【发布时间】:2013-05-07 11:35:16
【问题描述】:
我正在尝试使用适用于 Android 平台的 SSL 来保护我的基于 TCP/IP 的套接字连接。 这是我的代码中的一些 sn-p:
客户端:
SSLSocketFactory sslFact = null;
SSLContext ctx;
KeyStore ks;
char[] passphrase = "hosttest".toCharArray();
ks = KeyStore.getInstance("BKS");
ks.load(SSLActivity.mContext.getResources().openRawResource(R.raw.hosttestcert), passphrase);
TrustManagerFactory tmf =TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
ctx = SSLContext.getInstance("TLS");
ctx.init(null,tmf.getTrustManagers(), null);
sslFact = ctx.getSocketFactory();
mySocket = (SSLSocket)sslFact.createSocket();
mySocket.connect(new InetSocketAddress(InetAddress.getByName("127.0.0.1"), 7891),1000);
服务器端:
SSLServerSocketFactory sslSrvFact = null;
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
// Load the self-signed server certificate
char[] passphrase = "hosttest".toCharArray();
ks = KeyStore.getInstance("BKS");
ks.load(SSLActivity.mContext.getResources().openRawResource(R.raw.hosttestcert), passphrase);
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, passphrase);
// Create a SSLContext with the certificate
ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(),null, null);
sslSrvFact = ctx.getServerSocketFactory();
myServerSocket =(SSLServerSocket)sslSrvFact.createServerSocket(port);
当我从服务器调用 accept() 套接字调用时,我收到以下异常:
javax.net.ssl.SSLException: Could not find any key store entries to support the enabled cipher suites.
org.apache.harmony.xnet.provider.jsse.OpenSSLServerSocketImpl.checkEnabledCipherSuites(OpenSSLServerSocketImpl.java:241)
org.apache.harmony.xnet.provider.jsse.OpenSSLServerSocketImpl.accept(OpenSSLServerSocketImpl.java:186)
at com.aricent.ssltesst.ApplinkTCPServer$1.run(ApplinkTCPServer.java:189)
at java.lang.Thread.run(Thread.java:856)
我正在关注这篇文章以生成我的证书和密钥库: http://randomizedsort.blogspot.in/2010/09/step-to-step-guide-to-programming.html 请建议我是否遗漏了什么或需要为 Android 平台上的密钥库做其他事情。
【问题讨论】: