logo标签列表

安卓应用中使用客户端证书建立HTTPS连接

javaandroidsslhttpscertificate
38

我正在尝试在我编写的Android应用程序中,将当前工作的HTTP连接替换为HTTPS连接。由于HTTPS连接提供额外的安全性,因此我不能忽略这一步。

我有以下内容:

  1. 配置了建立HTTPS连接并要求客户端证书的服务器。
    • 此服务器具有由标准大规模CA颁发的证书。简而言之,如果我通过Android浏览器访问此连接,则可以正常工作,因为设备的信任存储库识别CA。(因此它不是自签名)
  2. 本质上是自签名的客户机证书。(由内部CA颁发)
  3. 加载此客户端证书并尝试连接到前述服务器的Android应用程序,但存在以下问题/属性:
    • 当服务器配置为需要客户端证书时,客户端可以连接到服务器。基本上,如果我使用SSLSocketFactory.getSocketFactory(),则连接可以正常工作,但客户端证书是此应用程序规格的必需部分,因此:
    • 当我尝试使用我的自定义SSLSocketFactory连接时,客户端会产生javax.net.ssl.SSLPeerUnverifiedException: No peer certificate异常,但我不完全确定原因。在搜索各种解决方案后,这个异常似乎有点模糊不清。

以下是客户端的相关代码:

SSLSocketFactory socketFactory = null;

public void onCreate(Bundle savedInstanceState) {
    loadCertificateData();
}

private void loadCertificateData() {
    try {
        File[] pfxFiles = Environment.getExternalStorageDirectory().listFiles(new FileFilter() {
            public boolean accept(File file) {
                if (file.getName().toLowerCase().endsWith("pfx")) {
                    return true;
                }
                return false;
            }
        });

        InputStream certificateStream = null;
        if (pfxFiles.length==1) {
            certificateStream = new FileInputStream(pfxFiles[0]);
        }

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        char[] password = "somePassword".toCharArray();
        keyStore.load(certificateStream, password);

        System.out.println("I have loaded [" + keyStore.size() + "] certificates");

        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, password);

        socketFactory = new SSLSocketFactory(keyStore);
    } catch (Exceptions e) {
        // Actually a bunch of catch blocks here, but shortened!
    }
}

private void someMethodInvokedToEstablishAHttpsConnection() {
    try {
        HttpParams standardParams = new BasicHttpParams();
        HttpConnectionParams.setConnectionTimeout(standardParams, 5000);
        HttpConnectionParams.setSoTimeout(standardParams, 30000);

        SchemeRegistry schRegistry = new SchemeRegistry();
        schRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        schRegistry.register(new Scheme("https", socketFactory, 443));
        ClientConnectionManager connectionManager = new ThreadSafeClientConnManager(standardParams, schRegistry);

        HttpClient client = new DefaultHttpClient(connectionManager, standardParams);
        HttpPost request = new HttpPost();
        request.setURI(new URI("https://TheUrlOfTheServerIWantToConnectTo));
        request.setEntity("Some set of data used by the server serialized into string format");
        HttpResponse response = client.execute(request);
        resultData = EntityUtils.toString(response.getEntity());
    } catch (Exception e) {
        // Catch some exceptions (Actually multiple catch blocks, shortened)
    }
}
我已经验证了,keyStore加载了证书并成功运行。

我有两个猜测关于我在阅读HTTPS/SSL连接方面可能遗漏的内容,但由于这是我的第一次尝试,我还有点困惑,不知道我实际上需要解决什么问题。首先,可能需要将该SSLSocketFactory配置为具备设备信任库,其中包括所有标准中间和终端证书颁发机构。也就是说,设备默认的SSLSocketFactory.getSocketFactory()将一些CA加载到工厂的信任库中,用于信任服务器发送的证书,这是我代码失败的原因,因为我没有正确加载信任库。如果这是真的,那么我应该如何最好地加载这些数据?

第二种可能性是由于客户端证书是自签名的(或由内部证书颁发机构颁发--如果我错了,请纠正我,但从实际意义上来说,这些确实是同一个东西)。事实上,我缺少的正是这个信任库,基本上我需要提供一种方法让服务器使用内部CA来验证证书,并验证此内部CA是否可信。如果这是真的,那么我应该寻找什么样的东西?我看到一些参考文献让我相信这可能是我的问题,就像这里所示,但我确实不确定。如果这确实是我的问题,那么我应该向维护内部CA的人询问什么,并且我应该如何将其添加到代码中以使我的HTTPS连接工作?

