列出存储在用户凭据中的证书 [英] list certificate stored in user credentials
问题描述
在Android 7 Nougat中,用户安装的证书转到用户凭据,而不是受信任的凭据(由系统凭据和用户凭据组成)。
In Android 7 Nougat, user installed certificate goes to "User credentials" instead of "Trusted credentials"(which consists of system credential & user credential).
我以前通过以下方式访问受信任的凭据:
I used to access "Trusted credentials" by:
KeyStore keystore = KeyStore.getInstance("AndroidCAStore");
通过上述代码,我便可以访问系统&用户信任的凭据。
through the above code I can then access system & user trusted credentials.
但是现在,在Android 7中,用户安装的证书会转到设置->下名为用户凭据的单独位置。 ;安全性->用户凭据。
But now, in Android 7, user installed certificate goes to a separate place called "User credentials" under Settings --> Security --> User credentials.
我的问题是如何在Android 7中以编程方式列出用户凭据中的凭据?
My question is how can I programmatically list the credentials inside User credentials in Android 7?
推荐答案
要在整个Android生态系统中提供更一致,更安全的体验,从Android Nougat开始,兼容的设备仅信任 CA 在 AOSP 中进行维护。
To provide a more consistent and more secure experience across the Android ecosystem, beginning with Android Nougat, compatible devices trust only the standardized system CAs maintained in AOSP.
以前,与系统捆绑在一起的个预安装CA的集合可能因设备而异。当某些设备不包括应用程序需要连接的 CA 时,这可能导致兼容性问题;如果在其中包含不满足我们安全要求的 CA ,则可能导致安全问题。一些设备。
Previously, the set of pre-installed CAs bundled with the system could vary from device to device. This could lead to compatibility issues when some devices did not include CAs that apps needed for connections as well as potential security issues if CAs that did not meet our security requirements were included on some devices.
首先,请确保您的CA需要包含在系统中。预安装的
CA仅用于满足我们的安全要求
的CA,因为它们会影响设备上大多数应用程序的安全连接。
如果您需要添加CA以连接到使用该CA的主机,则
应该自定义连接到这些
主机的应用和服务。有关自定义受信任的CA 的更多信息。
在上面的链接,您可以找到信任具有不同需求的自定义CA的所有必要信息,例如
In above link you can find all the necessary information for trusting custom CAs with different needs like
- 信任自定义CA进行调试
- 信任某个域的自定义CA
- 信任某些域的用户添加的CA
- 信任所有域的用户添加的CA,
- 信任所有安全连接的用户添加的CA
- Trusting custom CAs for debugging
- Trusting custom CAs for a domain
- Trusting user-added CAs for some domains
- Trusting user-added CAs for all domains except some
- Trusting user-added CAs for all secure connections
因此,基本上,您需要添加安全配置文件和配置自定义CA (适用于Android 7.0(API级别24)及更高版本。)
So, Basically you need to add a Security Configuration File and Configure a custom CA(For Android 7.0 (API level 24) and higher).
在您的 man中ifest.xml
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config"
... >
...
</application>
</manifest>
在 res / xml / network_security_config.xml中:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">example.com</domain>
<trust-anchors>
<certificates src="@raw/my_ca"/>
</trust-anchors>
</domain-config>
</network-security-config>
仅供参考:-
如果您运营一个应该包含在Android中的CA,请首先完成 Mozilla CA包含过程,然后针对Android提交功能请求,以添加CA到系统CA的标准化集合。
Just for Information :- If you operate a CA that you believe should be included in Android, first complete the Mozilla CA Inclusion Process and then file a feature request against Android to have the CA added to the standardized set of system CAs.
让我知道更多帮助。
希望这对您有所帮助。继续编码!!!
Hope this will help you. Keep Coding!!!
这篇关于列出存储在用户凭据中的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
