无法在android中的ssl握手期间附加客户端证书_Android_Ssl

无法在android中的ssl握手期间附加客户端证书

android ssl

无法在android中的ssl握手期间附加客户端证书,android,ssl,Android,Ssl,在我的应用程序中，我需要实现双向握手。以下是我为此使用的代码： public static SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, NotFoundException, IOException, UnrecoverableKeyException{ KeyStore clien

在我的应用程序中，我需要实现双向握手。以下是我为此使用的代码：

 public static SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, NotFoundException, IOException, UnrecoverableKeyException{
    KeyStore clientCertificateKeysKeyStore = getClientCertificateKeystore();    
    KeyStore trustStore = getServerCertificateKeystore();
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(X509);    

    if(clientCertificateKeysKeyStore != null)
        kmf.init(clientCertificateKeysKeyStore, "cleint".toCharArray());
    KeyManager[] keyManagers = kmf.getKeyManagers();


//  TrustManager[] trustManagers = {new CustomTrustManager(trustStore)};
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(X509);
    tmf.init(trustStore);

    TrustManager[] trustManagers = tmf.getTrustManagers();

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(keyManagers, trustManagers, null);
    return sslContext;

}

我有一个PEM文件，我必须从中生成密钥库

private KeyStore loadPEMKeystoreStore(File certificateFile) throws Exception {
        InputStream caInput = new BufferedInputStream(new FileInputStream(certificateFile));
        byte[] der = loadPemCertificate(caInput);
        ByteArrayInputStream derInputStream = new ByteArrayInputStream(der);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
        String alias = cert.getSubjectX500Principal().getName();

        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore .load(null);
        keyStore .setCertificateEntry(alias, cert);

        return keyStore ;
    }

服务器证书是本地存储的.pk12证书

问题在于握手过程中未附加客户端证书。我使用wireshark分析数据包，它显示客户端证书长度为0

如果我使用.pk12文件作为客户端证书，那么它将正确附加。但我必须使用PEM文件。

任何解决方案

PEM文件仅包含证书，而不包含私钥。下面是运行良好的更新代码

  private KeyStore loadPEMKeystoreStore(File certificateFile, String password) throws Exception {
        InputStream caInput = new BufferedInputStream(new FileInputStream(certificateFile));


        KeyStore keystore = KeyStore.getInstance(CLIENT_CERTIFICATE_KEYSTORE_TYPE);


        CertificateFactory certificateFactory = CertificateFactory
                .getInstance(X509);
        X509Certificate cert = (X509Certificate) certificateFactory
                .generateCertificate(caInput);


        keystore.load(null);
        keystore.setCertificateEntry("cert-alias", cert);
        keystore.setKeyEntry("key-alias", privateKey, password.toCharArray(),
                new Certificate[]{cert});
        FileOutputStream out = new FileOutputStream(file);
        keystore.store(out, password.toCharArray());

        return keyStore ;
    }

如果“双向”握手指的是SSL客户端身份验证，则客户端需要私钥，而不仅仅是证书。目前尚不清楚PEM文件包含什么，但它确实看起来只包含一个证书。您需要获得相应的私钥，并将密钥+证书转换为PKCS#12文件或密钥库文件（BKS用于Bouncy Castle）才能正常工作。非常感谢您的回复。其实我已经解决了这个问题。您的假设是正确的，PEM文件仅包含一个证书。