[英]Spongey Castle self-signed Certificate vs. Android KeyStore?
我正在嘗試創建一個自簽名證書。 我想這樣做是為了將海綿城堡KeyPair存儲到“ AndroidKeyStore”中。 對於具有SHA-256摘要的P-256,簽名必須為ECDSA。
// see http://www.programcreek.com/java-api-examples/index.php?class=org.spongycastle.cert.X509v3CertificateBuilder&method=addExtension
X509Certificate genSelfSignedCert(KeyPair kp, String CN){
X509Certificate certificate;
try{
X500Name x500Name = new X500NameBuilder(BCStyle.INSTANCE)
.addRDN(BCStyle.CN, CN)
.build();
SecureRandom rand = new SecureRandom();
PrivateKey privKey = kp.getPrivate();
PublicKey pubKey = kp.getPublic();
SubjectPublicKeyInfo subPubKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(pubKey.getEncoded()));
Date startDate = new Date(); // now
Calendar c = Calendar.getInstance();
c.setTime(startDate);
c.add(Calendar.YEAR, 1);
Date endDate = c.getTime();
X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
x500Name,
BigInteger.valueOf(rand.nextLong()),
startDate, endDate,
x500Name,
subPubKeyInfo);
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256withECDSA").build(privKey);
X509CertificateHolder certHolder = v3CertGen.build(sigGen);
certificate = new JcaX509CertificateConverter().getCertificate(certHolder);
}//try
catch( OperatorCreationException| CertificateException X ) {;}
mLog.debug( "kp.getPublic().getAlgorithm(): \t" + kp.getPublic().getAlgorithm() );
mLog.debug("certificate.getPublicKey().getAlgorithm():\t" + certificate.getPublicKey().getAlgorithm());
return certificate;
}//genSelfSignedCert()
當我使用上述方法genSelfSignedCert()時(摘自ProgramCreek.com)
X509Certificate[] selfSignedCert = new X509Certificate[1];
selfSignedCert[0] = genSelfSignedCert(keyPair, "MyAwesomeAlias");
KeyStore.Entry privateKey = new PrivateKeyEntry(keyPair.getPrivate(), selfSignedCert );
我得到:
kp.getPrivate().getAlgorithm(): ECDSA
kp.getPublic().getAlgorithm(): ECDSA
certificate.getPublicKey().getAlgorithm(): EC <--MISMATCH!? Why not ECDSA?
IllegalArgumentException:
Algorithm of private key does not match algorithm of public key in end certificate of entry (with index number: 0)
為什么此方法會創建其算法與密鑰對不匹配的證書?
好。 最重要的是,我正在嘗試混合使用加密提供程序(spongy與AndroidKeyStore)。
我決定不這樣做,但是如果您想混合使用加密提供程序,則必須像這樣進行相應的切換:
//Moves provider to first place
static void initSecurity(java.security.Provider provider){
listProviders();
java.security.Security.removeProvider(provider.getName());
int insertProviderAt = java.security.Security.insertProviderAt(provider, 1);
mLog.debug("insertProviderAt:\t" + Integer.toString(insertProviderAt) ) ;
listProviders();
}//initSecurity
static public void listProviders(){
java.security.Provider[] providers = java.security.Security.getProviders();
StringBuilder list = new StringBuilder().append("Num providers: " + providers.length );
int i = 0;
for (java.security.Provider p : providers){
list.append("\n\tProvider " + ++i + ": " + p.getName() + "\t info: " + p.getInfo());
java.util.Set<java.security.Provider.Service> services = p.getServices();
list.append("\tNum services: " + services.size());
for (java.security.Provider.Service s : services ){
//list.append("\n\t\tService: " + s.toString() + "\ttype: " + s.getType() + "\talgo: " + s.getAlgorithm());
}
}
mLog.debug(list.toString());
}//listProviders
Android - 獲取自簽名服務器證書並添加到受信任的密鑰庫
[英]Android - Obtain self-signed server certificate and add to trusted keystore
Android KeyStore:無法生成自簽名證書,日期字符串無效
[英]Android KeyStore : Failed to generate self-signed certificate , invalid date string
Android HttpsURLConnection 適用於模擬器上的自簽名證書,但不適用於真實設備
[英]Android HttpsURLConnection works with self-signed certificate on emulator but not on real device
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.