【无声安装PFX到Android系统可信CA用户密钥库】弱龄寄事外,委怀在琴书。这篇文章主要讲述无声安装PFX到Android系统可信CA用户密钥库相关的知识,希望能为你提供帮助。
我的公司正在使用android平板电脑开发一个信息亭。我们正在使用TLS与私人服务器进行通信。我们有平台密钥来为我们的客户提供应用程序系统权限。如果客户端使用授权的客户端证书进行连接,则服务器将仅允许客户端连接。为了制造平板电脑,我们需要将PFX格式的客户端证书和私钥加载到Android系统可信CA用户密钥库中。多个应用程序需要从User密钥库中检索PrivateKey和Certificate链。我们的制造过程是一个自动化过程,没有人可以单击是和确定屏幕提示。我们还需要静默证书安装过程,以便在将来过期时替换客户端证书。
如何在没有用户交互的情况下从平台签名应用程序中静默加载PFX文件到系统可信CA用户存储?
答案这仅适用于企业wifi配置。以下方法将使用CA证书和用户证书配置WPA / EAP-TLS wifi配置。
public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork, Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData, String clientCertificateData, String clientCertPass) { if (ssid == null || eapMethod == null) { return; } WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE); boolean connect = connectAutomatically; boolean isWifiReceiverRegistered = false; try { Logger.logEnteringOld(); WifiConfiguration config = new WifiConfiguration(); config.SSID = """ + ssid + """; config.hiddenSSID = hiddenNetwork; //false; //hidden network is always set to false. config.status = WifiConfiguration.Status.ENABLED; config.priority = 40; try { wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false); } catch (Exception e) { Logger.logError(e); } Settings.isWifiHotspotEnabled(false); if (!wifiManager.isWifiEnabled()) { wifiManager.setWifiEnabled(true); Thread.sleep(5000); }if (connect) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); wifiManager.disableNetwork(lastActNetId); wifiManager.disconnect(); } config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X); // Set defaults if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE; if (identity == null) identity = ""; if (anonymousIdentity == null) anonymousIdentity = ""; if (caCertificateData =https://www.songbingjia.com/android/= null) caCertificateData =""; if (clientCertificateData =https://www.songbingjia.com/android/= null) clientCertificateData =""; if (Build.VERSION.SDK_INT > = 18) { if (Util.isNullOrEmpty(password)) { config.enterpriseConfig.setPassword(password); }config.enterpriseConfig.setEapMethod(eapMethod); if (phase2 != null) { config.enterpriseConfig.setPhase2Method(phase2); } if (!Util.isNullOrEmpty(identity)) { config.enterpriseConfig.setIdentity(identity); } if (!Util.isNullOrEmpty(anonymousIdentity)) { config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); } InputStream is = null; if (!Util.isNullOrEmpty(caCertificateData)) { try { byte[] decodedCaCert = Base64.decode(caCertificateData); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" ); CertificateFactory cf = CertificateFactory.getInstance("X.509"); try {is = new ByteArrayInputStream(decodedCaCert); X509Certificate caCert = (X509Certificate) cf.generateCertificate(is); config.enterpriseConfig.setCaCertificate(caCert); } catch (CertificateException ex) { Logger.logError(ex); } finally { if (is != null) { is.close(); } } } catch (Throwable t) { Logger.logError(t); } } if (!Util.isNullOrEmpty(clientCertificateData) & & !Util.isNullOrEmpty(clientCertPass)) { try { byte[] decodedClientCert = Base64.decode(clientCertificateData); KeyStore p12 = KeyStore.getInstance("pkcs12"); is = new ByteArrayInputStream(decodedClientCert); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx"); p12.load(is, clientCertPass.toCharArray()); Enumeration aliases = p12.aliases(); for (String alias : Collections.list(aliases)) {if (alias == null) { continue; }PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray()); if (privateKey == null) { continue; }X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias); if (clientCert != null) { config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert); } } } catch (Throwable t) { Logger.logError(t); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } } }int networkId = -1; networkId = wifiManager.addNetwork(config); wifiManager.enableNetwork(networkId, true); wifiManager.saveConfiguration(); if (connect) { wifiManager.reconnect(); IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); Settings.cntxt.registerReceiver(wifiReceiver, filter); isWifiReceiverRegistered = true; Thread.sleep(15000); } } catch (InterruptedException ie) { if (NetworkStateReceiver.activeConnection(Settings.cntxt)) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); } } catch (Exception ex) { Logger.logError(ex); } finally { // unregister wifi state receiver if (connect & & isWifiReceiverRegistered) { isWifiReceiverRegistered = false; Settings.cntxt.unregisterReceiver(wifiReceiver); } }Logger.logEnteringOld(); }
推荐阅读
- 在Android Nougat中使用自签名证书通过https连接时的SSL握手异常
- 在Glassfish Application Server中导入SSL证书
- 改进HTTPS连接无法在Android中运行
- Android(自动选择调试/发布Maps v2 api密钥())
- 用于过滤用例的AppSync DynamoDB解析器
- 将App Engine URL分派给Compute Engine实例
- 我可以在不使用gradle的情况下使用Xamarin.Android中的Android数据绑定库吗(不是MVVM for dotnet)
- 如何在android中获取cognito中的其他用户数据
- 保护REST API以供Android客户端使用