On Wed, Aug 29, 2012 at 7:25 PM, Shu Sang <[email protected]> wrote: > Brian, > Thanks for the reply. > > I am now creating a BKS keystore with Portecle. And passing the keystore to > the Apache httpclient by: > > SSLSocketFactory sslFactory = new SSLSocketFactory(keyStore); > _httpclient.getConnectionManager().getSchemeRegistry().register(new > Scheme("https", sslFactory, 443)); > > But when I still got the 403 when accessing the PKI enabled services. > > My questions: > 1. Does the default SSLSocketFactory support PKI?
by definition SSL supports PKI (public-key infrastructure) . the constructor you are using is for speciifying a KeyStore of CAs to trust, not for client certificates. there are other constructors that take a KeyStore of client certificates. I don't recommend using Apache HTTP Client. It is kept for backward compatibility but not undergoing significant new development like HttpsURLConnection. > 2. Do you know if there are any document/samples on how to access PKI > secured services through apache httpclient on Android? (my target OS is >=8) Apache HTTP Client has its own documentation in addition to the API documentation included in Android. http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d5e526 There are additional examples of the use Apache HTTP Client in the Android Open Source Project in various apps: http://source.android.com/source/downloading.html But I still recommend just using HttpsURLConnection http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html -bri > > Thanks in advance. > > S. > > On Tuesday, August 28, 2012 7:08:08 PM UTC-7, Brian Carlstrom wrote: >> >> No, there is no way, even with private APIs, for a user application to >> access certificates before the KeyChain API. They were previously only >> accessible by system user by VPN and WiFi. >> >> Apps can of course use certificates within their own process. For an >> example, see the X509TrustManager and X509KeyManager (usage example at >> >> http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html) >> >> -bri >> >> On Tue, Aug 28, 2012 at 6:39 PM, Shu Sang <[email protected]> wrote: >> > I try to access PKI secured services on Android using Java. Certificates >> > were installed on devices through settings->location & security ->Install >> > from SD card. >> > >> > Seems like on ICS, certificates are shared under >> > /system/etc/security/cacerts while on GingerBread they are in a keystore: >> > /system/etc/security/cacerts.bks. >> > >> > On ICS I found the KeyChain can read all the installed certificates, so >> > my question is: >> > >> > Is there a way to access certificates installed from SD card on OS < >> > level 14? >> > >> > or >> > >> > If there is a unified way to access certificates installed from SD card >> > on OS >= level 8? >> > >> > Thanks. >> > >> > -- >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/h_xysuv9S00J. > > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
