Java 未经用户同意，如何在ICS上安装（x509/pk12）证书？

对于我正在开发的应用程序，我需要能够安装CA和用户证书以及私钥，而无需他或她的关注

我将拥有完整的系统权限，并且可以公平地假设用户在此之前拥有密码。如果是CA证书，我将使用x509；如果是用户证书+私钥文件，我将使用pk12；如果是用户证书+私钥文件，我将使用密码。我需要这样做，以便能够自动设置WPA-EAP wifi配置，我希望这样做不会让员工注意到任何事情

如果有人也知道如何列出已安装的所有证书，我将不胜感激

我一整天都在检查，并使用keystore_cli进行了一些测试，但没有成功，我还通读了CertInstaller代码，但没有得到任何帮助。那里的所有东西都是包范围的，所以我不能直接调用这些方法，+它似乎把东西发送到更远的com.android.settings”、“com.android.settings.CredentialStorage”

任何建议都非常好

---

编辑对于那些想知道的人，下面是我如何使用CA证书的。应用程序需要能够作为系统用户运行（

android:sharedUserId=“android.uid.system”

，在android清单中）

//安卓……你为什么喜欢让我的生活如此艰难。。。
试一试{
Class keyStoreClass=WifiConfiguration.Class.getClassLoader（）.loadClass（“android.security.KeyStore”）；
方法getInstanceMethod=keystReclass.getMethod（“getInstance”）；
objectkeystore=getInstanceMethod.invoke（null）；
Log.d（“DeviceManager”，“获得密钥库”+密钥库.toString（））；
//Put（键、值）
方法putCertificateMethod=keyStoreClass.getMethod（“put”，String.class，byte[].class）；
Log.d（“设备管理器”、“放置…”）；
RandomAccessFile文件=新的RandomAccessFile（“/data/ca.crt”，“r”）；
字节[]b=新字节[（int）file.length（）]；
文件读取（b）；
字节[]cacert=b；
Log.d（“DeviceManager”，“证书长度为字节：”+b.length）；
调用（keyStore，“CACERT\u name”，CACERT）；
}catch（classnotfounde异常）{
e、 printStackTrace（）；
}捕获（IllegalArgumentException e）{
e、 printStackTrace（）；
}捕获（非法访问例外e）{
e、 printStackTrace（）；
}捕获（调用TargetException e）{
e、 printStackTrace（）；
}捕获（无此方法例外）{
e、 printStackTrace（）；
}catch（filenotfounde异常）{
e、 printStackTrace（）；
}捕获（IOE异常）{
e、 printStackTrace（）；
}

幸运的是，这在库存设备上是不可能的。否则，任何流氓应用程序都可以在未经用户同意的情况下安装CA证书。如果您有一小部分设备，您可能需要预先设置它们。至于PKCS#12文件，它们受密码保护，因此需要有人输入密码

---

不确定“完全系统权限”是什么意思，但如果您可以将应用程序与平台代码链接并使用系统证书签名，则可以直接调用

KeyChainService

方法。这将允许您安装证书。此外，CA证书仅存储为文件，因此您可以将其复制到正确的位置。Some此处的详细信息：

以下方法将使用CA证书和用户证书配置WPA/EAP-TLS wifi配置。您也可以将其用于其他EAP配置

public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork, Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData, String clientCertificateData, String clientCertPass) { if (ssid == null || eapMethod == null) { return; } WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE); boolean connect = connectAutomatically; boolean isWifiReceiverRegistered = false; try { Logger.logEnteringOld(); WifiConfiguration config = new WifiConfiguration(); config.SSID = "\"" + ssid + "\""; config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false. config.status = WifiConfiguration.Status.ENABLED; config.priority = 40; try { wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false); } catch (Exception e) { Logger.logError(e); } Settings.isWifiHotspotEnabled(false); if (!wifiManager.isWifiEnabled()) { wifiManager.setWifiEnabled(true); Thread.sleep(5000); } if (connect) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); wifiManager.disableNetwork(lastActNetId); wifiManager.disconnect(); } config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X); // Set defaults if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE; if (identity == null) identity = ""; if (anonymousIdentity == null) anonymousIdentity = ""; if (caCertificateData == null) caCertificateData = ""; if (clientCertificateData == null) clientCertificateData = ""; if (Build.VERSION.SDK_INT >= 18) { if (Util.isNullOrEmpty(password)) { config.enterpriseConfig.setPassword(password); } config.enterpriseConfig.setEapMethod(eapMethod); if (phase2 != null) { config.enterpriseConfig.setPhase2Method(phase2); } if (!Util.isNullOrEmpty(identity)) { config.enterpriseConfig.setIdentity(identity); } if (!Util.isNullOrEmpty(anonymousIdentity)) { config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); } InputStream is = null; if (!Util.isNullOrEmpty(caCertificateData)) { try { byte[] decodedCaCert = Base64.decode(caCertificateData); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" ); CertificateFactory cf = CertificateFactory.getInstance("X.509"); try { is = new ByteArrayInputStream(decodedCaCert); X509Certificate caCert = (X509Certificate) cf.generateCertificate(is); config.enterpriseConfig.setCaCertificate(caCert); } catch (CertificateException ex) { Logger.logError(ex); } finally { if (is != null) { is.close(); } } } catch (Throwable t) { Logger.logError(t); } } if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) { try { byte[] decodedClientCert = Base64.decode(clientCertificateData); KeyStore p12 = KeyStore.getInstance("pkcs12"); is = new ByteArrayInputStream(decodedClientCert); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx"); p12.load(is, clientCertPass.toCharArray()); Enumeration aliases = p12.aliases(); for (String alias : Collections.list(aliases)) { if (alias == null) { continue; } PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray()); if (privateKey == null) { continue; } X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias); if (clientCert != null) { config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert); } } } catch (Throwable t) { Logger.logError(t); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } } } int networkId = -1; networkId = wifiManager.addNetwork(config); wifiManager.enableNetwork(networkId, true); wifiManager.saveConfiguration(); if (connect) { wifiManager.reconnect(); IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); Settings.cntxt.registerReceiver(wifiReceiver, filter); isWifiReceiverRegistered = true; Thread.sleep(15000); } } catch (InterruptedException ie) { if (NetworkStateReceiver.activeConnection(Settings.cntxt)) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); } } catch (Exception ex) { Logger.logError(ex); } finally { // unregister wifi state receiver if (connect && isWifiReceiverRegistered) { isWifiReceiverRegistered = false; Settings.cntxt.unregisterReceiver(wifiReceiver); } } Logger.logEnteringOld(); } 公共静态void CreateApConfig（上下文上下文、字符串ssid、字符串密码、布尔连接自动、布尔hiddenNetwork、， 整数方法，整数阶段2，字符串标识，字符串匿名标识，字符串证书数据， 字符串clientCertificateData、字符串clientCertPass）{ if（ssid==null | | eapMethod==null）{ 返回； } WifiManager=（WifiManager）context.getSystemService（context.WIFI\u SERVICE）； 布尔连接=自动连接； 布尔值iswifireceiverregisted=false； 试一试{ Logger.logEnteringOld（）； WifiConfiguration config=新的WifiConfiguration（）； config.SSID=“\”+SSID+“\”； config.hiddenSSID=hiddenNetwork；//false；//隐藏网络始终设置为false。 config.status=WifiConfiguration.status.ENABLED； config.priority=40； 试一试{ wifiManager.getClass（）.getMethod（“setWifiApEnabled”，WifiConfiguration.class，boolean.class）.invoke（wifiManager，config，false）； }捕获（例外e）{ Logger.logError（e）； } 设置。iswifihospoteabled（假）； 如果（！wifiManager.isWifiEnabled（））{ wifiManager.setWifiEnabled（true）； 睡眠（5000）； } 如果（连接）{ lastActNetId=wifiManager.getConnectionInfo（）.getNetworkId（）； wifiManager.disableNetwork（lastActNetId）； wifiManager.disconnect（）； } config.allowedKeyManagement.set（WifiConfiguration.KeyMgmt.WPA_EAP）； config.allowedKeyManagement.set（WifiConfiguration.keymagmt.IEEE8021X）； //设置默认值 如果（phase2==null）phase2=WIFIENERPRISECONFIG.phase2.NONE； 如果（identity==null）identity=“”； 如果（anonymousIdentity==null）anonymousIdentity=“”； 如果（caCertificateData==null）caCertificateData=“”； 如果（clientCertificateData==null）clientCertificateData=“”； 如果（Build.VERSION.SDK_INT>=18）{ 如果（Util.isNul public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork, Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData, String clientCertificateData, String clientCertPass) { if (ssid == null || eapMethod == null) { return; } WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE); boolean connect = connectAutomatically; boolean isWifiReceiverRegistered = false; try { Logger.logEnteringOld(); WifiConfiguration config = new WifiConfiguration(); config.SSID = "\"" + ssid + "\""; config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false. config.status = WifiConfiguration.Status.ENABLED; config.priority = 40; try { wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false); } catch (Exception e) { Logger.logError(e); } Settings.isWifiHotspotEnabled(false); if (!wifiManager.isWifiEnabled()) { wifiManager.setWifiEnabled(true); Thread.sleep(5000); } if (connect) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); wifiManager.disableNetwork(lastActNetId); wifiManager.disconnect(); } config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X); // Set defaults if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE; if (identity == null) identity = ""; if (anonymousIdentity == null) anonymousIdentity = ""; if (caCertificateData == null) caCertificateData = ""; if (clientCertificateData == null) clientCertificateData = ""; if (Build.VERSION.SDK_INT >= 18) { if (Util.isNullOrEmpty(password)) { config.enterpriseConfig.setPassword(password); } config.enterpriseConfig.setEapMethod(eapMethod); if (phase2 != null) { config.enterpriseConfig.setPhase2Method(phase2); } if (!Util.isNullOrEmpty(identity)) { config.enterpriseConfig.setIdentity(identity); } if (!Util.isNullOrEmpty(anonymousIdentity)) { config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); } InputStream is = null; if (!Util.isNullOrEmpty(caCertificateData)) { try { byte[] decodedCaCert = Base64.decode(caCertificateData); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" ); CertificateFactory cf = CertificateFactory.getInstance("X.509"); try { is = new ByteArrayInputStream(decodedCaCert); X509Certificate caCert = (X509Certificate) cf.generateCertificate(is); config.enterpriseConfig.setCaCertificate(caCert); } catch (CertificateException ex) { Logger.logError(ex); } finally { if (is != null) { is.close(); } } } catch (Throwable t) { Logger.logError(t); } } if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) { try { byte[] decodedClientCert = Base64.decode(clientCertificateData); KeyStore p12 = KeyStore.getInstance("pkcs12"); is = new ByteArrayInputStream(decodedClientCert); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx"); p12.load(is, clientCertPass.toCharArray()); Enumeration aliases = p12.aliases(); for (String alias : Collections.list(aliases)) { if (alias == null) { continue; } PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray()); if (privateKey == null) { continue; } X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias); if (clientCert != null) { config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert); } } } catch (Throwable t) { Logger.logError(t); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } } } int networkId = -1; networkId = wifiManager.addNetwork(config); wifiManager.enableNetwork(networkId, true); wifiManager.saveConfiguration(); if (connect) { wifiManager.reconnect(); IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); Settings.cntxt.registerReceiver(wifiReceiver, filter); isWifiReceiverRegistered = true; Thread.sleep(15000); } } catch (InterruptedException ie) { if (NetworkStateReceiver.activeConnection(Settings.cntxt)) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); } } catch (Exception ex) { Logger.logError(ex); } finally { // unregister wifi state receiver if (connect && isWifiReceiverRegistered) { isWifiReceiverRegistered = false; Settings.cntxt.unregisterReceiver(wifiReceiver); } } Logger.logEnteringOld(); }