Hi All, I want client authentication on my server. I want to trust peer certificate based on user's confirmation. So for that first time i want to trust all received cert, but at this point itself I am getting excpetion in getPeerCertificate as SSLPeerUnVerified. I tried adding handshakecompleted listener but it is not getting invoked..I have already added code setWantClientAuth(true).
I have used BKS keystore not JKS, and In standard Java same code works perfectly fine. Here is my server code, * KeyStore keyStore = KeyStore.getInstance("BKS");* keyStore.load(new FileInputStream(KEYSTORE_FILE, KEYSTORE_PASSWORD); String sslKeyManagerFactoryAlgorithm = (Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm")); // cert algorithm KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslKeyManagerFactoryAlgorithm); keyManagerFactory.init(keyStore,KEYSTORE_PASSWORD); keyManagers = keyManagerFactory.getKeyManagers(); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagers, trustAllCerts, null); SSLServerSocketFactory sslserversocketfactory = context.getServerSocketFactory(); SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(SERVER_PORT); Log.d(TAG,"Want Client Auth"); sslserversocket.setWantClientAuth(true); Log.d(TAG,"Need Client Auth"); sslserversocket.setNeedClientAuth(true); mSslsocket = (SSLSocket) sslserversocket.accept(); //Log.d(TAG,"not Starting Handshake completed listener"); //mSslsocket.addHandshakeCompletedListener(new MyHandshakeListener()); //mSslsocket.startHandshake(); mSslSession = mSslsocket.getSession(); java.security.cert.Certificate[] localcerts = mSslSession.getLocalCertificates(); Log.d(TAG,"localcerts SHA1 Thumbprint="* MsgDigest.getThumbprint((X509Certificate)localcerts[0],"SHA1")); if(mSslsocket.getNeedClientAuth() == true) { Log.d(TAG,"Client Authenticated.\nPeer Certificates are "); java.security.cert.Certificate[] clientcerts = mSslSession.getPeerCertificates(); } else { Log.d(TAG,"Client is not authenticated."); } My TrustAllCertificate Manager code is as follows, out of which only checkClientTrusted() is called twice, not getAcceptedIssuers(). private TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { Log.d(TAG,"getAcceptedIssuers"); return new X509Certificate[0]; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { Log.d(TAG,"checkClientTrusted"+certs.length*" authtype"*authType); for (int i = 0; i < certs.length; i+*) { Log.d(TAG,"Certificate ["* i* "] =>"+certs[i].toString()); } } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { Log.d(TAG,"checkServerTrusted certs count"+certs.length); } I am stuck on this problem for last 2 days, can someone please help me in getting this working. || Hare Krishna Hare Krishna Krishna Krishna Hare Hare || || Hare Rama Hare Rama Rama Rama Hare Hare || -- unsubscribe: android-porting+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-porting To unsubscribe, reply using "remove me" as the subject.