可能这是重复的问题,但我没有完全清楚上一个问题,这就是我发布一个新问题的原因。请看看这个。 我将Ca证书放在我的资源文件夹中以验证ca认证证书,并且服务器中也会有相同的ca证书。
我可以使用以下代码使用我的ca证书创建信任管理员:
AssetManager assetManager = getResources().getAssets();
InputStream inputStream = null;
try {
inputStream = assetManager.open("Issuer certificate");
if (inputStream != null)
} catch (IOException e) {
e.printStackTrace();
}
InputStream caInput = new BufferedInputStream(inputStream);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
System.out.println("ca="
+ ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(tmfAlgorithm);
tmf.init(keyStore);
获得此信任经理后,我应如何比较我从服务器获得的crt证书... 我怀疑:我是否需要创建另一个信任管理器,并让这两个信任管理器比较任何提供商名称,如??? 如果我错了,请提供有关此流程的任何信息。
答案 0 :(得分:4)
最后能够使用以下过程验证证书。我希望这对其他人有帮助......
public void validateCertificate() throws Exception {
try {
String issuerCertPath = "Issuer Certifate";
String certPath = "Issued Certificate";
X509Certificate issuerCert = getCertFromFile(issuerCertPath);
X509Certificate c1 = getCertFromFile(certPath);
TrustAnchor anchor = new TrustAnchor(issuerCert, null);
Set anchors = Collections.singleton(anchor);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List list = Arrays.asList(new Certificate[] { c1 });
CertPath path = cf.generateCertPath(list);
PKIXParameters params = new PKIXParameters(anchors);
params.setRevocationEnabled(false);
CertPathValidator validator = CertPathValidator.getInstance("PKIX");
PKIXCertPathValidatorResult result = (PKIXCertPathValidatorResult) validator
.validate(path, params);
// If
// not
// valid
// will
// throw
System.out.println("VALID");
} catch (Exception e) {
System.out.println("EXCEPTION " + e.getMessage());
e.printStackTrace();
}
}
private X509Certificate getCertFromFile(String path) throws Exception {
AssetManager assetManager = MyActivity.this.getResources().getAssets();
InputStream inputStream = null;
try {
inputStream = assetManager.open(path);
} catch (IOException e) {
e.printStackTrace();
}
InputStream caInput = new BufferedInputStream(inputStream);
X509Certificate cert = null;
CertificateFactory cf = CertificateFactory.getInstance("X509");
cert = (X509Certificate) cf.generateCertificate(caInput);
cert.getSerialNumber();
return cert;
}
答案 1 :(得分:0)
解决了@Flow在问题答案上的评论,我能够使用以下代码添加主机名验证步骤
X509Certificate cert;
DefaultHostnameVerifier hv = new DefaultHostnameVerifier();
hv.verify("dummyhostname.com", cert);
主机名验证程序在org.apache.http.conn.ssl.DefaultHostnameVerifier
中可用,并在SSLConnectionSocketFactory
中使用。
如果有人认为我想知道这是错的,那是由于使用了较短的谷歌搜索功能所致。