Hi All,
I want client authentication on my server. I want to trust peer certificate
based on user's confirmation. So for that first time i want to trust all
received cert, but at this point itself I am getting excpetion in
getPeerCertificate as SSLPeerUnVerified. I tried adding handshakecompleted
listener but it is not getting invoked..I have already added code
setWantClientAuth(true).
I have used BKS keystore not JKS, and In standard Java same code works
perfectly fine.
Here is my server code,
* KeyStore keyStore = KeyStore.getInstance("BKS");*
keyStore.load(new FileInputStream(KEYSTORE_FILE, KEYSTORE_PASSWORD);
String sslKeyManagerFactoryAlgorithm =
(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
// cert algorithm
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(sslKeyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,KEYSTORE_PASSWORD);
keyManagers = keyManagerFactory.getKeyManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, trustAllCerts, null);
SSLServerSocketFactory sslserversocketfactory =
context.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket)
sslserversocketfactory.createServerSocket(SERVER_PORT);
Log.d(TAG,"Want Client Auth");
sslserversocket.setWantClientAuth(true);
Log.d(TAG,"Need Client Auth");
sslserversocket.setNeedClientAuth(true);
mSslsocket = (SSLSocket) sslserversocket.accept();
//Log.d(TAG,"not Starting Handshake completed listener");
//mSslsocket.addHandshakeCompletedListener(new MyHandshakeListener());
//mSslsocket.startHandshake();
mSslSession = mSslsocket.getSession();
java.security.cert.Certificate[] localcerts =
mSslSession.getLocalCertificates();
Log.d(TAG,"localcerts SHA1 Thumbprint="*
MsgDigest.getThumbprint((X509Certificate)localcerts[0],"SHA1"));
if(mSslsocket.getNeedClientAuth() == true) {
Log.d(TAG,"Client Authenticated.\nPeer Certificates are ");
java.security.cert.Certificate[] clientcerts =
mSslSession.getPeerCertificates();
}
else {
Log.d(TAG,"Client is not authenticated.");
}
My TrustAllCertificate Manager code is as follows, out of which only
checkClientTrusted() is called twice, not getAcceptedIssuers().
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
Log.d(TAG,"getAcceptedIssuers");
return new X509Certificate[0];
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
Log.d(TAG,"checkClientTrusted"+certs.length*" authtype"*authType);
for (int i = 0; i < certs.length; i+*) {
Log.d(TAG,"Certificate ["* i* "] =>"+certs[i].toString());
}
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
Log.d(TAG,"checkServerTrusted certs count"+certs.length);
}
I am stuck on this problem for last 2 days, can someone please help me in
getting this working.
|| Hare Krishna Hare Krishna Krishna Krishna Hare Hare ||
|| Hare Rama Hare Rama Rama Rama Hare Hare ||
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
To unsubscribe, reply using "remove me" as the subject.