第三个可能的解决方案(希望不太可能)是我在某个地方完全错了,遗漏了关键步骤或完全忽略了一部分HTTPS/SSL,我目前没有任何知识。如果是这种情况,请提供一些方向,以便我可以学习需要学习的内容。谢谢阅读!
您的服务器还需要验证客户端证书,就像您所提到的那样。如果您熟悉WireShark,您可以检查TLS握手以查看服务器如何响应客户端证书。 - jglouie
@jglouie 我不熟悉WireShark,但听起来我应该了解一下。我会去看看的! - Kevek
5个回答
9
有一种更简单的方法来实现 @jglouie 的解决方案。基本上,如果您使用一个 SSLContext 并用 null 来初始化信任管理器参数,您应该能够获得使用默认信任管理器的 SSL 上下文。请注意,这在 Android 文档中没有记录,但是Java SSLContext.init 文档 中说:

前两个参数中的任何一个都可以为 null,在这种情况下,安装的安全提供程序将被搜索以查找相应工厂的最高优先级实现。

下面是代码示例:

// This can be any protocol supported by your target devices.
// For example "TLSv1.2" is supported by the latest versions of Android
final String SSL_PROTOCOL = "TLS";

try {               
   sslContext = SSLContext.getInstance(SSL_PROTOCOL);

   // Initialize the context with your key manager and the default trust manager 
   // and randomness source
   sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
} catch (NoSuchAlgorithmException e) {
   Log.e(TAG, "Specified SSL protocol not supported! Protocol=" + SSL_PROTOCOL);
   e.printStackTrace();
} catch (KeyManagementException e) {
   Log.e(TAG, "Error setting up the SSL context!");
   e.printStackTrace();
}

// Get the socket factory
socketFactory = sslContext.getSocketFactory();
1
我记得两年前在寻找解决方案时读到过这篇文章。我非常确定,在当时的特定 Android 版本中,当传递 null 时它并不能正常工作,但我同意这应该是更好的解决方案。 - Kevek
7

我认为这确实是问题所在。

据我所知,第一种可能性是我需要使用设备的信任库配置此SSLSocketFactory,该信任库包括所有标准中间和终端证书颁发机构。

如果是这样,我应该如何最好地加载这些数据?

尝试像这样做(您需要让您的套接字工厂使用此默认信任管理器):

X509TrustManager manager = null;
FileInputStream fs = null;

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

try
{
    fs = new FileInputStream(System.getProperty("javax.net.ssl.trustStore")); 
    keyStore.load(fs, null);
}
finally
{
    if (fs != null) { fs.close(); }
}

trustManagerFactory.init(keyStore);
TrustManager[] managers = trustManagerFactory.getTrustManagers();

for (TrustManager tm : managers)
{
    if (tm instanceof X509TrustManager) 
    {
        manager = (X509TrustManager) tm;
        break;
    }
}

编辑:在使用本代码之前,请查看Pooks的答案。听起来现在有更好的方法来解决这个问题。


(Note: The text has been translated into simplified Chinese.)
1
不是使用 socketFactory = new SSLSocketFactory(keyStore);,而是我添加了你的代码(尽管我将你的 KeyStore keyStore 重命名为 KeyStore trustStore),并在我的 loadCertificateData() 函数末尾使用了以下代码:socketFactory = new SSLSocketFactory(keyStore, new String(password), trustStore); -- 这个方法非常有效,谢谢! - Kevek
我获取TrustManager时并不需要使用foreach循环。你为什么认为这是必要的?(我想我通过将整个truststore交给SSLSocketFactory来规避了这个问题?) - Kevek
@Kevek 我也在尝试证书认证,但是我遇到了 "javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found." 异常。请帮我解决它。 - Sudarshan
这篇文章似乎表明您没有找到信任存储。在您使用的任何Android版本中,javax.net.ssl.trustStore的位置可能没有存储在哪里?您在进行什么操作时遇到了这个错误? - Kevek
你好 @Kevek,我需要实现你已经实现的相同的东西。我将客户端证书和私钥加载到KeyStore中,并将其作为SSLContext.init函数的第一个参数传递,接着我创建SocketFactor,如下所示:sslContext.getSocketFactory(),并将其设置为client2.setSslSocketFactory(sslContext.getSocketFactory()); 但是证书没有传递到服务器。这是因为我正在使用getSocketFactory()吗?您能分享一下您的SSLSocketFactory类吗? - Burak Tamtürk
@BurakTamtürk,自从2011年以来,我实际上不得不修改一些东西。我已经发布了另一个回答来处理我的getSocketFactory方法的更新。这是一个快速链接 - Kevek
3

