android读取keystore证书文件

需要把关键信息存在keystore证书文件中，但是java本身支持的keystore是jks的，而android不支持jks，只支持bks的，那么就需要将jks类型的证书转换成bks类型的，然后使用android支持的方式去读取证书内容。

android不支持jks如下说明，见stack说明：

http://stackoverflow.com/questions/9312193/does-android-support-jks-keystore-type

例如如下说明：

问题：

I am trying to connect to server using keystore which is provided by server team.While sending service call to server first i created KeyStore Instance by using following apiKeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());It’s returning the keystore type as “BKS”.The Keystore what server team sent is of type “.jks”(somename.jks) So, I am getting exception “Wrong version of key store”.I tried by passing “JKS” to getInstance() of KeyStore by following wayKeyStore keystore = KeyStore.getInstance("JKS");       But here I am getting exception “KeyStore JKS implementation not found”.Here is the piece of code:KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());InputStream instream = mContext.getAssets().open("somename.jks");try {    trustStore.load(instream, "password".toCharArray());} finally {    try {       instream.close();    } catch(Exception ignore) {    }}Please guide me to solve this problem

回答见下：

I think Android support 'only' BouncyCastle KeyStores (known as BKS)... You still can use PortecleTo convert it from JKS to BKS, should work like a charm (at least it worked for me when trying to store my .CRT into a BKS format ! ;)'only' meaning, easily here :p, else you'll have to manipulate stuffs

需要转换的工具是Portecle

下载地址为

http://download.csdn.net/download/buxin_2008/4203250

使用方式见下：

http://ssl.chinassl.com/post/1cbcfb77_3b8d5cd

使用其实就是打开已有的keystore文件，然后修改jks为bks，然后重新保存证书就可以了，

最后使用的android读取证书的方式如下：

  try {  String password  = "xxxa";  AssetManager asset = this.getResources().getAssets();    InputStream ceris = asset.open("zlex.keystore");//     FileInputStream is = new FileInputStream(keyStorePath);       //KeyStore.getInstance(KeyStore.getDefaultType());         KeyStore ks = KeyStore.getInstance("BKS");           ks.load(ceris, password.toCharArray());           ceris.close();         String alias = "xxxb";    RSAPrivateKey privateKey = (RSAPrivateKey) ks.getKey(alias, password.toCharArray());    System.out.println("私钥="+Base64.encode(privateKey.getEncoded()));          //-----------------------------------------------------------        CertificateFactory certificateFactory = CertificateFactory                  .getInstance("X509");          InputStream keyis = asset.open("zlex.cer");//        FileInputStream in = new FileInputStream(certificatePath);            Certificate certificate = certificateFactory.generateCertificate(keyis);          keyis.close();          RSAPublicKey publicKey = (RSAPublicKey)certificate.getPublicKey();        System.out.println("公钥="+Base64.encode(publicKey.getEncoded()));} catch (KeyStoreException e1) {// TODO Auto-generated catch blocke1.printStackTrace();} catch (IOException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (NoSuchAlgorithmException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (CertificateException e) {// TODO Auto-generated catch blocke.printStackTrace();} catch (UnrecoverableEntryException e) {// TODO Auto-generated catch blocke.printStackTrace();}

其中xxxa为证书密码，xxxb为证书别名

这里需要将keystore文件，cer文件保存在assets中，如果保存在其他地方，请修改为相应目录，修改相应读取方式。

更多相关文章

随机推荐