如何在Android中使用p12证书(客户端证书)
我正在尝试在android中使用客户端证书。 我得到了一个.p12文件,我想用它对服务器进行身份验证 我正在使用portecle将.p12文件转换为.bks文件,但似乎无法使其正常工作 代码如下:如何在Android中使用p12证书(客户端证书),android,security,https,client-certificates,Android,Security,Https,Client Certificates,我正在尝试在android中使用客户端证书。 我得到了一个.p12文件,我想用它对服务器进行身份验证 我正在使用portecle将.p12文件转换为.bks文件,但似乎无法使其正常工作 代码如下: package com.pa1406.SECURE; import java.io.InputStream; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.Tr
package com.pa1406.SECURE;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import android.content.Context;
public class HttpsClient extends DefaultHttpClient {
final Context context;
public HttpsClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(
new Scheme("https",newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore truststore = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(R.raw.keystore);
try {
truststore.load(in, "qwerty1234".toCharArray());
} finally {
in.close();
}
return new SSLSocketFactory(truststore);
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
我能做些什么来实现这一点
更新:
package com.pa1406.SECURE;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import android.content.Context;
public class HttpsClient extends DefaultHttpClient {
final Context context;
public HttpsClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(
new Scheme("https",newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// setup truststore to provide trust for the server certificate
// load truststore certificate
InputStream clientTruststoreIs = context.getResources().openRawResource(R.raw.truststore);
KeyStore trustStore = null;
trustStore = KeyStore.getInstance("BKS");
trustStore.load(clientTruststoreIs, "qwerty1234".toCharArray());
System.out.println("Loaded server certificates: " + trustStore.size());
// initialize trust manager factory with the read truststore
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
// setup client certificate
// load client certificate
InputStream keyStoreStream = context.getResources().openRawResource(R.raw.torbix);
KeyStore keyStore = null;
keyStore = KeyStore.getInstance("BKS");
keyStore.load(keyStoreStream, "qwerty1234".toCharArray());
System.out.println("Loaded client certificates: " + keyStore.size());
// initialize key manager factory with the read client certificate
KeyManagerFactory keyManagerFactory = null;
keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "qwerty1234".toCharArray());
// initialize SSLSocketFactory to use the certificates
SSLSocketFactory socketFactory = null;
socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, keyStore, "qwerty1234",
trustStore, null, null);
return socketFactory;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
当您的新SSLSocketFactory实例:
return new SSLSocketFactory(truststore);
SSLSocketFactory类还有其他构造函数,其中一个允许指定密钥库、密钥库密码和信任库:
公共SSLSocketFactory(密钥库密钥库、字符串密钥库密码、密钥库信任库)
()
我不确定是否可以在Android下加载.P12
文件作为密钥库(在J2SE上可以)。如果不能,则必须将.P12
文件转换为类似于已使用的信任库的弹性城堡密钥库。使用该密钥存储创建SSLSocketFactory实例,您应该能够使用客户端证书
通过Portecle将P12文件导入BKS
创建BKS
文件并导入现有的.key
+.pem
文件非常简单(Java程序)。启动Portecle后,选择文件->新密钥库->BKS。之后,您可以执行工具->导入密钥对并选择.P12
文件。
最后用您选择的密码保存密钥存储。我尝试使用.p12文件,但无效,需要转换它。我不确定我是否做得对。我会更新这个问题,让你知道我现在是什么样子。对于转换P12->BKS,我会使用这个工具-如果你喜欢GUI而不是命令行。这就是我正在使用的,我如何转换它?我是使用portecle打开.p12并导出密钥和证书,然后将它们添加到新密钥库中,还是应该执行其他操作?:)我也在努力寻找如何在Portecle中转换P12->BKS,有什么想法吗?