经过几天的尝试,我终于找到了答案。现在我想在这里分享我的步骤和代码,以帮助其他人。

1)获取您想要连接的网站的证书

echo | openssl s_client -connect ${MY_SERVER}:443 2>&1 |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem

2) 要创建您的密钥,您需要BouncyCastle库,您可以在此处下载:这里

keytool -import -v -trustcacerts -alias 0 -file mycert.pem -keystore “store_directory/mykst“ -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath “directory_of_bouncycastle/bcprov-jdk16-145.jar” -storepass mypassword

3) 检查密钥是否已创建

keytool -list -keystore "carpeta_almacen/mykst" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "directory_of_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mypassword

您应该看到类似于以下内容:

密钥存储类型:BKS 密钥存储提供者:BC

您的密钥存储包含条目1

0, 07-12-2011,trustedCertEntry,

证书指纹(MD5):

55:FD:E5:E3:8A:4C:D6:B8:69:EB:6A:49:05:5F:18:48

4) 然后您需要将文件“mykst”复制到您的Android项目中的“res / raw”目录中(如果不存在,请创建它)。

5) 在Android清单中添加权限。

  <uses-permission android:name="android.permission.INTERNET"/>

6) 这里是代码!

activity_main.xml

<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
    android:layout_width="fill_parent"
    android:layout_height="fill_parent"
    android:orientation="vertical"
    android:padding="10dp" >

    <Button
        android:id="@+id/button"
        android:layout_width="fill_parent"
        android:layout_height="wrap_content"
        android:text="Cargar contenido" />

    <RelativeLayout
        android:layout_width="fill_parent"
        android:layout_height="fill_parent"
        android:background="#4888ef">
        <ProgressBar
            android:id="@+id/loading"
            android:layout_width="50dp"
            android:layout_height="50dp"
            android:indeterminate="true"
            android:layout_centerInParent="true"
            android:visibility="gone"/>
        <ScrollView
            android:layout_width="fill_parent"
            android:layout_height="fill_parent"
            android:fillViewport="true"
            android:padding="10dp">
            <TextView
                android:id="@+id/output"
                android:layout_width="fill_parent"
                android:layout_height="fill_parent"
                android:textColor="#FFFFFF"/>
        </ScrollView>
    </RelativeLayout>
</LinearLayout>

MyHttpClient

package com.example.https;


import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Enumeration;

import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;

import android.content.Context;
import android.os.Build;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

public class MyHttpClient extends DefaultHttpClient {

    final Context context;

    public MyHttpClient(Context context) {
        this.context = context;
    }

    @Override
    protected ClientConnectionManager createClientConnectionManager() {
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        // Register for port 443 our SSLSocketFactory with our keystore
        // to the ConnectionManager
        registry.register(new Scheme("https", newSslSocketFactory(), 443));
        return new SingleClientConnManager(getParams(), registry);
    }

    private SSLSocketFactory newSslSocketFactory() {
        try {
            // Trust manager / truststore
            KeyStore trustStore=KeyStore.getInstance(KeyStore.getDefaultType());

            // If we're on an OS version prior to Ice Cream Sandwich (4.0) then use the standard way to get the system
            //   trustStore -- System.getProperty() else we need to use the special name to get the trustStore KeyStore
            //   instance as they changed their trustStore implementation.
            if (Build.VERSION.RELEASE.compareTo("4.0") < 0) {
                TrustManagerFactory trustManagerFactory=TrustManagerFactory
                        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
                FileInputStream trustStoreStream=new FileInputStream(System.getProperty("javax.net.ssl.trustStore"));
                trustStore.load(trustStoreStream, null);
                trustManagerFactory.init(trustStore);
                trustStoreStream.close();
            } else {
                trustStore=KeyStore.getInstance("AndroidCAStore");
            }

            InputStream certificateStream = context.getResources().openRawResource(R.raw.mykst);
            KeyStore keyStore=KeyStore.getInstance("BKS");
            try {
                keyStore.load(certificateStream, "mypassword".toCharArray());
                Enumeration<String> aliases=keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String alias=aliases.nextElement();
                    if (keyStore.getCertificate(alias).getType().equals("X.509")) {
                        X509Certificate cert=(X509Certificate)keyStore.getCertificate(alias);
                        if (new Date().after(cert.getNotAfter())) {
                            // This certificate has expired
                            return null;
                        }
                    }
                }
            } catch (IOException ioe) {
                // This occurs when there is an incorrect password for the certificate
                return null;
            } finally {
                certificateStream.close();
            }

