Android 无法生成证书
Android cannot generate certificate
我在生成证书时遇到问题。
以下是相关代码。
@SuppressLint("SdCardPath")
public HttpsURLConnection setUpHttpsConnection(String urlString)
{
try
{
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
AssetManager assManager = context.getAssets();
InputStream caInput = assManager.open("testCert.pfx");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
Certificate ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL(urlString);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
return urlConnection;
}
catch (Exception ex)
{
Log.e("fff", "Failed to establish SSL connection to server: " + ex.toString());
ex.printStackTrace();
return null;
}
}
程序在下一行出错。
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
错误跟踪;
com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException
rer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:220)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:196)
at com.example.hilalinan.cert.ServiceCall.setUpHttpsConnection(ServiceCall.java:125)
at com.example.hilalinan.cert.ServiceCall.doInBackground(ServiceCall.java:58)
at android.os.AsyncTask.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.ASN1Integer
at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:98)
at com.android.org.bouncycastle.asn1.x509.TBSCertificate.getInstance(TBSCertificate.java:64)
at com.android.org.bouncycastle.asn1.x509.Certificate.<init>(Certificate.java:61)
at com.android.org.bouncycastle.asn1.x509.Certificate.getInstance(Certificate.java:45)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(CertificateFactory.java:68)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:215)
... 9 more
当我搜索这个问题时,我在 Whosebug 中找到了 。我了解到 我的 phone 没有 BC 提供商 的可信凭据。问题的 OP 建议 我 将 BC 提供程序添加到我的 phone。 但是即使我安装了,我如何为其他用户提供安装那些正在使用我的程序的人。
另外,当我用谷歌搜索如何将 BC 添加到我的列表时 我找不到任何有用的东西。
有什么办法可以解决我的问题吗?
提前致谢。
pfx 文件是一个 PKCS#12 文件,它可能包含多个证书和密钥(除非您更改了文件扩展名)。
您使用的代码需要一个简单的证书(.cer、.crt 或 .der)文件。
因此您必须将其作为 PKCS12 密钥库直接加载,而不是尝试从中生成证书对象:
InputStream caInput = assManager.open("testCert.pfx");
String pfxPassword = "password"; // change it to the correct password
keyStore.load(caInput, pfxpassword.toCharArray());
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
我在生成证书时遇到问题。 以下是相关代码。
@SuppressLint("SdCardPath")
public HttpsURLConnection setUpHttpsConnection(String urlString)
{
try
{
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
AssetManager assManager = context.getAssets();
InputStream caInput = assManager.open("testCert.pfx");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
Certificate ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL(urlString);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
return urlConnection;
}
catch (Exception ex)
{
Log.e("fff", "Failed to establish SSL connection to server: " + ex.toString());
ex.printStackTrace();
return null;
}
}
程序在下一行出错。
CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
错误跟踪;
com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException
rer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:220)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:196)
at com.example.hilalinan.cert.ServiceCall.setUpHttpsConnection(ServiceCall.java:125)
at com.example.hilalinan.cert.ServiceCall.doInBackground(ServiceCall.java:58)
at android.os.AsyncTask.call(AsyncTask.java:295)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at android.os.AsyncTask$SerialExecutor.run(AsyncTask.java:234)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.ASN1Integer
at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:98)
at com.android.org.bouncycastle.asn1.x509.TBSCertificate.getInstance(TBSCertificate.java:64)
at com.android.org.bouncycastle.asn1.x509.Certificate.<init>(Certificate.java:61)
at com.android.org.bouncycastle.asn1.x509.Certificate.getInstance(Certificate.java:45)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(CertificateFactory.java:68)
at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:215)
... 9 more
当我搜索这个问题时,我在 Whosebug 中找到了
有什么办法可以解决我的问题吗?
提前致谢。
pfx 文件是一个 PKCS#12 文件,它可能包含多个证书和密钥(除非您更改了文件扩展名)。
您使用的代码需要一个简单的证书(.cer、.crt 或 .der)文件。
因此您必须将其作为 PKCS12 密钥库直接加载,而不是尝试从中生成证书对象:
InputStream caInput = assManager.open("testCert.pfx");
String pfxPassword = "password"; // change it to the correct password
keyStore.load(caInput, pfxpassword.toCharArray());
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);