使用BlackBerry App安装SSL证书

时间:2012-02-03 16:48:13

标签: blackberry ssl ssl-certificate

我们有一个BlackBerry应用程序可访问使用某些BlackBerry OS5设备上未安装的SSL证书的安全Web服务。这会导致我们的应用用户看到此消息时出现问题。

“您正在尝试打开安全连接,但服务器的证书不受信任。”

我们可以通过此方法手动安装证书

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO4477&actp=search&viewlocale=en_US&searchid=1328216150785

但这对我们的客户来说显然不是一个好的解决方案。

有没有办法打包&在应用程序中安装所需的证书?此证书适用于iOS,Android,IE,Firefox和铬。

1 个答案:

答案 0 :(得分:4)

您可以将证书X509作为资源包含在代码包中,并将其放入密钥库中。但是用户必须手动进入他们的证书库并信任它。如果用户以前没有使用过证书存储,则会产生令人遗憾的副作用,即强制他们在此时选择密码。

以下代码将从PEM格式的资源文件中读取证书,但删除了----- BEGIN / END CERTIFICATE -----行。我已经使用了这段代码的所有元素,但没有使用这个确切的配置。如果有任何问题我会很乐意尝试解决它们。

证书不受信任,因此用户必须手动进入设备选项下的证书存储应用程序并“信任”证书。确保他们明白他们不能撤销证书。在不擦除和重新安装操作系统的情况下,无法在设备上撤消该操作。唯一的另一种选择是重新颁发新证书。

如果有人知道如何获取这些finiky位让我知道,我将在此代码中包含解决方案,或链接到它现在存在的任何位置。

X509Certificate _x509;

try {
    // Get an input stream for the certificate in a resource file
    InputStream rs = getClass().getResourceAsStream("/certificate.pem");

    // PEM format is Base64 encoded
    Base64InputStream b64is = new Base64InputStream(rs);

    // Create the X509 certificate
    _x509 = new X509Certificate(b64is);

    // Clean up.
    b64is.close();
    rs.close();

    // if the certificate is self signed this will perform a 
    // verfication check. For non-self signed certificates
    // one could provide the signer's certificate in another
    // resource file and validate it with that public key. Other
    // versions of verify will verify it with a certificate in
    // a keystore, but then we wouldn't need to do all this.
    _x509.verify(_x509.getPublicKey());
    System.out.println(_x509.getSubjectFriendlyName());
    System.out.println(Integer.toHexString(_x509.hashCode()));

    // Add the certificate to the DeviceKeyStore
    KeyStore ks = DeviceKeyStore.getInstance();

    // Associated data is set to null, but can be used if there is associated
    // data known. You can use _x509.getStatus() instead of encoding the GOOD
    // constant, but if the device can not find a revokation or validation list
    // it will set the status to UNKNOWN which will confuse users. ks.getTicket()
    // will prompt the user for permission for the program to access the key store.
    // This may also cause the system to ask the user to set a password, unfortunately
    // I can't remember, but I don't think it will if there is no private key in the
    // certificate.
    ks.set(null, _x509.getSubjectFriendlyName(), _x509, CertificateStatus.GOOD, 
       ks.getTicket() );
} catch (CertificateException ce) {
    System.out.println(ce.toString());
} catch (CryptoException crypt) {
    System.out.println(crypt);
} catch (IOException ioe) {
    System.out.println(ioe.toString());
}
相关问题
最新问题