对于未知CA的工作很好的例子，在Android的签名证书（如PKCS12） [英] Any good example for working with UNKNOWN CA signed certificate(like pkcs12) in android

问题描述

我工作在Android应用程序，它需要与服务器通过SSL通信。任何好的例子与PKCS12证书在Android中使用工作HttpsURLConnection的

I am working on android application, which requires to communicate with server over ssl. Any good example to work with pkcs12 certificates in android using HttpsUrlConnection

推荐答案

做了一些修改，以张贴@EpicPandaForce的code后，我才得以成功运行code。

After doing some modifications to the code posted by @EpicPandaForce, i was able to successfully run the code.

的变化：

1. KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");

到

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");

摆脱的异常： java.security.NoSuchAlgorithmException： X509的KeyManagerFactory不可用

to get rid of exception: java.security.NoSuchAlgorithmException: X509 KeyManagerFactory not available

2. KeyStore keyStore = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME); //spongyCastle library

到

KeyStore keyStore = KeyStore.getInstance("PKCS12");

和增加了​​供应商的的安全类的如下图所示。

and added the provider to Security Class as shown below

Security.addProvider(new BouncyCastleProvider());

摆脱例外 java.security.NoSuchProviderException：没有这样的提供商：SC

to get rid of Exception:java.security.NoSuchProviderException: no such provider: SC

然后最终完成code：

Security.addProvider(new BouncyCastleProvider());
    SSLContext sslContext = SSLContext.getInstance("TLS");
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore)null); //this is where you would add the truststore
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
    KeyStore keyStore = KeyStore.getInstance("PKCS12"); //spongyCastle library
    keyStore.load(new FileInputStream("D:\\Documents\\VISA Direct Api\\cabcentralcert.p12"), "cabcentral".toCharArray()); //inputStream to PKCS12
    keyManagerFactory.init(keyStore, "cabcentral".toCharArray());
    //TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    TrustManager[] trustAllCertManagers = { new X509TrustManager() { // this is vulnerable to MITM attack
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }};

    sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCertManagers, new SecureRandom());
    URL url = new URL(strUrl);
    HttpsURLConnection httpsUrlConnection = (HttpsURLConnection) url.openConnection();
    httpsUrlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

    System.out.println("Response Code : " + httpsUrlConnection.getResponseCode());
    System.out.println("Cipher Suite : " + httpsUrlConnection.getCipherSuite());

这篇关于对于未知CA的工作很好的例子，在Android的签名证书（如PKCS12）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！