在我的情况下以编程方式安装X509证书

本文介绍了在我的情况下以编程方式安装X509证书的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在开发一个Android项目.我有一个PEM证书字符串:

I am developing an Android project. I have a PEM certificate string:

-----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y ...MANY LINES... It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX -----END CERTIFICATE-----

(我在证书字符串上方分配了一个名为CERT_STR的变量)

(I assigned above certificate string to a variable named CERT_STR)

我将上述PEM字符串转换为X509证书，方法是:

I convert above PEM string to X509Certificate by:

byte[] certBytes = CERT_STR.getBytes(); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); InputStream certIs = new ByteArrayInputStream(certBytes); // now I get the X509 certificate from the PEM string X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(certIs);

然后，我尝试通过以下方式以编程方式安装证书:

Then, I try to install the certificate programmatically by:

Intent intent = KeyChain.createInstallIntent(); // because my PEM only contains a certificate, no private key, so I use EXTRA_CERTIFICATE intent.putExtra(KeyChain.EXTRA_CERTIFICATE, certificate.getEncoded()); intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); context.startActivity(intent);

运行我的应用程序时，我会看到弹出系统对话框，提示正在提取..."，我知道系统正在提取我的证书，但是该对话框始终在其中显示 ，显示正在提取" ...".

When I run my app, I see system dialog pops up saying "Extracting..." , I know system is extracting my certificate, but that dialog is showing there all the time saying "Extracting...".

为什么?我在哪里安装证书的代码错了?

Why? Where am I wrong in my code to install the certificate?

推荐答案

您可能没有使用正确创建的X509证书.按照以下步骤进行操作后，我没有看到任何正在提取..."对话框(Nexus 5X，Android 7.0):

You are probably not using properly created X509 certificate. Following worked on my end and I did not see any "Extracting..." dialog (Nexus 5X, Android 7.0):

String x509cert = "-----BEGIN CERTIFICATE-----\n" + "MIICrjCCAhegAwIBAgIJAO9T3E+oW38mMA0GCSqGSIb3DQEBCwUAMHAxCzAJBgNV\n" + "BAYTAlVaMREwDwYDVQQHDAhUYXNoa2VudDENMAsGA1UECgwERWZpcjEQMA4GA1UE\n" + "CwwHSVQgZGVwdDEQMA4GA1UEAwwHZWZpci51ejEbMBkGCSqGSIb3DQEJARYMaG9z\n" + "dEBlZmlyLnV6MB4XDTE2MTExMDA4MjIzMFoXDTE2MTIxMDA4MjIzMFowcDELMAkG\n" + "A1UEBhMCVVoxETAPBgNVBAcMCFRhc2hrZW50MQ0wCwYDVQQKDARFZmlyMRAwDgYD\n" + "VQQLDAdJVCBkZXB0MRAwDgYDVQQDDAdlZmlyLnV6MRswGQYJKoZIhvcNAQkBFgxo\n" + "b3N0QGVmaXIudXowgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL60mG0Gpl7s\n" + "3qMnZcURB1xk5Qen6FN0+AJB5Z/WHA50n1MUkXNY28rkEYupkxpfEqR+/gXgBUAm\n" + "FACA3GSdoHMMY1kdeAzxsYbBEbtGKHICF/QFGTqScWmI6uBUwzsLDLv1ELef/zEY\n" + "Ru/krXtNh8ZNYyfwVKyZaB9+3M2yOqATAgMBAAGjUDBOMB0GA1UdDgQWBBS1nH3O\n" + "ecLDrIZLZ/f1WsNL/xtuEzAfBgNVHSMEGDAWgBS1nH3OecLDrIZLZ/f1WsNL/xtu\n" + "EzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAGzjJnXODvF9UHBKHAUF\n" + "kzisr78Og5BrKyAgdnjH196Jg4MO7RNJdQAmuAIk9aBB/jvAiznhhbcD3mYImH+h\n" + "F0Scewk5m736ydGhkcUpmxA5ye1hajjs9V7PQD2O4a8rNJSlJjiWRWSqxTfH79Ns\n" + "B7x2HND9LU/iz02ugGJ8vwg8\n" + "-----END CERTIFICATE-----\n"; Intent intent = KeyChain.createInstallIntent(); intent.putExtra(KeyChain.EXTRA_CERTIFICATE, x509cert.getBytes()); startActivity(intent);

要生成上述证书，我使用了以下步骤(基于为SSO ):

To generate the above certificate, I used the following steps (based on Generating Keys and Certificates for SSO):

$ openssl genrsa -out rsaprivkey.pem 1024 $ openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem $ ls rsacert.pem rsaprivkey.pem

然后我只需将输出从cat rsacert.pem复制/粘贴到x509cert.

Then I simply copy/pasted the output from cat rsacert.pem to x509cert.

希望这会有所帮助.