我需要通过Android手机通过SSLSLSOCKET(而不是HTTP/HTTPS)与服务器连接。我首先使用私人/公共对生成了JKS密钥库,然后是一个仅带有公共密钥的JK。然后,我首先尝试将SSLSocketFactory从Java到Java设置,然后才能使用它。Android不接受我的JKS钥匙店,因此我将其转换为Android方面的BK。但是,当我对其进行测试时,服务器端将投掷
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Android侧抛出
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
这是测试服务器的代码:
System.setProperty("javax.net.ssl.keyStore","edkey.jks");
System.setProperty("javax.net.ssl.keyStorePassword","password");
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket = ssocketFactory.createServerSocket(port);
System.out.println(ansiPurple("Starting"));
socket = ssocket.accept();
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
....
这是工作Java客户端的代码:
System.setProperty("javax.net.ssl.trustStore","edkey_public.jks");
System.setProperty("javax.net.ssl.trustStorePassword","password");
SSLSocketFactory f = (SSLSocketFactory)SSLSocketFactory.getDefault();
socket = (SSLSocket)f.createSocket(host, port);
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
....
这是无效Android应用的代码:
InputStream ki = a.getResources().openRawResource(a.getResources().getIdentifier("raw/edkey_public", "raw", a.getPackageName()));
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance("BKS");
ks.load(ki,"password".toCharArray());
kmfactory.init(ks, "password".toCharArray());
ki.close();
KeyManager[] keymanagers = kmfactory.getKeyManagers();
TrustManagerFactory tmf=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext sslContext=SSLContext.getInstance("TLSv1.2");
sslContext.init(keymanagers, tms, new SecureRandom());
SSLSocketFactory f=sslContext.getSocketFactory();
Socket socket = (SSLSocket)f.createSocket(host, port);
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
....
有人知道问题所在吗?
也许是因为在Android应用中您说
KeyStore ks = KeyStore.getInstance("BKS");
应该是
KeyStore ks = KeyStore.getInstance("JKS");