Java – Android HTTP request with client certificate
•
Java
I'm trying to use this code to make a request to a server with client certificate authentication:
try { /*** CA Certificate ***/ CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(R.raw.caserver); Certificate ca = cf.generateCertificate(caInput); System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null,null); keyStore.setCertificateEntry("ca",ca); System.out.println(keyStoreType); // Create a TrustManager that trusts the CAs in our KeyStore String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); /*** Client Certificate ***/ KeyStore keyStore12 = KeyStore.getInstance("PKCS12"); InputStream certInput12 = getResources().openRawResource(R.raw.p12client); keyStore12.load(certInput12,"123456key".tocharArray()); // Create a KeyManager that uses our client cert String algorithm = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(keyStore12,null); /*** SSL Connection ***/ // Create an SSLContext that uses our TrustManager and our KeyManager SSLContext context = SSLContext.getInstance("TLS"); context.init(kmf.getKeyManagers(),tmf.getTrustManagers(),null); URL url = new URL("https://myurl/test.json"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); System.out.println("Weeeeeeeeeee"); InputStream in = urlConnection.getInputStream(); // this throw exception } catch (Exception e) { e.printStackTrace(); }
When execution arrives = urlconnection getInputStream(); When the last line in InputStream, I get the next exception
System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I spent a lot of time fixing this error, but I couldn't find any information When I use a web browser with a client certificate to make the same request, everything is normal
Does it help? Thank you in advance
edit
I generate the certificate as follows:
> openssl req -config openssl.cnf -new -x509 -extensions v3_ca -days 3650 -keyout private/caserver.key -out certs/caserver.crt > openssl req -config openssl.cnf -new -nodes -keyout private/client.key -out client.csr -days 1095 > openssl ca -config openssl.cnf -cert certs/caserver.crt -policy policy_anything -out certs/client.crt -infiles csr/client.csr > openssl pkcs12 -export -clcerts -in certs/client.crt -inkey private/client.key -out p12client.p12
In my code, I use caserver CRT and p12client p12.
Solution
I don't know why the input stream can't read the certificate from the assets folder I have the same problem To overcome this, I have placed the certificate in the original folder and accessed it
InputStream caInput = getResources().openRawResource(R.raw.mycertificate);
And it works well!
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
二维码