使用自签名证书创建KeyStore实例

时间:2018-03-05 17:51:14

标签: java android ssl android-keystore

我有一个自签名证书,用于与我的服务器通信。根据{{​​3}},我可以使用我的证书创建一个Keystore实例。我做了同样的代码工作正常,我能够通过HTTPS连接进行服务器调用。

当我打印Keystore中存在的所有证书时,它只打印我插入的证书。我认为这个实现将指示android信任AndroidCAStore中的所有内置证书以及来自我服务器的新自签名证书。

创建实例时,我使用AndroidCAStoreAndroidKeyStore,但问题是我无法将自签名证书添加到密钥库。每当我致电setCertificateEntry时,我都会UnsupportedMethodException

我想创建一个KeyStore,其中包含Android默认密钥库中的所有默认证书和来自我的服务器的自签名证书。怎么做?

1 个答案:

答案 0 :(得分:-1)

public static class CustomTrustManager implements X509TrustManager{

    private X509TrustManager defaultTrustManager;
    private X509TrustManager localTrustManager;

    public CustomTrustManager(KeyStore keyStore){
        try {
            defaultTrustManager = createTrustManager(null);
            localTrustManager = createTrustManager(keyStore);
        }catch (NoSuchAlgorithmException e){
            Log.e("CustomTrustManager"," Cannot create trust manager : NoSuchAlgorithm found "+e.toString());
        }catch (KeyStoreException exp){
            Log.e("CustomTrustManager"," Cannot create trust manager : Keystore exception"+e.toString());
        }
    }
    @Override
    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        try {
            localTrustManager.checkClientTrusted(x509Certificates, s);
        } catch (CertificateException ce) {
            defaultTrustManager.checkClientTrusted(x509Certificates, s);
        }
    }

    @Override
    public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        Log.e("CustomTrustManager","Checking server trust");
        try {
            localTrustManager.checkServerTrusted(x509Certificates, s);
        } catch (CertificateException ce) {
            defaultTrustManager.checkServerTrusted(x509Certificates, s);
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] first = defaultTrustManager.getAcceptedIssuers();
        X509Certificate[] second = localTrustManager.getAcceptedIssuers();
        X509Certificate[] result = Arrays.copyOf(first, first.length + second.length);
        System.arraycopy(second, 0, result, first.length, second.length);
        return result;
    }

    private X509TrustManager createTrustManager(KeyStore store) throws NoSuchAlgorithmException, KeyStoreException {
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init((KeyStore) store);
        TrustManager[] trustManagers = tmf.getTrustManagers();
        return (X509TrustManager) trustManagers[0];
    }
}
相关问题
最新问题