目前有個需求是要實作雙向驗證,但是了好多方法都不行,請求android高手出手相救~
我目前有.p12檔案,而下面的.bks檔案是我用.p12檔轉成.cer,再用KeyStore Explorer轉成bks,請問這樣會有問題嗎?!
下面是我目前驗證的代碼
HttpsURLConnection httpsConn;
//setting
URL targetUrl = new URL("url");
httpsConn = (HttpsURLConnection) targetUrl.openConnection();
HostnameVerifier allHostVerifier = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
SLog.i("GC", "HostnameVerifier.verify:" + hostname);
return true;
}
};
httpsConn.setHostnameVerifier(allHostVerifier);
try {
//服務器驗證客戶端證書
KeyStore keyStore = KeyStore.getInstance("BKS");
//讀取證書
InputStream ksIn = Application.getContext().getResources().getAssets().open("certificate.bks");
//加載證書
keyStore.load(ksIn, "AAA".toCharArray());
ksIn.close();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
keyManagerFactory.init(keyStore, "AAA".toCharArray());
//客戶端信任服務器證書
KeyStore trustStore = KeyStore.getInstance("BKS");
InputStream tsIn = Application.getContext().getResources().getAssets().open("certificate.bks");
trustStore.load(tsIn, "AAA".toCharArray());
tsIn.close();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
//初始化SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
httpsConn.setSSLSocketFactory(sslContext.getSocketFactory());
connection(httpsConn, request);
下面是我執行後給我的錯誤訊息
W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
W/System.err: at com.android.okhttp.Connection.connectTls(Connection.java:235)
at com.android.okhttp.Connection.connectSocket(Connection.java:199)
at com.android.okhttp.Connection.connect(Connection.java:172)
at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:257)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)