Create a KeyStore instance with my self signed certificate
Question
I have a self-signed certificate that I use to communicate with my server. As per the this article I can create a Keystore instance with my certificate. I did the same and the code is working just fine, I am able to make server calls over HTTPS connection.
When I print all the certificates that are present in the Keystore it is printing only the certificates that I have inserted into it. I thought that this implementation will instruct android to trust all the in-built certificates in the AndroidCAStore and the new self-signed certificate from my server.
When creating an instance I used AndroidCAStore and AndroidKeyStore but the problem is I am not able to add my self-signed certificate to the keystore. Whenever I call setCertificateEntry I am getting UnsupportedMethodException .
I want to create a KeyStore that has all the default certificate from the Android default keystore and the Self-Signed certificate from my server. How to do that?
1 answers
solution1
-2 2018-03-19 06:26:10
public static class CustomTrustManager implements X509TrustManager{
private X509TrustManager defaultTrustManager;
private X509TrustManager localTrustManager;
public CustomTrustManager(KeyStore keyStore){
try {
defaultTrustManager = createTrustManager(null);
localTrustManager = createTrustManager(keyStore);
}catch (NoSuchAlgorithmException e){
Log.e("CustomTrustManager"," Cannot create trust manager : NoSuchAlgorithm found "+e.toString());
}catch (KeyStoreException exp){
Log.e("CustomTrustManager"," Cannot create trust manager : Keystore exception"+e.toString());
}
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
try {
localTrustManager.checkClientTrusted(x509Certificates, s);
} catch (CertificateException ce) {
defaultTrustManager.checkClientTrusted(x509Certificates, s);
}
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
Log.e("CustomTrustManager","Checking server trust");
try {
localTrustManager.checkServerTrusted(x509Certificates, s);
} catch (CertificateException ce) {
defaultTrustManager.checkServerTrusted(x509Certificates, s);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
X509Certificate[] first = defaultTrustManager.getAcceptedIssuers();
X509Certificate[] second = localTrustManager.getAcceptedIssuers();
X509Certificate[] result = Arrays.copyOf(first, first.length + second.length);
System.arraycopy(second, 0, result, first.length, second.length);
return result;
}
private X509TrustManager createTrustManager(KeyStore store) throws NoSuchAlgorithmException, KeyStoreException {
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init((KeyStore) store);
TrustManager[] trustManagers = tmf.getTrustManagers();
return (X509TrustManager) trustManagers[0];
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.