linux下用公钥,私钥创建Android bks证书
2016-02-26 15:37
555 查看
bks证书一般用于在android的应用https协议,有两种情形,
1. android上做客户端和https server 通信
2. android上做服务端创建一个https server,
3.
而https 需要bks证书文件支持
b. 确保公钥,私钥文件,bcprov-jdk16-141.jar 在同一个目录下
c. 用公钥,私钥文件生成p12格式的证书文件
d. 把p12正式转换为bks证书
e. 验证bks文件
公钥 my_public.crt, 私钥 my_private.key是根据证书颁发机构颁发的证书做为根证书签发的
java代码调用
1. android上做客户端和https server 通信
2. android上做服务端创建一个https server,
3.
而https 需要bks证书文件支持
步骤:
a. Install jdk and set JAVA_HOME, ensure ‘keytool’ in PATH environment.jerome1984@cws15]$ which keytool /opt/jdk/bin/keytool jerome1984@cws15]$ echo $JAVA_HOME /opt/jdk
b. 确保公钥,私钥文件,bcprov-jdk16-141.jar 在同一个目录下
c. 用公钥,私钥文件生成p12格式的证书文件
jerome1984@cws15]$ openssl pkcs12 -export -in my_public.crt -inkey my_private.key -out my_tmp.p12 -name plum_file <--别名 Enter Export Password: chengdu <-- .p12 password Verifying - Enter Export Password: chengdu
d. 把p12正式转换为bks证书
jerome1984@cws15]$ keytool -importkeystore -srckeystore my_tmp.p12 -srcstoretype pkcs12 -destkeystore my_final.bks -deststoretype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar Enter destination keystore password: mypassword <-- bks password, private key password Re-enter new password: Enter source keystore password: chengdu <-- above .p12 password, keystore file's password Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
e. 验证bks文件
keytool -list -keystore my_final.bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar -storetype BKS -storepass chengdu Keystore type: BKS Keystore provider: BC Your keystore contains 1 entry 1, May 14, 2015, PrivateKeyEntry, Certificate fingerprint (SHA1): CF:F5:CB:C6:1E:AE:5C:39:34:25:62:25:55:24:6E:76:AF:9A:7F:D2
公钥 my_public.crt, 私钥 my_private.key是根据证书颁发机构颁发的证书做为根证书签发的
java代码调用
public void setSSLContext() { char[] password = Config.sCertFilePwd.toCharArray(); //chengdu char[] privateKeyPwd = Config.sCertPrivateKeyPwd.toCharArray(); //mypassword InputStream is = null; KeyStore ks = null; try { ks = KeyStore.getInstance("BKS"); is = NanoHttpServer.class.getClassLoader().getResourceAsStream(Config.sCertFilePath); // FileInputStream fis = new FileInputStream("assets/my_final.bks"); //viacube_server.keystore mykey ks.load(is, password); Key k = ks.getKey("plum_file", privateKeyPwd); if (k != null) { LogHelper.d(TAG, "k.getAlgorithm() = " + k.getAlgorithm()); } else { LogHelper.d(TAG, "no private key for this android https server"); } // setup the key manager factory KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, privateKeyPwd); SSLServerSocketFactory sf = NanoHTTPD.makeSSLSocketFactory(ks, kmf); makeSecure(sf); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } }
相关文章推荐
- Go语言学习笔记(一):Linux下的安装与配置
- (七)利用processing绘制不同格式的字体
- Centos yum源更新为阿里云
- (八)利用processing实现类似吃豆人的运行效果
- [Centos] Centos 7笔记
- linux设备驱动归纳总结(十二):简单的数码相框
- centos or rhel puppet 安装
- linux 安装中文包
- linux 安装中文包
- Linux 启动流程即init程序分析--2
- Linux LVM工具(VG和LV)
- Linux 启动流程即init程序分析--1
- linux优化
- Kali-Linux下创建一个钓鱼WiFi热点
- linux ldconfig
- linux设备驱动归纳总结(十一):写个简单的看门狗驱动
- linux基本运维命令
- linux设备驱动归纳总结(十):1.udev&misc
- centos下安装composer
- linux 绑定网卡主备切换