            KeyManagerFactory keyManagerFactory=KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, "mypassword".toCharArray());

            return new SSLSocketFactory(keyStore, "mypassword", trustStore);
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }
}

MainActivity

package com.example.https;

import android.app.Activity;
import android.os.AsyncTask;
import android.os.Bundle;
import android.view.View;
import android.widget.Button;
import android.widget.TextView;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringWriter;
import java.io.Writer;

import javax.net.ssl.SSLSocketFactory;

public class MainActivity extends Activity {

    private View loading;
    private TextView output;
    private Button button;

    SSLSocketFactory socketFactory = null;

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);
        loading = findViewById(R.id.loading);
        output = (TextView) findViewById(R.id.output);
        button = (Button) findViewById(R.id.button);
        button.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                new CargaAsyncTask().execute(new Void[0]);
            }
        });
    }

    class CargaAsyncTask extends AsyncTask<Void, Void, String> {

        @Override
        protected void onPreExecute() {
            super.onPreExecute();
            loading.setVisibility(View.VISIBLE);
            button.setEnabled(false);
        }

        @Override
        protected String doInBackground(Void... params) {
            // Instantiate the custom HttpClient
            DefaultHttpClient client = new MyHttpClient(getApplicationContext());
            HttpGet get = new HttpGet("https://www.google.com");
            // Execute the GET call and obtain the response
            HttpResponse getResponse;
            String resultado = null;
            try {
                getResponse = client.execute(get);
                HttpEntity responseEntity = getResponse.getEntity();
                InputStream is = responseEntity.getContent();
                resultado = convertStreamToString(is);
            } catch (ClientProtocolException e) {
                e.printStackTrace();
            } catch (IOException e) {
                e.printStackTrace();
            }
            return resultado;
        }

        @Override
        protected void onPostExecute(String result) {
            super.onPostExecute(result);
            loading.setVisibility(View.GONE);
            button.setEnabled(true);
            if (result == null) {
                output.setText("Error");
            } else {
                output.setText(result);
            }
        }

    }

    public static String convertStreamToString(InputStream is) throws IOException {
        /*
         * To convert the InputStream to String we use the
         * Reader.read(char[] buffer) method. We iterate until the
         * Reader return -1 which means there's no more data to
         * read. We use the StringWriter class to produce the string.
         */
        if (is != null) {
            Writer writer = new StringWriter();

            char[] buffer = new char[1024];
            try {
                Reader reader = new BufferedReader(new InputStreamReader(is, "UTF-8"));
                int n;
                while ((n = reader.read(buffer)) != -1) {
                    writer.write(buffer, 0, n);
                }
            } finally {
                is.close();
            }
            return writer.toString();
        } else {
            return "";
        }
    }
}

我希望这对其他人有所帮助!祝使用愉快!
为了使用自签名证书,首先您需要创建自己的CA(http://www.g-loaded.eu/2005/11/10/be-your-own-ca/),然后签署您的证书并将其用于您的服务器。最后,在您的手机上安装CA(https://www.jethrocarr.com/2012/01/04/custom-ca-certificates-and-android/),这样就可以正常工作了。 - Camilo9mm
1

看起来你还需要为你的SSLSocketFactory设置主机名。

尝试添加这行代码

socketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);

在使用SSLFactory创建新连接之前。

除了结构上的差异,我们的代码很相似。在我的实现中,我只是创建了自己的DefaultHttpClient扩展,它看起来与你上面的大部分代码相似。如果这不能解决问题,我可以发布那个工作代码,你可以尝试一下这种方法。

编辑:这是我的工作版本。

    public class ActivateHttpClient extends DefaultHttpClient { 
    final Context context;


    /**
     * Public constructor taking two arguments for ActivateHttpClient.
     * @param context - Context referencing the calling Activity, for creation of
     * the socket factory.
     * @param params - HttpParams passed to this, specifically to set timeouts on the
     * connection.
     */
    public ActivateHttpClient(Context context, HttpParams params) {
        this.setParams(params);
    }


    /* (non-Javadoc)
     * @see org.apache.http.impl.client.DefaultHttpClient#createClientConnectionManager()
     * Create references for both http and https schemes, allowing us to attach our custom
     * SSLSocketFactory to either
     */
    @Override
    protected ClientConnectionManager createClientConnectionManager() {
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory
                .getSocketFactory(), 80));
        registry.register(new Scheme("https", newSslSocketFactory(), 443));
        return new SingleClientConnManager(getParams(), registry);
    }

