在AndroidQ上,我无法使用安装到设备上“受信任的凭据” /“用户凭据”的根证书来验证自签名叶证书。
AndroidQ中的证书验证是否有任何变化?
byte[] certData = ...;
X509Certificate cert = (X509Certificate)CertificateFactory
.getInstance("X.509")
.generateCertificate(new ByteArrayInputStream(certData));
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm()
);
tmf.init((KeyStore)null);
TrustManager[] tms = tmf.getTrustManagers();
X509TrustManager tm = (X509TrustManager)tms[0];
trustManager.checkClientTrusted(
new X509Certificate[] { cert },
cert.getPublicKey().getAlgorithm()
);
这在任何Android版本上均可正常运行,但在AndroidQ上会抛出以下问题:checkClientTrusted():
java.security.cert.CertificateException:无法接受的证书:CN =叶子,O =无,L = TimeNSpace,ST =混乱,C = US