Brian, You are awesome!!! It is working. I changed constructor and everything works on Android now. You made me day. Thanks!
S. On Wednesday, August 29, 2012 9:14:35 PM UTC-7, Brian Carlstrom wrote: > > On Wed, Aug 29, 2012 at 7:25 PM, Shu Sang <[email protected] <javascript:>> > wrote: > > Brian, > > Thanks for the reply. > > > > I am now creating a BKS keystore with Portecle. And passing the keystore > to > > the Apache httpclient by: > > > > SSLSocketFactory sslFactory = new SSLSocketFactory(keyStore); > > > _httpclient.getConnectionManager().getSchemeRegistry().register(new > > Scheme("https", sslFactory, 443)); > > > > But when I still got the 403 when accessing the PKI enabled services. > > > > My questions: > > 1. Does the default SSLSocketFactory support PKI? > > by definition SSL supports PKI (public-key infrastructure) . > > the constructor you are using is for speciifying a KeyStore of CAs to > trust, not for client certificates. there are other constructors that > take a KeyStore of client certificates. > > I don't recommend using Apache HTTP Client. It is kept for backward > compatibility but not undergoing significant new development like > HttpsURLConnection. > > > 2. Do you know if there are any document/samples on how to access PKI > > secured services through apache httpclient on Android? (my target OS is > >=8) > > Apache HTTP Client has its own documentation in addition to the API > documentation included in Android. > > http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d5e526 > > > There are additional examples of the use Apache HTTP Client in the > Android Open Source Project in various apps: > http://source.android.com/source/downloading.html > > But I still recommend just using HttpsURLConnection > > http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html > > -bri > > > > > Thanks in advance. > > > > S. > > > > On Tuesday, August 28, 2012 7:08:08 PM UTC-7, Brian Carlstrom wrote: > >> > >> No, there is no way, even with private APIs, for a user application to > >> access certificates before the KeyChain API. They were previously only > >> accessible by system user by VPN and WiFi. > >> > >> Apps can of course use certificates within their own process. For an > >> example, see the X509TrustManager and X509KeyManager (usage example at > >> > >> > http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html) > > >> > >> -bri > >> > >> On Tue, Aug 28, 2012 at 6:39 PM, Shu Sang <[email protected]> wrote: > >> > I try to access PKI secured services on Android using Java. > Certificates > >> > were installed on devices through settings->location & security > ->Install > >> > from SD card. > >> > > >> > Seems like on ICS, certificates are shared under > >> > /system/etc/security/cacerts while on GingerBread they are in a > keystore: > >> > /system/etc/security/cacerts.bks. > >> > > >> > On ICS I found the KeyChain can read all the installed certificates, > so > >> > my question is: > >> > > >> > Is there a way to access certificates installed from SD card on OS < > >> > level 14? > >> > > >> > or > >> > > >> > If there is a unified way to access certificates installed from SD > card > >> > on OS >= level 8? > >> > > >> > Thanks. > >> > > >> > -- > >> > > -- > > You received this message because you are subscribed to the Google > Groups > > "Android Security Discussions" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/android-security-discuss/-/h_xysuv9S00J. > > > > > To post to this group, send email to > > [email protected] <javascript:>. > > To unsubscribe from this group, send email to > > [email protected] <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/ySXQOXqvzjYJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
