堆棧內存溢出
  簡體   English   中英

如何在Android中使用p12證書(客戶端證書)

[英]How to use p12 certificates in Android (client certificates)

 原文  2011-11-29 13:11:53       android/ security/ https/ client-certificates

問題描述

我正在嘗試在android中使用客戶端證書。 我有一個.p12文件,我想使用它對服務器進行身份驗證。

我正在使用portecle將.p12文件轉換為.bks文件,但我似乎無法正常工作。

這是代碼: 

package com.pa1406.SECURE;

import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;

import android.content.Context;

public class HttpsClient extends DefaultHttpClient {

  final Context context;

  public HttpsClient(Context context) {
    this.context = context;
  }

  @Override protected ClientConnectionManager createClientConnectionManager() {
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(
        new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    registry.register(
        new Scheme("https",newSslSocketFactory(), 443));
    return new SingleClientConnManager(getParams(), registry);
  }

  private SSLSocketFactory newSslSocketFactory() {
    try {
      KeyStore truststore = KeyStore.getInstance("BKS");

      InputStream in = context.getResources().openRawResource(R.raw.keystore);

      try {
          truststore.load(in, "qwerty1234".toCharArray());
      } finally {
        in.close();
      }
      return new SSLSocketFactory(truststore);
    } catch (Exception e) {
      throw new AssertionError(e);
    }

  }
}

我該怎么做才能做到這一點?

更新: 

package com.pa1406.SECURE;


import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;

import android.content.Context;

public class HttpsClient extends DefaultHttpClient {

  final Context context;

  public HttpsClient(Context context) {
    this.context = context;
  }

  @Override protected ClientConnectionManager createClientConnectionManager() {
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(
        new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    registry.register(
        new Scheme("https",newSslSocketFactory(), 443));
    return new SingleClientConnManager(getParams(), registry);
  }

  private SSLSocketFactory newSslSocketFactory() {
    try {
        // setup truststore to provide trust for the server certificate

        // load truststore certificate
        InputStream clientTruststoreIs = context.getResources().openRawResource(R.raw.truststore);
        KeyStore trustStore = null;
        trustStore = KeyStore.getInstance("BKS");
        trustStore.load(clientTruststoreIs, "qwerty1234".toCharArray());

        System.out.println("Loaded server certificates: " + trustStore.size());

        // initialize trust manager factory with the read truststore
        TrustManagerFactory trustManagerFactory = null;
        trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);

        // setup client certificate

        // load client certificate
        InputStream keyStoreStream = context.getResources().openRawResource(R.raw.torbix);
        KeyStore keyStore = null;
        keyStore = KeyStore.getInstance("BKS");
        keyStore.load(keyStoreStream, "qwerty1234".toCharArray());

        System.out.println("Loaded client certificates: " + keyStore.size());

        // initialize key manager factory with the read client certificate
        KeyManagerFactory keyManagerFactory = null;
        keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "qwerty1234".toCharArray());

     // initialize SSLSocketFactory to use the certificates
        SSLSocketFactory socketFactory = null;
        socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, keyStore, "qwerty1234",
            trustStore, null, null);

      return socketFactory;
    } catch (Exception e) {
      throw new AssertionError(e);
    }

  }

}

1 個解決方案

解決方案1
 3 已采納  2011-11-29 14:00:45

您需要更改代碼的時間點是新的SSLSocketFactory實例: 

return new SSLSocketFactory(truststore);

SSLSocketFactory類具有其他構造函數,其中一個可以指定密鑰庫,密鑰庫密碼和信任關系:

public SSLSocketFactory (KeyStore keystore, String keystorePassword, KeyStore truststore)JavaDoc

我不確定是否可以將Android的.P12文件作為KeyStore加載(在J2SE上可以)。 如果不能,則必須將.P12文件轉換為類似於已使用的信任庫的Bouncy Castle密鑰庫。 使用該密鑰庫創建SSLSocketFactory實例,您應該能夠使用客戶端證書。

通過Portecle將P12文件導入BKS

使用Portecle GUI (Java程序),創建BKS文件並導入現有的.key + .pem文件非常簡單。 啟動Portecle后,選擇File - > New Keystore - > BKS 然后,您可以執行工具 - >導入密鑰對,然后選擇.P12文件。 最后用您選擇的密碼保存密鑰庫。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 您如何在 Android 上使用 .p12 證書? 在Android客戶端中使用證書 Android中的客戶端證書 如何將 .p12 證書添加到 Android 設備? 讀取 Android 應用程序的 PKCS12/P12 客戶端證書文件 帶有P12證書的Android簽名數據 如何用.p12簽名字符串? 如何在Smack 4.2中使用證書 Qt服務器和android SSL客戶端證書 Android HttpsUrlConnection具有多個客戶端證書+連接池?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM