[英]How to use p12 certificates in Android (client certificates)
我正在嘗試在android中使用客戶端證書。 我有一個.p12文件,我想使用它對服務器進行身份驗證。
我正在使用portecle將.p12文件轉換為.bks文件,但我似乎無法正常工作。
這是代碼:
package com.pa1406.SECURE;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import android.content.Context;
public class HttpsClient extends DefaultHttpClient {
final Context context;
public HttpsClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(
new Scheme("https",newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore truststore = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(R.raw.keystore);
try {
truststore.load(in, "qwerty1234".toCharArray());
} finally {
in.close();
}
return new SSLSocketFactory(truststore);
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
我該怎么做才能做到這一點?
更新:
package com.pa1406.SECURE;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import android.content.Context;
public class HttpsClient extends DefaultHttpClient {
final Context context;
public HttpsClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(
new Scheme("https",newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// setup truststore to provide trust for the server certificate
// load truststore certificate
InputStream clientTruststoreIs = context.getResources().openRawResource(R.raw.truststore);
KeyStore trustStore = null;
trustStore = KeyStore.getInstance("BKS");
trustStore.load(clientTruststoreIs, "qwerty1234".toCharArray());
System.out.println("Loaded server certificates: " + trustStore.size());
// initialize trust manager factory with the read truststore
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
// setup client certificate
// load client certificate
InputStream keyStoreStream = context.getResources().openRawResource(R.raw.torbix);
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("BKS");
keyStore.load(keyStoreStream, "qwerty1234".toCharArray());
System.out.println("Loaded client certificates: " + keyStore.size());
// initialize key manager factory with the read client certificate
KeyManagerFactory keyManagerFactory = null;
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "qwerty1234".toCharArray());
// initialize SSLSocketFactory to use the certificates
SSLSocketFactory socketFactory = null;
socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, keyStore, "qwerty1234",
trustStore, null, null);
return socketFactory;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
您需要更改代碼的時間點是新的SSLSocketFactory實例:
return new SSLSocketFactory(truststore);
SSLSocketFactory類具有其他構造函數,其中一個可以指定密鑰庫,密鑰庫密碼和信任關系:
public SSLSocketFactory (KeyStore keystore, String keystorePassword, KeyStore truststore)
( JavaDoc )
我不確定是否可以將Android的.P12
文件作為KeyStore加載(在J2SE上可以)。 如果不能,則必須將.P12
文件轉換為類似於已使用的信任庫的Bouncy Castle密鑰庫。 使用該密鑰庫創建SSLSocketFactory實例,您應該能夠使用客戶端證書。
通過Portecle將P12文件導入BKS
使用Portecle GUI (Java程序),創建BKS
文件並導入現有的.key
+ .pem
文件非常簡單。 啟動Portecle后,選擇File - > New Keystore - > BKS 。 然后,您可以執行工具 - >導入密鑰對,然后選擇.P12
文件。 最后用您選擇的密碼保存密鑰庫。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.