我有一个密钥库文件，如何在Android应用程序中为sslContext提供keyManager?

本文介绍了我有一个密钥库文件，如何在Android应用程序中为sslContext提供keyManager?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

更新:关于我的原始问题，事实证明对java.security.KeyStore.getCertificate(alias)的调用实际上返回了X509Certiciate.但这不是问题.

UPDATE: As for my original question, it turns out that call to java.security.KeyStore.getCertificate(alias) does actually return X509Certiciate. That wasn't the issue though.

(请和我一起来，我是这个证书的新手.)

(Bear with me please, I'm new to this certificate stuff.)

只要不需要经过身份验证的客户端，我就可以连接到我的(自签名)启用SSL的服务器.当我确实需要clientAuth时，我的应用会产生"routines:SSL3_READ_BYTES:sslv3警报握手失败(external/openssl/ssl/s3_pkt.c" ... (也描述了)...对于某些解决方法，是从BKS切换到PKCS12，这对我不起作用

I managed to connect to my (self-signed) SSL-enabled server, as long as I don't require authenticated clients. When I do require clientAuth my app yields "routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c"... (also described here)... For some the cure was to switch from BKS to PKCS12, that did not work for me.

所以现在我正在尝试实现自己的X509KeyManager(如建议的此处)，将其交给sslContext.init([keyManager], trustManagers, null).

So now I am trying to implement my own X509KeyManager (as suggested here), to hand it to sslContext.init([keyManager], trustManagers, null).

如果我正确理解，sslContext将向我的keyManager请求证书链和/或给定别名的私钥. (每当询问要选择哪种别名时，我都会提供我的硬编码别名.)

If I understand it correctly the sslContext will ask my keyManager(s) for either a certificate chain and/or a private key for a given alias. (Whenever it asks what alias to choose I provide my hard-coded one.)

但是根据X509KeyManager接口，我应该返回X509Certificate. 如何使用密钥库创建一个?

But according to the X509KeyManager interface I am supposed to return X509Certificate. How do I create one using the keystore?

推荐答案

您可以将KeyStore与客户端证书一起用于客户端身份验证，而无需显式创建KeyManager.代码应该是这样的:

You can use a KeyStore with your client certificate for client authentication without explicitly creating a KeyManager. The code should be something like this:

KeyStore keyStore = KeyStore.getInstance("BKS");
InputStream is = getResources().openRawResource(R.raw.client);
keyStore.load(is, "yourKeyStorePassword".toCharArray());
is.close();

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
keyManagerFactory.init(keyStore, "yourKeyStorePassword".toCharArray());

SSLContext sslContext = SSLContext.getInstance("TLS"); 
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagers, null);

还要确保您的服务器信任您的客户端证书.

Also make sure that your server trusts your client certificate.

这篇关于我有一个密钥库文件，如何在Android应用程序中为sslContext提供keyManager?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！