java客户端证书未从安卓发送到ssl服务器
下面是我用来创建保存我的证书颁发机构的公共证书的信任库的代码。我正在创建另一个密钥库来保存“客户端证书”,这是我根据证书签名请求创建并由我提到的CA签名的证书。由于某种原因,当我打电话给sslCertSocketFactory时。createSocket(),我将引发一个异常:
SSL failure: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake terminated: ssl=0x7780ef60: Failure in SSL library, usually a protocol error
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure (external/openssl/ssl/s3_pkt.c:1256 0x77829d10:0x00000003)
在服务器端,我得到以下信息:
SSL alert (write): fatal: handshake failure
2014.07.01 15:56:46 LOG3[7121:4413599744]: SSL_accept: 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
我做错了什么?如何确保socket工厂将证书推送到我在localKeystore中指定的服务器
// Load my CA's public cert from an InputStream
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(cafile);
Certificate ca = null;
try {
ca = cf.generateCertificate(caInput);
} catch(Exception e) {
Log.d(" Problem creating the CA cert: " + e.toString());
}
finally {
caInput.close();
}
//sets this CA cert set as a KeyStore.TrustedCertificateEntry in the keystore.
certManagerCA.trustCertificate((X509Certificate) ca);
KeyStore keyStoreCA = certManagerCA.sslKeystore;
tmf = TrustManagerFactory.getInstance("X509");
tmf.init(keyStoreCA);
localKeystore = KeyStore.getInstance("BKS");
try {
//clientBKS is a bouncy castle keystore made with portecle from a public/private keypair signed by the CA I impored above
localKeystore.load(clientBKS, "password".toCharArray());
}
finally {
clientBKS.close();
}
// Build a KeyManager for Client auth
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(localKeystore, keyPass.toCharArray());
//at this point I can iterate over the localKeyStore aliases and it ONLY has my cert in it.
sslCertSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(100000);
sslCertSocketFactory.setKeyManagers(kmf.getKeyManagers());
sslCertSocketFactory.setTrustManagers(tmf.getTrustManagers());
Socket test = sslCertSocketFactory.createSocket("10.22.1.100", 443);
共 (0) 个答案