stackoom
  简体   繁体   中英

How to support Client Certificate Mutual Authentication with IBM Worklight 6.2 for Android?

 原文  2015-08-12 06:17:34       android/ cordova/ ssl/ ibm-mobilefirst

Question

I am very new to Android, but i have been working as a Web Developer for a mobile webapp. and we need to wrap this webapp in a Worklight Android Hybrid App. We have a mobile webapp that relies on Client Certificate Mutual Authentication for security, using X509 Certificates.

We already have an iOS Hybrid App that does the following: 

- Check if Certificate is installed
- Redirect to Certificate Repository
- Download Certificate from the Repo
- Install Cert in App KeyChain
- Redirect to Secured WebApp with Client Cert Authentication

We have implemented this in iOS by overwriting the UIViewController and creating a CustomHTTPProtocol based on Apple's code: https://developer.apple.com/library/ios/samplecode/CustomHTTPProtocol/Listings/Read_Me_About_CustomHTTPProtocol_txt.html , it's a bit large to provide a snippet.

To put it simply: we just want to know how to handle web pages with Client Certificates in Android and WorkLight. Is it from the MainActivity, CordovaWebView or CordovaWebViewClient? We dont want to ignore the certificate like the code from here: https://www.ibm.com/developerworks/community/blogs/mobileblog/entry/apache_cordova_working_with_certificates_on_android?lang=en

I am digging up all related solutions, but i couldnt find any that will provide an answer. Maybe i need to handle HttpsURLConnection directly in Android, I'm not sure.

1 answers

solution1
 0  2016-06-24 11:33:20

In worklight, you contact your backend via adapters. So from your app you invoke the adapter which then calls the backend. Security etc get handled at the adapter layer. So in this type of architecture, you configure Worklight server by defining your keystore (and the cert to use within that keystore). This would be used by the adapter when it tries to contact a backend for which mutual authentication has been configured. And you would add the CA certificate of the backend to the trust store of the app server where Worklight is running on so that Worklight also can authenticate the backend. So mainly, you need to do the following:

  • Use Worklight adapters to contact backend
  • Configure Worklight server with Keystore by specifying in worklight.properties or JNDI entries
  • Add the CA certificate of the backend to the trust store of App server on which worklight server is running
  • Mention the sslCertificateAlias, password etc in Adapter's xml file
  • Call this adapter from the app to get to backend

Info on Keystore and SSL configuration to be done in adapter can be found here .

And this approach should work for both Android as well as iOS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android client doesn't appear to send certificate (trying mutual authentication) IBM Worklight 6.2 - error on StoragePlugin Android Different Resolution Support in IBM Worklight Does IBM Worklight support Android's ProGuard? SSL mutual authentication FAIL on Android Client accepts servers certificate but server does not get the client cert X509 Certificate Based Authentication in IBM Worklight 6.1 IBM Worklight - How to Launch android emulator? How and what server certificate to use with android SSL client certificate authentication Worklight 6.2 CLI - how to specify android install location Android Webview Client Certificate, Mutual Auth, SSL over Webview
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM