Java 未经用户同意,如何在ICS上安装(x509/pk12)证书?
对于我正在开发的应用程序,我需要能够安装CA和用户证书以及私钥,而无需他或她的关注 我将拥有完整的系统权限,并且可以公平地假设用户在此之前拥有密码。如果是CA证书,我将使用x509;如果是用户证书+私钥文件,我将使用pk12;如果是用户证书+私钥文件,我将使用密码。我需要这样做,以便能够自动设置WPA-EAP wifi配置,我希望这样做不会让员工注意到任何事情 如果有人也知道如何列出已安装的所有证书,我将不胜感激 我一整天都在检查,并使用keystore_cli进行了一些测试,但没有成功,我还通读了CertInstaller代码,但没有得到任何帮助。那里的所有东西都是包范围的,所以我不能直接调用这些方法,+它似乎把东西发送到更远的com.android.settings”、“com.android.settings.CredentialStorage” 任何建议都非常好Java 未经用户同意,如何在ICS上安装(x509/pk12)证书?,java,android,certificate,android-4.0-ice-cream-sandwich,Java,Android,Certificate,Android 4.0 Ice Cream Sandwich,对于我正在开发的应用程序,我需要能够安装CA和用户证书以及私钥,而无需他或她的关注 我将拥有完整的系统权限,并且可以公平地假设用户在此之前拥有密码。如果是CA证书,我将使用x509;如果是用户证书+私钥文件,我将使用pk12;如果是用户证书+私钥文件,我将使用密码。我需要这样做,以便能够自动设置WPA-EAP wifi配置,我希望这样做不会让员工注意到任何事情 如果有人也知道如何列出已安装的所有证书,我将不胜感激 我一整天都在检查,并使用keystore_cli进行了一些测试,但没有成功,我还通
编辑对于那些想知道的人,下面是我如何使用CA证书的。应用程序需要能够作为系统用户运行(
android:sharedUserId=“android.uid.system”
,在android清单中)
//安卓……你为什么喜欢让我的生活如此艰难。。。
试一试{
Class keyStoreClass=WifiConfiguration.Class.getClassLoader().loadClass(“android.security.KeyStore”);
方法getInstanceMethod=keystReclass.getMethod(“getInstance”);
objectkeystore=getInstanceMethod.invoke(null);
Log.d(“DeviceManager”,“获得密钥库”+密钥库.toString());
//Put(键、值)
方法putCertificateMethod=keyStoreClass.getMethod(“put”,String.class,byte[].class);
Log.d(“设备管理器”、“放置…”);
RandomAccessFile文件=新的RandomAccessFile(“/data/ca.crt”,“r”);
字节[]b=新字节[(int)file.length()];
文件读取(b);
字节[]cacert=b;
Log.d(“DeviceManager”,“证书长度为字节:”+b.length);
调用(keyStore,“CACERT\u name”,CACERT);
}catch(classnotfounde异常){
e、 printStackTrace();
}捕获(IllegalArgumentException e){
e、 printStackTrace();
}捕获(非法访问例外e){
e、 printStackTrace();
}捕获(调用TargetException e){
e、 printStackTrace();
}捕获(无此方法例外){
e、 printStackTrace();
}catch(filenotfounde异常){
e、 printStackTrace();
}捕获(IOE异常){
e、 printStackTrace();
}
幸运的是,这在库存设备上是不可能的。否则,任何流氓应用程序都可以在未经用户同意的情况下安装CA证书。如果您有一小部分设备,您可能需要预先设置它们。至于PKCS#12文件,它们受密码保护,因此需要有人输入密码
不确定“完全系统权限”是什么意思,但如果您可以将应用程序与平台代码链接并使用系统证书签名,则可以直接调用
KeyChainService
方法。这将允许您安装证书。此外,CA证书仅存储为文件,因此您可以将其复制到正确的位置。Some此处的详细信息:以下方法将使用CA证书和用户证书配置WPA/EAP-TLS wifi配置。您也可以将其用于其他EAP配置
public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork,
Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData,
String clientCertificateData, String clientCertPass) {
if (ssid == null || eapMethod == null) {
return;
}
WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);
boolean connect = connectAutomatically;
boolean isWifiReceiverRegistered = false;
try {
Logger.logEnteringOld();
WifiConfiguration config = new WifiConfiguration();
config.SSID = "\"" + ssid + "\"";
config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false.
