我正在开发一个应用程序,在该应用程序中,我必须使用证书(在.crt文件中(和私钥(.pem文件(与后端服务器通信。
问题是,当我使用curl时,连接是成功的
curl (...) --cert pubcert.crt --key privkey.pem
但当我试图从Android应用程序连接时,我会得到
HTTP FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我的OkHttpClient:
val privKeyInputStream = context.resources.openRawResource(R.raw.privkey)
val pubKeyInputStream = context.resources.openRawResource(R.raw.pubcert)
val cf: CertificateFactory = CertificateFactory.getInstance("X.509")
val certificate: X509Certificate = cf.generateCertificate(pubKeyInputStream) as X509Certificate
val keyPair = KeyPair(certificate.publicKey, loadPrivateKey(privKeyInputStream))
val rootCertificate = HeldCertificate(keyPair, certificate)
val certificates: HandshakeCertificates = HandshakeCertificates.Builder()
.addTrustedCertificate(rootCertificate.certificate)
.build()
return OkHttpClient
.Builder()
.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager)
.build()
fun loadPrivateKey(inputStream: InputStream): PrivateKey? {
var key: PrivateKey? = null
try {
val br = BufferedReader(InputStreamReader(inputStream))
val builder = StringBuilder()
var inKey = false
var line = br.readLine()
while (line != null) {
if (!inKey) {
if (line.startsWith("-----BEGIN ") &&
line.endsWith(" PRIVATE KEY-----")
) {
inKey = true
}
line = br.readLine()
continue
} else {
if (line.startsWith("-----END ") &&
line.endsWith(" PRIVATE KEY-----")
) {
inKey = false
break
}
builder.append(line)
}
line = br.readLine()
}
println(builder.toString())
//
val encoded: ByteArray = Base64.decode(builder.toString(), Base64.DEFAULT)
val keySpec = PKCS8EncodedKeySpec(encoded)
val kf = KeyFactory.getInstance("RSA")
key = kf.generatePrivate(keySpec)
} finally {
inputStream.close()
}
return key
}
好的,我找到了解决方案,我将握手证书的定义更改为:
val certificates: HandshakeCertificates = HandshakeCertificates.Builder()
.addPlatformTrustedCertificates()
.heldCertificate(HeldCertificate(keyPair, certificate))
.build()
现在它工作