我在这个问题上苦苦挣扎了一周......我在android设备中安装了一个客户端证书。我的应用程序必须将文件上传到服务器,并且需要客户端证书才能进行握手。
是否有任何提示来实现此连接?谢谢...
问问题
2024 次
1 回答
6
试试下面的..
您应该拥有客户端证书的别名,该别名存储在您的 android 设备的密钥库中。这可以通过使用获得
private void chooseCert() {
KeyChain.choosePrivateKeyAlias(this, this, // Callback
new String[] {"RSA", "DSA"}, // Any key types.
null, // Any issuers.
null, // Any host
-1, // Any port
DEFAULT_ALIAS);
}
在此之后,您将收到回调。你的类应该实现 KeyChainAliasCallback
在这次尝试之后..
private void connect(){
String alias = getAliasForClientCertificate();
final X509Certificate[] certificates =getCertificateChain(alias);
final PrivateKey pk = getPrivateKey(alias);
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() {
@Override
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
return alias;
}
@Override
public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
return alias;
}
@Override
public X509Certificate[] getCertificateChain(String s) {
return certificates;
}
@Override
public String[] getClientAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public String[] getServerAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public PrivateKey getPrivateKey(String s) {
return pk;
}
};
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
// public X509Certificate[] getAcceptedIssuers() {
// return certificates;
// }
public X509Certificate[] getAcceptedIssuers() {
return certificates;
}
public boolean isClientTrusted(X509Certificate[] arg0) {
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
return true;
}
} };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {keyManager}, tm, null);
SSLContext.setDefault(sslContext);
URL url = new URL("url..");
HttpsURLConnection urlConnection = (HttpsURLConnection) url
.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
urlConnection.setHostnameVerifier(hv);
urlConnection.setInstanceFollowRedirects(false);
urlConnection.connect();
int responseCode = urlConnection.getResponseCode();
}
private X509Certificate[] getCertificateChain(String alias) {
try {
return KeyChain.getCertificateChain(this, alias);
} catch (KeyChainException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
return null;
}
于 2013-12-02T08:55:45.133 回答