在Android的SSL客户端验证 [英] SSL client authentication in Android

问题描述

我需要编写Android应用程序将与.net服务进行通信。我必须让服务器/客户端身份验证。我发现一些有用的主题（这个博客和这个博客），但他们都展示了​​如何做服务器身份验证。我如何做客户端身份验证？我发现了一个有用的讨论，但笔者使用套接字，但我需要通过HttpClient的做出来。

I need to write Android app that will be communicate with .Net service. I have to make server/client authentication. I found some useful topics (this blog and this blog) , but they both show how to made server authentication. How can I made client authentication? I found a useful discussion, but there author uses Sockets, but i need to make it via HttpClient.

推荐答案

下面让我用我自己的rootca和客户端+服务器证书。也就是说，无需支付任何钱:-)安全

the following allows me to use my own rootca and client+server certificates. ie, security without paying anyone money :-)

创建rootca，并使用OpenSSL的（很多教程这个在网络上），客户端和服务器的密钥和证书

create your rootca, and client and server keys and certs using openssl (many tutorials for this on the web)

创建一个使用密钥工具与BouncyCastle的为供应商rootcacert.bks和-importcert

create rootcacert.bks using keytool with bouncycastle as provider and -importcert

创建clientcertandkey.p12使用OpenSSL的PKCS12 -export ...

create clientcertandkey.p12 using openssl pkcs12 -export ...

HttpClient httpClient = null;
try {
    HttpParams httpParameters = new BasicHttpParams();
    KeyStore rootca = KeyStore.getInstance("BKS");
    rootca.load(getResources().openRawResource(R.raw.rootcacert),"bkskeystorepass".toCharArray());
    KeyStore mycert = KeyStore.getInstance("pkcs12");
    mycert.load(getResources().openRawResource(R.raw.clientcertandkey),"pkcs12storepass".toCharArray());
    SSLSocketFactory sockfact = new SSLSocketFactory(mycert,null,rootca);
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("https",sockfact , 443));
    httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParameters, registry), httpParameters);
} catch (Exception e) {
    e.printStackTrace();
}

这篇关于在Android的SSL客户端验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！