2017-10-20 328 views
2

我的网络代码是用NDK(cURL + OpenSSL)编写的,我想使用来自Android的凭证存储的证书作为SSL连接的客户端证书。此外,我想向用户提供可用证书列表,以便他可以选择连接证书。不幸的是,我无法从关键存储获得证书。如何从“凭证存储”加载证书?

我在我的Android设备(5.0.2)上安装了一个客户端证书到“凭证存储”(设置 - > Secutrity - > ...),但我无法从Java访问它。我尝试拨打以下代码,但密钥存储是empy,尽管证书已安装在凭证存储中:

//KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 
KeyStore ks = KeyStore.getInstance("AndroidKeyStore"); 
ks.load(null); 

Enumeration<String> aliases = ks.aliases(); 
while(aliases.hasMoreElements()) { 
    String alias = (String)aliases.nextElement(); 
    Log.i("app", "alias name: " + alias); 
    Certificate certificate = ks.getCertificate(alias); 
    Log.i("app", certificate.toString()); 
} 

我在做什么错?

回答

0

用户凭据都可以通过Android的KeyChain,而不是Android的密钥库

钥匙串类,可以访问私钥及其相应的证书链中凭证存储。

使用choosePrivateKeyAlias提示用户选择证书。系统为用户启动一个活动来选择别名并通过回叫发送给您。然后使用getPrivateKeygetCertificate恢复密钥和相应的证书链

KeyChain.choosePrivateKeyAlias(activity, new KeyChainAliasCallback() { 
      public void alias(String alias) {    
       //do something with the selected alias      
      }    
     }, 
     new String[] { KeyProperties.KEY_ALGORITHM_RSA, "DSA"}, // List of acceptable key types. null for any 
     null,      // issuer, null for any 
     null,      // host name of server requesting the cert, null if unavailable 
     -1,       // port of server requesting the cert, -1 if unavailable 
     "");       // alias to preselect, null if unavailable 

PrivateKey privateKey = KeyChain.getPrivateKey(activity, alias); 
X509Certificate chain[] = KeyChain.getCertificateChain(activity, alias); 
0

尝试这样:安装在设备

X509TrustManager manager = null; 
FileInputStream fs = null; 

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 

try 
{ 
    fs = new FileInputStream(System.getProperty("javax.net.ssl.trustStore")); 
    keyStore.load(fs, null); 
} 
finally 
{ 
    if (fs != null) { fs.close(); } 
} 

trustManagerFactory.init(keyStore); 
TrustManager[] managers = trustManagerFactory.getTrustManagers(); 

for (TrustManager tm : managers) 
{ 
    if (tm instanceof X509TrustManager) 
    { 
     manager = (X509TrustManager) tm; 
     break; 
    } 
}