Bouncy Castle Keystore(BKS):java.io.IOException:密钥库的错误版本

时间:2013-05-27 13:54:55

标签: android web-services https certificate

我必须连接到基于REST的Web服务。

https://someurl.com/api/lookup/jobfunction/lang/EN

当我尝试访问此URL时,在IE或Chrome浏览器中,我获得了一个我必须信任并接受继续的证书 之后我必须输入用户名和密码,然后我得到JSON响应。

同样的事情我必须以编程方式为Android应用程序做。

  1. 尝试使用自定义EasySSLSocketFactory和EasyX509TrustManager,Didnt工作。 我收到以下错误: java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。

  2. 使用BKS密钥库, 请注意,在我执行以下命令之前,mykeystore.bks是一个空文件

    keytool -importcert -v -trustcacerts -file "test.crt" -alias IntermediateCA -keystore   "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath   "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234


keytool -list -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider  -providerpath "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234

    3. MyHTTPClient.java如下所示:

    public class MyHttpClient extends DefaultHttpClient { 

final Context context; 

public MyHttpClient(Context context) { 
    this.context = context; 
} 

@Override
protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    // Register for port 443 our SSLSocketFactory with our keystore 
    // to the ConnectionManager 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
} 

private SSLSocketFactory newSslSocketFactory() { 
    try { 
        // Get an instance of the Bouncy Castle KeyStore format 
        KeyStore trusted = KeyStore.getInstance("BKS"); 
        // Get the raw resource, which contains the keystore with 
        // your trusted certificates (root and any intermediate certs) 
        InputStream in = context.getResources().openRawResource(R.raw.mykeystore); 
        try { 
            // Initialize the keystore with the provided trusted certificates 
            // Also provide the password of the keystore 
            trusted.load(in, "abcd1234".toCharArray()); 
        } finally { 
            in.close(); 
        } 
        // Pass the keystore to the SSLSocketFactory. The factory is responsible 
        // for the verification of the server certificate. 
        SSLSocketFactory sf = new SSLSocketFactory(trusted); 
        // Hostname verification from certificate 
        // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); 
        return sf; 
    } catch (Exception e) { 
        throw new AssertionError(e); 
    } 
}

    当我调用webservice时,我收到以下错误: 引起:java.lang.AssertionError:java.io.IOException:密钥库的错误版本

    请告诉我如何连接到基于HTTPS的rest webservice,它具有用户名和passwd凭据。 ......

2 个答案:

答案 0 :(得分:1)

BC jar的第148版不适用于Android。使用版本146或147。

答案 1 :(得分:1)

我得到了其他人的帮助。 解决方案如下:

  • 1,下载工具KeyStore Explorer
  • 2,安装完成后,打开您的bks证书,然后找到工具 - >更改类型
  • 3,选择BKS-V1,然后保存并使用它。
相关问题
最新问题