Java SSLContext和PKCS12密钥库-在JVM上工作,但在Android上不工作
安卓版本:Java SSLContext和PKCS12密钥库-在JVM上工作,但在Android上不工作,java,android,ssl,Java,Android,Ssl,安卓版本: final SSLContext context = SSLContext.getInstance("TLS"); final KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(ctx.getAssets().open("ca_cli.pkcs12"), "password".toCharArray()); final KeyManagerFactory keyManag
final SSLContext context = SSLContext.getInstance("TLS");
final KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(ctx.getAssets().open("ca_cli.pkcs12"), "password".toCharArray());
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "password".toCharArray());
context.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[] {}; }
@Override
public void checkClientTrusted(final X509Certificate[] arg0, final String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(final X509Certificate[] arg0, final String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
} }, new SecureRandom());
final SSLContext context = SSLContext.getInstance("TLS");
final KeyStore keystore = KeyStore.getInstance("pkcs12");
keystore.load(new FileInputStream(new File("ca-cli.pkcs12")), "password".toCharArray());
final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "password".toCharArray());
context.init(keyManagerFactory.getKeyManagers(), new TrustManager[] {
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[]{}; }
@Override
public void checkClientTrusted(final X509Certificate[] arg0, final String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(final X509Certificate[] arg0, final String arg1) throws CertificateException {
// TODO Auto-generated method stub
}
}
}, new SecureRandom());
09-16 12:24:17.024: E/AuthByPasswordLoader(14580): Got unexpected error
09-16 12:24:17.024: E/AuthByPasswordLoader(14580):
javax.net.ssl.SSLHandshakeException:
javax.net.ssl.SSLProtocolException: SSL handshake terminated:
ssl=0x656b0148: Failure in SSL library, usually a protocol error
09-16 12:24:17.024: E/AuthByPasswordLoader(14580): error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
(external/openssl/ssl/s3_pkt.c:1290 0x40086500:0x00000003)
我曾尝试转换PKCS12->BKS,但没有帮助…因此,如果有人面临同样的问题,结果证明这是一个bug,它是在Android 3.0中引入的 引用肯尼·罗特的话: 谢谢,它看起来像是安卓3.0中引入的一个bug。它将要求客户端密钥类型具有相同的CA类型。您看到这一点是因为您的客户机证书是RSA,CA是EC 您可以通过包装KeyManager并拦截对chooseClientAlias的调用,将“RSA_EC”添加到密钥类型中,从而针对您的情况解决此错误 如果您对未来版本中的特定修复程序感兴趣,请执行以下操作:
你检查过你在清单中添加了互联网权限吗?解决方案在这里-@Olexandr deleted:(@JaroslavZáruba这是一个bug,在Android 3.0中引入-这里是完整的描述