使用我的自签名证书创建一个 KeyStore 实例

【问题标题】:Create a KeyStore instance with my self signed certificate使用我的自签名证书创建一个 KeyStore 实例
【发布时间】:2018-03-05 17:51:14
【问题描述】:

我有一个用于与服务器通信的自签名证书。根据this article,我可以使用我的证书创建一个 Keystore 实例。我做了同样的事情,代码工作得很好,我可以通过 HTTPS 连接进行服务器调用。

当我打印密钥库中存在的所有证书时,它只打印我插入其中的证书。我认为这个实现将指示 android 信任 AndroidCAStore 中的所有内置证书以及来自我的服务器的新自签名证书。

创建实例时,我使用了AndroidCAStoreAndroidKeyStore,但问题是我无法将自签名证书添加到密钥库。每当我打电话给setCertificateEntry 时,我都会收到UnsupportedMethodException

我想创建一个KeyStore,其中包含来自 Android 默认密钥库的所有默认证书和来自我的服务器的自签名证书。该怎么做?

【问题讨论】:

  • 如果您还有私钥,您的自签名证书将存储为KeyEntry,而不是CertificateEntry

标签: java android ssl android-keystore


【解决方案1】: 
public static class CustomTrustManager implements X509TrustManager{

    private X509TrustManager defaultTrustManager;
    private X509TrustManager localTrustManager;

    public CustomTrustManager(KeyStore keyStore){
        try {
            defaultTrustManager = createTrustManager(null);
            localTrustManager = createTrustManager(keyStore);
        }catch (NoSuchAlgorithmException e){
            Log.e("CustomTrustManager"," Cannot create trust manager : NoSuchAlgorithm found "+e.toString());
        }catch (KeyStoreException exp){
            Log.e("CustomTrustManager"," Cannot create trust manager : Keystore exception"+e.toString());
        }
    }
    @Override
    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        try {
            localTrustManager.checkClientTrusted(x509Certificates, s);
        } catch (CertificateException ce) {
            defaultTrustManager.checkClientTrusted(x509Certificates, s);
        }
    }

    @Override
    public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        Log.e("CustomTrustManager","Checking server trust");
        try {
            localTrustManager.checkServerTrusted(x509Certificates, s);
        } catch (CertificateException ce) {
            defaultTrustManager.checkServerTrusted(x509Certificates, s);
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] first = defaultTrustManager.getAcceptedIssuers();
        X509Certificate[] second = localTrustManager.getAcceptedIssuers();
        X509Certificate[] result = Arrays.copyOf(first, first.length + second.length);
        System.arraycopy(second, 0, result, first.length, second.length);
        return result;
    }

    private X509TrustManager createTrustManager(KeyStore store) throws NoSuchAlgorithmException, KeyStoreException {
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init((KeyStore) store);
        TrustManager[] trustManagers = tmf.getTrustManagers();
        return (X509TrustManager) trustManagers[0];
    }
}

【讨论】:

  • 不回答问题。
猜你喜欢
  • 1970-01-01
  • 2016-07-21
  • 1970-01-01
  • 2012-09-09
  • 2013-02-05
  • 1970-01-01
  • 1970-01-01
  • 2012-08-29
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode