gpt4 book ai didi

java - 将 PFX 静默安装到 Android 系统受信任的 CA 用户 keystore 中

转载 作者:太空宇宙 更新时间:2023-11-04 11:21:26 26 4
gpt4 key购买 nike

我的公司正在开发一个使用 Android 平板电脑的信息亭。我们使用 TLS 与私有(private)服务器通信。我们拥有平台 key 来授予我们的客户端应用程序系统权限。仅当客户端使用授权的客户端证书进行连接时,服务器才会允许客户端进行连接。为了制造平板电脑,我们需要将 PFX 格式的客户端证书和私钥加载到 Android 系统可信 CA 用户 keystore 中。多个应用程序需要从用户 keystore 检索私钥和证书链。我们的制造过程是一个自动化过程,没有人可以单击"is"和“确定”来屏幕提示。我们还需要静默证书安装过程来替换将来过期的客户端证书。

如何将 PFX 文件从平台签名应用程序静默加载到系统受信任的 CA 用户存储中,无需用户交互?

最佳答案

这仅适用于企业 WiFi 配置。以下方法将使用 CA 证书和用户证书配置 WPA/EAP-TLS wifi 配置。

public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork,                                   Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData,                                   String clientCertificateData, String clientCertPass) {    if (ssid == null || eapMethod == null) {        return;    }    WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE);    boolean connect = connectAutomatically;    boolean isWifiReceiverRegistered = false;    try {        Logger.logEnteringOld();        WifiConfiguration config = new WifiConfiguration();        config.SSID = "\"" + ssid + "\"";        config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false.        config.status = WifiConfiguration.Status.ENABLED;        config.priority = 40;        try {            wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false);        } catch (Exception e) {            Logger.logError(e);        }        Settings.isWifiHotspotEnabled(false);        if (!wifiManager.isWifiEnabled()) {            wifiManager.setWifiEnabled(true);            Thread.sleep(5000);        }        if (connect) {            lastActNetId = wifiManager.getConnectionInfo().getNetworkId();            wifiManager.disableNetwork(lastActNetId);            wifiManager.disconnect();        }        config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP);        config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X);        // Set defaults        if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE;        if (identity == null) identity = "";        if (anonymousIdentity == null) anonymousIdentity = "";        if (caCertificateData == null) caCertificateData = "";        if (clientCertificateData == null) clientCertificateData = "";        if (Build.VERSION.SDK_INT >= 18) {            if (Util.isNullOrEmpty(password)) {                config.enterpriseConfig.setPassword(password);            }            config.enterpriseConfig.setEapMethod(eapMethod);            if (phase2 != null) {                config.enterpriseConfig.setPhase2Method(phase2);            }            if (!Util.isNullOrEmpty(identity)) {                config.enterpriseConfig.setIdentity(identity);            }            if (!Util.isNullOrEmpty(anonymousIdentity)) {                config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity);            }            InputStream is = null;            if (!Util.isNullOrEmpty(caCertificateData)) {                try {                    byte[] decodedCaCert = Base64.decode(caCertificateData);                    //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" );                    CertificateFactory cf = CertificateFactory.getInstance("X.509");                    try {                        is = new ByteArrayInputStream(decodedCaCert);                        X509Certificate caCert = (X509Certificate) cf.generateCertificate(is);                        config.enterpriseConfig.setCaCertificate(caCert);                    } catch (CertificateException ex) {                        Logger.logError(ex);                    } finally {                        if (is != null) {                            is.close();                        }                    }                } catch (Throwable t) {                    Logger.logError(t);                }            }            if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) {                try {                    byte[] decodedClientCert = Base64.decode(clientCertificateData);                    KeyStore p12 = KeyStore.getInstance("pkcs12");                    is = new ByteArrayInputStream(decodedClientCert);                    //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx");                    p12.load(is, clientCertPass.toCharArray());                    Enumeration aliases = p12.aliases();                    for (String alias : Collections.list(aliases)) {                        if (alias == null) {                            continue;                        }                        PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray());                        if (privateKey == null) {                            continue;                        }                        X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias);                        if (clientCert != null) {                            config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert);                        }                    }                } catch (Throwable t) {                    Logger.logError(t);                } finally {                    if (is != null) {                        try {                            is.close();                        } catch (IOException e) {                            e.printStackTrace();                        }                    }                }            }        }        int networkId = -1;        networkId = wifiManager.addNetwork(config);        wifiManager.enableNetwork(networkId, true);        wifiManager.saveConfiguration();        if (connect) {            wifiManager.reconnect();            IntentFilter filter = new IntentFilter();            filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);            Settings.cntxt.registerReceiver(wifiReceiver, filter);            isWifiReceiverRegistered = true;            Thread.sleep(15000);        }    } catch (InterruptedException ie) {        if (NetworkStateReceiver.activeConnection(Settings.cntxt)) {            lastActNetId = wifiManager.getConnectionInfo().getNetworkId();        }    } catch (Exception ex) {        Logger.logError(ex);    } finally {        // unregister wifi state receiver        if (connect && isWifiReceiverRegistered) {            isWifiReceiverRegistered = false;            Settings.cntxt.unregisterReceiver(wifiReceiver);        }    }    Logger.logEnteringOld();}

关于java - 将 PFX 静默安装到 Android 系统受信任的 CA 用户 keystore 中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44860422/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com