客户端证书Android Https
我在这个问题上挣扎了一个星期。。。 我在android设备中安装了客户端证书。 我的应用程序必须将文件上传到服务器,并且需要客户端证书才能进行握手 是否有实现此连接的提示? 谢谢…试试下面的方法 您应该拥有客户端证书的别名,该别名存储在android设备的密钥库中。您可以通过使用客户端证书Android Https,android,https,Android,Https,我在这个问题上挣扎了一个星期。。。 我在android设备中安装了客户端证书。 我的应用程序必须将文件上传到服务器,并且需要客户端证书才能进行握手 是否有实现此连接的提示? 谢谢…试试下面的方法 您应该拥有客户端证书的别名,该别名存储在android设备的密钥库中。您可以通过使用 private void chooseCert() { KeyChain.choosePrivateKeyAlias(this, this, // Callback ne
private void chooseCert() {
KeyChain.choosePrivateKeyAlias(this, this, // Callback
new String[] {"RSA", "DSA"}, // Any key types.
null, // Any issuers.
null, // Any host
-1, // Any port
DEFAULT_ALIAS);
}
private void connect(){
String alias = getAliasForClientCertificate();
final X509Certificate[] certificates =getCertificateChain(alias);
final PrivateKey pk = getPrivateKey(alias);
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());
X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() {
@Override
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
return alias;
}
@Override
public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
return alias;
}
@Override
public X509Certificate[] getCertificateChain(String s) {
return certificates;
}
@Override
public String[] getClientAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public String[] getServerAliases(String s, Principal[] principals) {
return new String[]{alias};
}
@Override
public PrivateKey getPrivateKey(String s) {
return pk;
}
};
TrustManagerFactory trustFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(trustStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
// public X509Certificate[] getAcceptedIssuers() {
// return certificates;
// }
public X509Certificate[] getAcceptedIssuers() {
return certificates;
}
public boolean isClientTrusted(X509Certificate[] arg0) {
return true;
}
public boolean isServerTrusted(X509Certificate[] arg0) {
return true;
}
} };
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[] {keyManager}, tm, null);
SSLContext.setDefault(sslContext);
URL url = new URL("url..");
HttpsURLConnection urlConnection = (HttpsURLConnection) url
.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
urlConnection.setHostnameVerifier(hv);
urlConnection.setInstanceFollowRedirects(false);
urlConnection.connect();
int responseCode = urlConnection.getResponseCode();
}
private X509Certificate[] getCertificateChain(String alias) {
try {
return KeyChain.getCertificateChain(this, alias);
} catch (KeyChainException e) {
e.printStackTrace();
} catch (InterruptedException e) {
e.printStackTrace();
}
return null;
}
您必须将颁发者(签署客户端证书的人)的证书作为可信证书(或根证书)保存在客户端中。此外,必须将服务器配置为强制客户端发送其证书(双向SSL)。您的服务器上是否有此配置以及在客户端上导入的证书?如何创建您的httpclient?您可以发布代码吗?谢谢大家,我已经在服务器上进行了配置,并在客户端上导入了此配置。它适用于android浏览器。但不知道如何在应用程序中建立连接。我的httpclient是::httpclient client=new DefaultHttpClient();HttpPost=新的HttpPost(url);如何获取女贞钥匙“final PrivateKey pk=getPrivateKey(别名);”