在我的情况下以编程方式安装X509证书

2018-06-12 23:14:40

我正在开发一个Android项目。我有一个PEM证书字符串：

-----BEGIN CERTIFICATE-----
MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix
EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD
VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y
...MANY LINES...
It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/
7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX
-----END CERTIFICATE-----

（我将上面的证书字符串分配给名为CERT_STR的变量）

我通过以下方式将PEM字符串转换为X509Certificate：

byte[] certBytes = CERT_STR.getBytes();
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
InputStream certIs = new ByteArrayInputStream(certBytes); 
// now I get the X509 certificate from the PEM string
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(certIs);

然后，我尝试通过编程方式安装证书：

Intent intent = KeyChain.createInstallIntent();
// because my PEM only contains a certificate, no private key, so I use EXTRA_CERTIFICATE
intent.putExtra(KeyChain.EXTRA_CERTIFICATE, certificate.getEncoded());
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
context.startActivity(intent);

当我运行我的应用程序，我看到系统弹出对话框说“提取...”，我知道系统提取我的证书，但对话框显示那里所有的时间说“解压...”。

为什么？我的代码在哪里安装证书错了？

您可能没有使用正确创建的X509证书。继我的工作结束后，我没有看到任何“Extracting ...”对话框（Nexus 5X，Android 7.0）：

String x509cert = "-----BEGIN CERTIFICATE-----n" +
        "MIICrjCCAhegAwIBAgIJAO9T3E+oW38mMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNVn" +
        "BAYTAlVaMREwDwYDVQQHDAhUYXNoa2VudDENMAsGA1UECgwERWZpcjEQMA4GA1UEn" +
        "CwwHSVQgZGVwdDEQMA4GA1UEAwwHZWZpci51ejEbMBkGCSqGSIb3DQEJARYMaG9zn" +
        "dEBlZmlyLnV6MB4XDTE2MTExMDA4MjIzMFoXDTE2MTIxMDA4MjIzMFowcDELMAkGn" +
        "A1UEBhMCVVoxETAPBgNVBAcMCFRhc2hrZW50MQ0wCwYDVQQKDARFZmlyMRAwDgYDn" +
        "VQQLDAdJVCBkZXB0MRAwDgYDVQQDDAdlZmlyLnV6MRswGQYJKoZIhvcNAQkBFgxon" +
        "b3N0QGVmaXIudXowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL60mG0Gpl7sn" +
        "3qMnZcURB1xk5Qen6FN0+AJB5Z/WHA50n1MUkXNY28rkEYupkxpfEqR+/gXgBUAmn" +
        "FACA3GSdoHMMY1kdeAzxsYbBEbtGKHICF/QFGTqScWmI6uBUwzsLDLv1ELef/zEYn" +
        "Ru/krXtNh8ZNYyfwVKyZaB9+3M2yOqATAgMBAAGjUDBOMB0GA1UdDgQWBBS1nH3On" +
        "ecLDrIZLZ/f1WsNL/xtuEzAfBgNVHSMEGDAWgBS1nH3OecLDrIZLZ/f1WsNL/xtun" +
        "EzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGzjJnXODvF9UHBKHAUFn" +
        "kzisr78Og5BrKyAgdnjH196Jg4MO7RNJdQAmuAIk9aBB/jvAiznhhbcD3mYImH+hn" +
        "F0Scewk5m736ydGhkcUpmxA5ye1hajjs9V7PQD2O4a8rNJSlJjiWRWSqxTfH79Nsn" +
        "B7x2HND9LU/iz02ugGJ8vwg8n" +
        "-----END CERTIFICATE-----n";
Intent intent = KeyChain.createInstallIntent();
intent.putExtra(KeyChain.EXTRA_CERTIFICATE, x509cert.getBytes());
startActivity(intent);

要生成上述证书，我使用了以下步骤（基于为SSO生成密钥和证书）：

$ openssl genrsa -out rsaprivkey.pem 1024

$ openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem

$ ls
rsacert.pem rsaprivkey.pem

然后，我只需将cat rsacert.pem的输出复制/粘贴到x509cert 。

希望这可以帮助。

链接地址: http://www.djcxy.com/p/37025.html

上一篇: install X509 certificate programmatically in my case

下一篇: What is the difference between an orm and ADO.net?