1. 首頁
  2. 問答
  3. 如何在Android中實現葉/中間證書鎖定?

如何在Android中實現葉/中間證書鎖定?

2017-04-25 98 views
9

我已經在我的項目中實施了葉證書,它工作正常。請檢查下面的代碼,現在問題是葉證書將在我的服務器一年後過期,所以我想驗證葉證書,以便當它到期/無效時,我會使用中間證書?如何在Android中實現葉/中間證書鎖定?

是否有任何示例來實現中間證書?

請幫幫我!

代碼: -

SSLContext sslContext = null; 
     try { 
      CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
      InputStream caInput = context.getResources().openRawResource(certRawRef); 
      Certificate ca; 
      try { 
       ca = cf.generateCertificate(caInput); 
      } finally { 
       caInput.close(); 
      } 
      // Create a KeyStore containing our trusted CAs 
      String keyStoreType = KeyStore.getDefaultType(); 
      KeyStore keyStore = KeyStore.getInstance(keyStoreType); 
      keyStore.load(null, null); 
      keyStore.setCertificateEntry("ca", ca); 
      // Create a TrustManager that trusts the CAs in our KeyStore 
      String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 
      TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); 
      tmf.init(keyStore); 
      // Create an SSLContext that uses our TrustManager 

      sslContext = SSLContext.getInstance("TLSv1.2"); 
      sslContext.init(null, tmf.getTrustManagers(), null); 
      return sslContext; 
     } catch (Exception e) { 
      Log.e("EXCEPTION",e.toString()); 
      //Print here right certificate failure issue 
     }

來源

2017-04-25 User Android

+1

這篇文章可以幫助你... HTTPS://medium.com/@appmattus/android-security- SSL-釘扎,1db8acb6621e – PN10

回答

1

最後我找到了答案: -

try { 
      CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
      InputStream caInputLeaf = context.getResources().openRawResource(leafCert); 
      InputStream caInputInter = context.getResources().openRawResource(interCert); 
      try { 
       if (cf != null) { 
        ca = cf.generateCertificate(caInputLeaf); 

        URL url = new URL(URL); 
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); 
        conn.setRequestMethod("GET"); 
        conn.connect(); 

        chain = conn.getServerCertificates(); 
        if(chain!=null && chain[0].equals(ca)) {   //Return Leaf certificate 
         return ca; 
        } 
        else{         //Return Intermediate certificate 
         ca = cf.generateCertificate(caInputInter); 
         return ca; 
        } 
       } 
      } catch (Exception cee) { 
       ca = cf.generateCertificate(caInputInter); 
       return ca; 
      } 
     } catch (Exception e) { 
      Log.e("EXCEPTION", e.toString()); 
     }

來源

2017-06-12 05:27:58

相關問題

 相關問題