in the keychain, and this does not seem to be a common enough problem for there to be an actively-developed library to solve it.

Answer 4

I've done this myself by using the command line, e.g. running /usr/bin/security. However it doesn't have strong access controls. So you can run the /usr/bin/security from a terminal to access the same passwords, but a C++ app calling into the library directly would be blocked.

Because of this I'm using it only for oauth tokens for Social Media accounts. Things that you could do similarly by launching a web browser when logged in as the user.

https://github.com/yschimke/oksocial/blob/master/src/main/java/com/baulsupp/oksocial/credentials/OSXCredentialsStore.java

Answer 5

Further to the answer above by f-stephen-q, this library appears to work well still. I'm using a fork of it which is mavenised

$ git clone https://github.com/physion/osx-keychain-java
$ mvn install
$ cp dist/osxkeychain.jar ~/myproject/external

Adding a dependency

<dependency>
  <groupId>us.physion</groupId>
  <artifactId>osx-keychain</artifactId>
  <version>1.0</version>
  <scope>system</scope>
  <systemPath>${project.basedir}/external/osxkeychain.jar</systemPath>
</dependency>

Running it

osx-keychain-java$ jshell -cp ./dist/osxkeychain.jar

jshell> import com.mcdermottroe.apple.*;
jshell> OSXKeychain keychain = OSXKeychain.getInstance();
keychain ==> com.mcdermottroe.apple.OSXKeychain@2286778

jshell> keychain.addGenericPassword("aardvark", "a", "b");

jshell> keychain.findGenericPassword("aardvark", "a");
$4 ==> "b"