如何通过SSL相互通信使用存储在AndroidKeyStore中的客户端证书?

时间:2019-05-08 07:39:24

标签: java android android-keystore

我使用KeyGenParameterSpec生成密钥对:

```
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA,"AndroidKeyStore");
        keyPairGenerator.initialize(
                new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_SIGN|KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT|KeyProperties.PURPOSE_VERIFY)
                        .setDigests(KeyProperties.DIGEST_SHA256,KeyProperties.DIGEST_SHA512)
                        .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)

                        .setCertificateSubject(new X500Principal("C=US"))
                        .build());

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
```

然后使用密钥对生成由我自己的CA生成的自签名,将其存储在AndroidKeyStore中,使用它在ssl相互会话中进行通信:

```    SSLContext ctx;

       KeyStore clientKeyStore = KeyStore.getInstance("AndroidKeyStore");
       clientKeyStore.load(null,null);
       KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
       kmf.init(clientKeyStore,null);
       KeyStore serverKeyStore = KeyStore.getInstance("BKS");
        serverKeyStore.load(getResources().getAssets().open(TRUSTSTORE_PUB_KEY), "123456".toCharArray());

       TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
       tmf.init(serverKeyStore);
       ctx = SSLContext.getInstance("TLSv1.2");
       ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
       SSLSocketFactory factory = ctx.getSocketFactory();
       SSLSocket socket = (SSLSocket) factory.createSocket(SERVICE_HOST, 443);
       socket.startHandshake();
```

但是错了,我不知道在哪里纠正它:

```

    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:913)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:938)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java:219)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.init(Signature.java:1357)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.chooseProvider(Signature.java:1310)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.engineInitSign(Signature.java:1385)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature.initSign(Signature.java:679)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(CryptoUpcalls.java:88)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:345)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.lang.Thread.run(Thread.java:784)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: android.security.KeyStoreException: -65530
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getKeyStoreException(KeyStore.java:851)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:   ... 23 more
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:286)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:345)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.lang.Thread.run(Thread.java:784)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x748f38c608: Failure in SSL library, usually a protocol error
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/common/src/jni/main/cpp/conscrypt/native_crypto.cc:698 0x74a1936e07:0x00000000)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)

```

我不知道如何更改它, 但我认为问题出在KeyManagerFactory实例init,但我不知道 谁能帮我? 非常感谢!

0 个答案:

没有答案
相关问题
最新问题