config.status = WifiConfiguration.Status.ENABLED;
config.priority = 40;
try {
wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false);
} catch (Exception e) {
Logger.logError(e);
}
Settings.isWifiHotspotEnabled(false);
if (!wifiManager.isWifiEnabled()) {
wifiManager.setWifiEnabled(true);
Thread.sleep(5000);
}
if (connect) {
lastActNetId = wifiManager.getConnectionInfo().getNetworkId();
wifiManager.disableNetwork(lastActNetId);
wifiManager.disconnect();
}
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
// Set defaults
if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE;
if (identity == null) identity = "";
if (anonymousIdentity == null) anonymousIdentity = "";
if (caCertificateData == null) caCertificateData = "";
if (clientCertificateData == null) clientCertificateData = "";
if (Build.VERSION.SDK_INT >= 18) {
if (Util.isNullOrEmpty(password)) {
config.enterpriseConfig.setPassword(password);
}
config.enterpriseConfig.setEapMethod(eapMethod);
if (phase2 != null) {
config.enterpriseConfig.setPhase2Method(phase2);
}
if (!Util.isNullOrEmpty(identity)) {
config.enterpriseConfig.setIdentity(identity);
}
if (!Util.isNullOrEmpty(anonymousIdentity)) {
config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity);
}
InputStream is = null;
if (!Util.isNullOrEmpty(caCertificateData)) {
try {
byte[] decodedCaCert = Base64.decode(caCertificateData);
//is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" );
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try {
is = new ByteArrayInputStream(decodedCaCert);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);
config.enterpriseConfig.setCaCertificate(caCert);
} catch (CertificateException ex) {
Logger.logError(ex);
} finally {
if (is != null) {
is.close();
}
}
} catch (Throwable t) {
Logger.logError(t);
}
}
if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) {
try {
byte[] decodedClientCert = Base64.decode(clientCertificateData);
KeyStore p12 = KeyStore.getInstance("pkcs12");
is = new ByteArrayInputStream(decodedClientCert);
//is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx");
p12.load(is, clientCertPass.toCharArray());
Enumeration aliases = p12.aliases();
for (String alias : Collections.list(aliases)) {
if (alias == null) {
continue;
}
PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray());
if (privateKey == null) {
continue;
}
X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias);
if (clientCert != null) {
config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert);
}
}
} catch (Throwable t) {
Logger.logError(t);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
int networkId = -1;
networkId = wifiManager.addNetwork(config);
wifiManager.enableNetwork(networkId, true);
wifiManager.saveConfiguration();
if (connect) {
wifiManager.reconnect();
IntentFilter filter = new IntentFilter();
filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
Settings.cntxt.registerReceiver(wifiReceiver, filter);
isWifiReceiverRegistered = true;
Thread.sleep(15000);
}
} catch (InterruptedException ie) {
if (NetworkStateReceiver.activeConnection(Settings.cntxt)) {
lastActNetId = wifiManager.getConnectionInfo().getNetworkId();
}
} catch (Exception ex) {
Logger.logError(ex);
} finally {
// unregister wifi state receiver
if (connect && isWifiReceiverRegistered) {
isWifiReceiverRegistered = false;
Settings.cntxt.unregisterReceiver(wifiReceiver);
}
}
Logger.logEnteringOld();
}
公共静态void CreateApConfig(上下文上下文、字符串ssid、字符串密码、布尔连接自动、布尔hiddenNetwork、,
整数方法,整数阶段2,字符串标识,字符串匿名标识,字符串证书数据,
字符串clientCertificateData、字符串clientCertPass){
if(ssid==null | | eapMethod==null){
返回;
}
WifiManager=(WifiManager)context.getSystemService(context.WIFI\u SERVICE);
布尔连接=自动连接;
布尔值iswifireceiverregisted=false;
试一试{
Logger.logEnteringOld();
WifiConfiguration config=新的WifiConfiguration();
config.SSID=“\”+SSID+“\”;
config.hiddenSSID=hiddenNetwork;//false;//隐藏网络始终设置为false。
config.status=WifiConfiguration.status.ENABLED;
config.priority=40;
试一试{
wifiManager.getClass().getMethod(“setWifiApEnabled”,WifiConfiguration.class,boolean.class).invoke(wifiManager,config,false);
}捕获(例外e){
Logger.logError(e);
}
设置。iswifihospoteabled(假);
如果(!wifiManager.isWifiEnabled()){
wifiManager.setWifiEnabled(true);
睡眠(5000);
}
如果(连接){
lastActNetId=wifiManager.getConnectionInfo().getNetworkId();
wifiManager.disableNetwork(lastActNetId);
wifiManager.disconnect();
}
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
config.allowedKeyManagement.set(WifiConfiguration.keymagmt.IEEE8021X);
//设置默认值
如果(phase2==null)phase2=WIFIENERPRISECONFIG.phase2.NONE;
如果(identity==null)identity=“”;
如果(anonymousIdentity==null)anonymousIdentity=“”;
如果(caCertificateData==null)caCertificateData=“”;
如果(clientCertificateData==null)clientCertificateData=“”;
如果(Build.VERSION.SDK_INT>=18){
如果(Util.isNul
public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork,
Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData,
String clientCertificateData, String clientCertPass) {
if (ssid == null || eapMethod == null) {
return;
}
WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);
boolean connect = connectAutomatically;
boolean isWifiReceiverRegistered = false;
try {
Logger.logEnteringOld();
WifiConfiguration config = new WifiConfiguration();
config.SSID = "\"" + ssid + "\"";
config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false.
config.status = WifiConfiguration.Status.ENABLED;
config.priority = 40;
try {
wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false);
} catch (Exception e) {
Logger.logError(e);
}
Settings.isWifiHotspotEnabled(false);
if (!wifiManager.isWifiEnabled()) {
wifiManager.setWifiEnabled(true);
Thread.sleep(5000);
}
if (connect) {
lastActNetId = wifiManager.getConnectionInfo().getNetworkId();
wifiManager.disableNetwork(lastActNetId);
wifiManager.disconnect();
}
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);
config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);
// Set defaults
if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE;
if (identity == null) identity = "";
if (anonymousIdentity == null) anonymousIdentity = "";
if (caCertificateData == null) caCertificateData = "";
if (clientCertificateData == null) clientCertificateData = "";
if (Build.VERSION.SDK_INT >= 18) {
if (Util.isNullOrEmpty(password)) {
config.enterpriseConfig.setPassword(password);
}
config.enterpriseConfig.setEapMethod(eapMethod);
if (phase2 != null) {
config.enterpriseConfig.setPhase2Method(phase2);
}
if (!Util.isNullOrEmpty(identity)) {
config.enterpriseConfig.setIdentity(identity);
}
if (!Util.isNullOrEmpty(anonymousIdentity)) {
config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity);
}
InputStream is = null;
if (!Util.isNullOrEmpty(caCertificateData)) {
try {
byte[] decodedCaCert = Base64.decode(caCertificateData);
//is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" );
CertificateFactory cf = CertificateFactory.getInstance("X.509");
try {
is = new ByteArrayInputStream(decodedCaCert);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);
config.enterpriseConfig.setCaCertificate(caCert);
} catch (CertificateException ex) {
Logger.logError(ex);
} finally {
if (is != null) {
is.close();
}
}
} catch (Throwable t) {
Logger.logError(t);
}
}
if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) {
try {
byte[] decodedClientCert = Base64.decode(clientCertificateData);
KeyStore p12 = KeyStore.getInstance("pkcs12");
is = new ByteArrayInputStream(decodedClientCert);
//is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx");
p12.load(is, clientCertPass.toCharArray());
Enumeration aliases = p12.aliases();
for (String alias : Collections.list(aliases)) {
if (alias == null) {
continue;
}
PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray());
if (privateKey == null) {
continue;
}
X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias);
if (clientCert != null) {
config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert);
}
}
} catch (Throwable t) {
Logger.logError(t);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
}
int networkId = -1;
networkId = wifiManager.addNetwork(config);
wifiManager.enableNetwork(networkId, true);
wifiManager.saveConfiguration();
if (connect) {
wifiManager.reconnect();
IntentFilter filter = new IntentFilter();
filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
Settings.cntxt.registerReceiver(wifiReceiver, filter);
isWifiReceiverRegistered = true;
Thread.sleep(15000);
}
} catch (InterruptedException ie) {
if (NetworkStateReceiver.activeConnection(Settings.cntxt)) {
lastActNetId = wifiManager.getConnectionInfo().getNetworkId();
}
} catch (Exception ex) {
Logger.logError(ex);
} finally {
// unregister wifi state receiver
if (connect && isWifiReceiverRegistered) {
isWifiReceiverRegistered = false;
Settings.cntxt.unregisterReceiver(wifiReceiver);
}
}
Logger.logEnteringOld();
}