使用Android信任库的aSmack在Android的4+(ICS) [英] Using the Android TrustStore for aSmack in Android 4+ (ICS)
问题描述
我不是密钥库的专家,也很难理解这一细微差别,但是这是我到目前为止有:
I am not an expert on keystores and have a hard time understanding the nuances of this but this is how far I got:
在创建使用asmack构建一个XMPP协议,连接发现这里人们仍然必须改变信任库,通常,这么说多源在网络上,使用这些命令完成
In creating a xmpp-connection using the asmack build found here one still has to change the truststore, which usually, so say multiple sources on the web, is done using these commands
ConnectionConfiguration config = new ConnectionConfiguration(host, Integer.parseInt(port), service);
config.setTruststorePath("/system/etc/security/cacerts.bks");
config.setTruststorePassword("changeit");
config.setTruststoreType("bks");
XMPPConnection connection = new XMPPConnection(connConfig);
connection.connect();
这找工作对老年人的Android版本,但在ICS他们改变了一些东西,现在它不anymore.The路径现在diferent。
This works find for older Android versions but under ICS they changed some things and now it does not anymore.The path now is diferent.
显然这可以是固定的但我没有世俗的想法如何。
Apparently this can be fixed but I have no earthly idea how.
需要什么,很明显,就是返回根据返回所需的字符串设置SDK路径,因为你不能只是密钥库自动返回到XMPP连接SDK版本路径的方法。
What is needed, obviously, is a method that returns the path depending on SDK version that returns the needed string to set the sdk-path since you can not just return the keystore itself to the xmpp-connection.
在参照<一个href="https://github.com/tomwhipple/AndroidPinning/blob/03d9b7d27ae3b12a946f7ac76143b7213af67579/java/org/thoughtcrime/ssl/pinning/PinningTrustManager.java"相对=nofollow>这个的这种方法是这样的:
In reference to this that method would look like this:
private String getTrustStorePath()
{
String path = System.getProperty("javax.net.ssl.trustStore");
if (path == null)
{
if ( Build.VERSION.SDK_INT >= 14 )
{
//THIS IS THE PART I DONT KNOW
path="";
}
else
{
path = "/system/etc/security/cacerts.bks";
}
return path;
}
这里一个评论者说,在Android的4.x的;在/ etc /安全/ cacerts中。 BKS被替换为目录/ etc /安全/ cacerts中/含证书作为单独的PEM连接codeD文件。但是,我不知道如果有,这有什么关联。
Here a commenter says that under Android "4.x; /etc/security/cacerts.bks was replaced with the directory/etc/security/cacerts/ containing the certs as individual PEM encoded files." however, I do not know what relevance, if any, this has.
我还检查出使用XMPP和asmack(<两个项目的code一href="http://$c$c.google.com/p/gtalksms/source/browse/src/com/google$c$c/gtalksms/XmppManager.java?name=v1.9.2"相对=nofollow> gtalksms 和 yaxim 却没有看到他们是如何避免这个问题。
I have also checked out the code of two projects using xmpp and asmack (gtalksms and yaxim but did not see how they avoid this problem.
推荐答案
试试这个:
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.ICE_CREAM_SANDWICH) {
connectionConfiguration.setTruststoreType("AndroidCAStore");
connectionConfiguration.setTruststorePassword(null);
connectionConfiguration.setTruststorePath(null);
} else {
connectionConfiguration.setTruststoreType("BKS");
String path = System.getProperty("javax.net.ssl.trustStore");
if (path == null)
path = System.getProperty("java.home") + File.separator + "etc"
+ File.separator + "security" + File.separator
+ "cacerts.bks";
connectionConfiguration.setTruststorePath(path);
}
请参阅 https://github.com/Flowdalic/asmack/wiki/Truststore 和一些背景解释为: http://nelenkov.blogspot.com/十二分之二千零一十一/ ICS-信任存储implementation.html 。
See https://github.com/Flowdalic/asmack/wiki/Truststore and some background explanation at http://nelenkov.blogspot.com/2011/12/ics-trust-store-implementation.html.
这篇关于使用Android信任库的aSmack在Android的4+(ICS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
