[英]Client Certificate Android Https
我在這個問題上苦苦掙扎了一周……我在android設備上安裝了客戶端證書。 我的應用程序必須使用要求客戶端證書的文件將文件上傳到服務器,以進行握手。
是否有實現此連接的提示? 謝謝...
請嘗試以下方法。
您應該具有客戶端證書的別名,該別名存儲在android設備的密鑰庫中。 您可以通過使用獲得
private void chooseCert() {
KeyChain.choosePrivateKeyAlias(this, this, // Callback
new String[] {"RSA", "DSA"}, // Any key types.
null, // Any issuers.
null, // Any host
-1, // Any port
DEFAULT_ALIAS);
}
之后,您將獲得回調。 您的課程應實現KeyChainAliasCallback
然后嘗試一下..
private void connect(){
String alias = getAliasForClientCertificate();
final X509Certificate[] certificates =getCertificateChain(alias);
final PrivateKey pk = getPrivateKey(alias);
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() {
@Override
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
return alias;
}
@Override
public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
return alias;
}
@Override
public X509Certificate[] getCertificateChain(String s) {
return certificates;
}
@Override
public String[] getClientAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public String[] getServerAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public PrivateKey getPrivateKey(String s) {
return pk;
}
};
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
// public X509Certificate[] getAcceptedIssuers() {
// return certificates;
// }
public X509Certificate[] getAcceptedIssuers() {
return certificates;
}
public boolean isClientTrusted(X509Certificate[] arg0) {
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
return true;
}
} };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {keyManager}, tm, null);
SSLContext.setDefault(sslContext);
URL url = new URL("url..");
HttpsURLConnection urlConnection = (HttpsURLConnection) url
.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
urlConnection.setHostnameVerifier(hv);
urlConnection.setInstanceFollowRedirects(false);
urlConnection.connect();
int responseCode = urlConnection.getResponseCode();
}
private X509Certificate[] getCertificateChain(String alias) {
try {
return KeyChain.getCertificateChain(this, alias);
} catch (KeyChainException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
return null;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.