    /**
     * Creation of new SSLSocketFactory, which imports a certificate from
     * a server which self-signs its own certificate.
     * @return
     */
    protected SSLSocketFactory newSslSocketFactory() {
        try {

            //Keystore must be in BKS (Bouncy Castle Keystore)
            KeyStore trusted = KeyStore.getInstance("BKS");

            //Reference to the Keystore
            InputStream in = context.getResources().openRawResource(
                    R.raw.cert);

            //Password to the keystore
            try {
                trusted.load(in, PASSWORD_HERE.toCharArray());
            } finally {
                in.close();
            }

            // Pass the keystore to the SSLSocketFactory. The factory is
            // responsible
            // for the verification of the server certificate.
            SSLSocketFactory sf = new SSLSocketFactory(trusted);

            // Hostname verification from certificate
            // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
            sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
            return sf;

            // return new SSLSocketFactory(trusted);
        } catch (Exception e) {
            e.printStackTrace();
            throw new AssertionError(e);
        }
    }

}

并且可以按照以下方式调用:

HttpParams params = new BasicHttpParams();

    // Set the timeout in milliseconds until a connection is established.
    int timeoutConnection = 500;
    HttpConnectionParams.setConnectionTimeout( params , timeoutConnection );

    // Set the default socket timeout (SO_TIMEOUT)
    // in milliseconds which is the timeout for waiting for data.
    int timeoutSocket = 1000;
    HttpConnectionParams.setSoTimeout( params , timeoutSocket );
            //ADD more connection options here!

    String url =
            "https:// URL STRING HERE";
    HttpGet get = new HttpGet( url );

    ActivateHttpClient client =
            new ActivateHttpClient( this.context, params );



    // Try to execute the HttpGet, throwing errors
    // if no response is received, or if there is
    // an error in the execution.
    HTTPResponse response = client.execute( get );
1
我尝试了一下,在我的代码中创建SSLSocketFactory后添加了你提到的那行代码:socketFactory = new SSLSocketFactory(keyStore);。然而,这似乎没有改变任何东西。当我尝试调用client.execute(request)时,仍然会收到“SSLPeerUnverifiedException: No Peer Certificate”错误。 - Kevek
1

既然人们仍在参考和投票这个问题,我将发布更新的答案。由于 Android 4.0 以来有些东西已经改变,因此我不得不多次更改套接字工厂代码。

// Trust manager / truststore
KeyStore trustStore=KeyStore.getInstance(KeyStore.getDefaultType());

// If we're on an OS version prior to Ice Cream Sandwich (4.0) then use the standard way to get the system
//   trustStore -- System.getProperty() else we need to use the special name to get the trustStore KeyStore
//   instance as they changed their trustStore implementation.
if (Build.VERSION.RELEASE.compareTo("4.0") < 0) {
    TrustManagerFactory trustManagerFactory=TrustManagerFactory
        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    FileInputStream trustStoreStream=new FileInputStream(System.getProperty("javax.net.ssl.trustStore"));
    trustStore.load(trustStoreStream, null);
    trustManagerFactory.init(trustStore);
    trustStoreStream.close();
} else {
    trustStore=KeyStore.getInstance("AndroidCAStore");
}

InputStream certificateStream=new FileInputStream(userCertFile);
KeyStore keyStore=KeyStore.getInstance("PKCS12");
try {
    keyStore.load(certificateStream, certPass.toCharArray());
    Enumeration<String> aliases=keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias=aliases.nextElement();
        if (keyStore.getCertificate(alias).getType().equals("X.509")) {
            X509Certificate cert=(X509Certificate)keyStore.getCertificate(alias);
            if (new Date().after(cert.getNotAfter())) {
                // This certificate has expired
                return;
            }
        }
    }
} catch (IOException ioe) {
    // This occurs when there is an incorrect password for the certificate
    return;
} finally {
    certificateStream.close();
}

KeyManagerFactory keyManagerFactory=KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, certPass.toCharArray());

socketFactory=new SSLSocketFactory(keyStore, certPass, trustStore);

希望这能帮助未来仍然来到这里的任何人。
1
谢谢提供的信息,但我认为这是一种冗长的方式,因为我已经通过调用SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), null, null);client.setSslSocketFactory(sslContext.getSocketFactory());(我的问题是我将错误的私钥加载到了KeyStore中)在几天前使其工作而不需要trustKeyStore。 - Burak Tamtürk
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接