Android 23握手失败

时间:2015-10-19 17:11:34

标签: java android ssl keystore android-keystore

我在Android中遇到了Keystores的问题。

我试图将android中的客户端连接到java中的服务器。我的代码适用于Android的15到22的API,但不适用于新的API 23更新:

我在Android客户端上遇到错误:

javax.net.ssl.SSLHandshakeException: Handshake failed

并且服务器上出现此错误:

javax.net.ssl.SSLHandshakeException: no cipher suites in common

这是我的代码,它在API 22或之前运行良好:

在客户端中,R.raw.publickey是公共.bks证书,而R.raw.publickey_v1是.bks的旧版本,用于与API 15兼容。

服务器

public static SSLServerSocket getServerSocketWithCert(int port, InputStream pathToCert, String passwordFromCert) throws IOException,
                                KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException{
    TrustManager[] tmm;
    KeyManager[] kmm;
    KeyStore ks  = KeyStore.getInstance("JKS");
    ks.load(pathToCert, passwordFromCert.toCharArray());
    tmm=tm(ks);
    kmm=km(ks, passwordFromCert);
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(kmm, tmm, null);
    SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) ctx.getServerSocketFactory();
    SSLServerSocket ssocket = (SSLServerSocket)        socketFactory.createServerSocket(port);
    return ssocket;
}
private static TrustManager[] tm(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
    TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustMgrFactory.init(keystore);
    return trustMgrFactory.getTrustManagers();
};
private static KeyManager[] km(KeyStore keystore, String password) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
    KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyMgrFactory.init(keystore, password.toCharArray());
    return keyMgrFactory.getKeyManagers();
};

    public static void main(String[] args){
        SSLServerSocket ss = null;
        try {
            ss = getServerSocketWithCert(12345, Server.class.getResourceAsStream("/privateKey.store"), "password");
        } catch(BindException e){
            e.printStackTrace();
            System.exit(1);
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        }
        while(true){
            SSLSocket s = ss.accept();
            new DataOutputStream(s.getOutputStream()).writeUTF("test");
            //TODO ERROR IS APPENING HERE
        }
    }

客户端:

public static SSLSocket getSocketWithCert(InetAddress ip, int port, InputStream pathToCert, String passwordFromCert) throws IOException,
                                KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
    TrustManager[] tmm;
    KeyStore ks  = KeyStore.getInstance("BKS");
    ks.load(pathToCert, passwordFromCert.toCharArray());
    tmm=tm(ks);
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(null, tmm, null);
    SSLSocketFactory SocketFactory = (SSLSocketFactory) ctx.getSocketFactory();
    SSLSocket socket = (SSLSocket) SocketFactory.createSocket();
    socket.connect(new InetSocketAddress(ip, port), 5000);
    return socket;
}

private static TrustManager[] tm(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
    TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustMgrFactory.init(keystore);
    return trustMgrFactory.getTrustManagers();
};
public static void(String[] args){
        int id;
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN){
            id = R.raw.publickey;
        } else {
            id = R.raw.publickey_v1;
        }
        try {
            Socket s = SSLSocketKeystoreFactory.getSocketWithCert("myip", 12345, HackerMainActivity.this.getResources().openRawResource(id), "password");
        } catch (UnknownHostException | SecurityException e) {
            e.printStackTrace();
            return;
        } catch(SocketTimeoutException e){
            e.printStackTrace();
            return;
        } catch (KeyManagementException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
            e.printStackTrace();
        }
        DataInputStream in = new DataInputStream(s.getInputStream());
        //TODO ERROR IS APPENING HERE
}

非常感谢你的帮助!

1 个答案:

答案 0 :(得分:0)

我终于设法做到了......

错误是Android 6.0不再支持SHA-1。

错误是如此奇怪,我没有设法直接看到它......

对于与我有相同错误的人,只需使用SHA-256 ...

重新创建证书