将多个SSL证书添加到Android KeyStore不起作用。（来自资源文件）

【字号：大中小】日期：2024-02-28浏览：24作者：雯心

如何解决将多个SSL证书添加到Android KeyStore不起作用。（来自资源文件）？

感谢@Dan Getz，现在可以使用了。

public static SSLContext getSSLContext() throws Exception {if (sslContext==null) { // loading CA from an InputStream InputStream is = AVApplication.getContext().getResources().openRawResource(R.raw.certificates); String certificates = Converter.convertStreamToString(is); String certificateArray[] = certificates.split('-----BEGIN CERTIFICATE-----'); // creating a KeyStore containing our trusted CAs KeyStore ks = KeyStore.getInstance('BKS'); ks.load(null, null); for (int i = 1; i < certificateArray.length; i++) {certificateArray[i] = '-----BEGIN CERTIFICATE-----' + certificateArray[i];//LogAV.d('cert:' + certificateArray[i]);// generate input stream for certificate factoryInputStream stream = IoUtils.toInputStream(certificateArray[i]);// CertificateFactoryCertificateFactory cf = CertificateFactory.getInstance('X.509');// certificateCertificate ca;try { ca = cf.generateCertificate(stream);} finally { is.close();}ks.setCertificateEntry('av-ca' + i, ca); } // TrustManagerFactory String algorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); // Create a TrustManager that trusts the CAs in our KeyStore tmf.init(ks); // Create a SSLContext with the certificate that uses tmf (TrustManager) sslContext = SSLContext.getInstance('TLS'); sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());}return sslContext; }

然后使用SSL上下文：

client = okHttpClient.newBuilder() .sslSocketFactory(getSslContext(context).getSocketFactory()) .build();

固定根CA，我使用的CertificatePinner是OkHttp中的from（！不适用于自签名证书-根CA）：

CertificatePinner = new CertificatePinner.Builder() .add(new URL(url).getHost(), 'sha256/<certificate1 fingerprint [base64]>') .add(new URL(url).getHost(), 'sha256/<certificate2 fingerprint [base64]>') .build();OkHttpClient client; client = okHttpClient.newBuilder().certificatePinner(certificatePinner).build();解决方法

我想从资源文件向Android KeyStore添加多个SSL证书，如下所示：

if (sslContext==null) {// loading CA from an InputStreamInputStream is = AVApplication.getContext().getResources().openRawResource(R.raw.wildcard);String certificates = Converter.convertStreamToString(is);String certificateArray[] = certificates.split('-----BEGIN CERTIFICATE-----');for (int i = 1; i < certificateArray.length; i++) { certificateArray[i] = '-----BEGIN CERTIFICATE-----' + certificateArray[i]; //LogAV.d('cert:' + certificateArray[i]); // generate input stream for certificate factory InputStream stream = IOUtils.toInputStream(certificateArray[i]); // CertificateFactory CertificateFactory cf = CertificateFactory.getInstance('X.509'); // certificate Certificate ca; try {ca = cf.generateCertificate(stream); } finally {is.close(); } // creating a KeyStore containing our trusted CAs KeyStore ks = KeyStore.getInstance('BKS'); ks.load(null,null); ks.setCertificateEntry('av-ca' + i,ca); // TrustManagerFactory String algorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); // Create a TrustManager that trusts the CAs in our KeyStore tmf.init(ks); // Create a SSLContext with the certificate that uses tmf (TrustManager) sslContext = SSLContext.getInstance('TLS'); sslContext.init(null,tmf.getTrustManagers(),new SecureRandom());} } return sslContext;

仅文件的最后一个证书有效！看来证书覆盖了另一个证书。

文件看起来像：

-----BEGIN CERTIFICATE----- cert -----END CERTIFICATE----------BEGIN CERTIFICATE----- cert -----END CERTIFICATE----------BEGIN CERTIFICATE----- cert -----END CERTIFICATE-----

我希望有人能帮助我！:)

上一条：使用Runtime.getRuntime（）。exec从定义的目录中执行文件下一条：IllegalArgumentException：源栅格波段的数量和源色彩空间组件的数量不匹配。对于彩色图像，异常

相关文章：
1. javascript - 关于input="file"，重复选择同一文件时不触发change事件的问题2. 为什么矛那里的 <a href=" " 这地方为什么是空的呢？？3. 为什么总是提示我说Template "movieTemplate" not found，我路径都引对了呀4. <tr valign="top"> 看不懂5. mysql - sphinx查询 "中国" 时也能查询到 "中华人民共和国"6. MySQL"="自动 like7. node.js mysql Cannot find module "net" 和 "tls"和"fs" 的问题8. mysql 使用 join 还是 "," 进行多表查询？？？9. mysql - 使用hibernate连接数据库时,数据库版本过高不支持关键字"type" ；10. solaris基础和常用知识 (2)