【发布时间】:2017-01-28 07:31:48
【问题描述】:
生成证书时遇到问题。 以下是相关代码。
@SuppressLint("SdCardPath")
public HttpsURLConnection setUpHttpsConnection(String urlString)
{
try
{
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
AssetManager assManager = context.getAssets();
InputStream caInput = assManager.open("testCert.pfx");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
Certificate ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL(urlString);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
return urlConnection;
}
catch (Exception ex)
{
Log.e("fff", "Failed to establish SSL connection to server: " + ex.toString());
ex.printStackTrace();
return null;
}
}
程序在下一行给出错误。
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
错误跟踪;
com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException
rer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:220)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:196)
at com.example.hilalinan.cert.ServiceCall.setUpHttpsConnection(ServiceCall.java:125)
at com.example.hilalinan.cert.ServiceCall.doInBackground(ServiceCall.java:58)
at android.os.AsyncTask$2.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.ASN1Integer
at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:98)
at com.android.org.bouncycastle.asn1.x509.TBSCertificate.getInstance(TBSCertificate.java:64)
at com.android.org.bouncycastle.asn1.x509.Certificate.<init>(Certificate.java:61)
at com.android.org.bouncycastle.asn1.x509.Certificate.getInstance(Certificate.java:45)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(CertificateFactory.java:68)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:215)
... 9 more
当我搜索这个问题时,我在 stackoverflow 中找到了this question。我了解到我的手机在受信任的凭据中没有 BC 提供商。 suggested 问题的 OP 我 将 BC 提供程序添加到我的手机。 但即使我安装了,我如何才能让其他用户安装正在使用我的程序的用户。 此外,当我在 Google 上搜索如何将 BC 添加到我的列表时 我找不到任何有用的东西。
知道如何解决我的问题吗?
提前致谢。
【问题讨论】:
-
pfx文件是一个 PKCS#12 文件,它可能包含多个证书和密钥。因此,您必须直接将其加载为 PKCS12 密钥库,而不是尝试从中生成证书对象! -
我不明白我对这个话题不太熟悉。你可以再详细一点吗?如果我无法生成证书,如何访问 https 服务?我应该使用
crt文件吗?
标签: android ssl https certificate