我们有一个 BlackBerry 应用程序,可以访问安全 Web 服务,该服务使用某些 BlackBerry OS5 设备上未安装的 SSL 证书。这会给看到此消息的我们应用程序的用户带来问题。
“您正在尝试打开安全连接,但服务器的证书不受信任。”
我们可以通过这种方法手动安装证书
但这对于我们的客户来说显然不是一个好的解决方案。
有没有办法通过应用程序打包并安装所需的证书?该证书适用于 iOS、Android、IE、Firefox 和 Chrome。
您可以将证书 X509 作为资源包含在代码包中,并将其放入密钥存储中。但用户必须手动进入其证书存储并信任它。如果用户以前没有使用过证书存储,这将产生不幸的副作用,迫使他们在此时选择密码。
以下代码将从 PEM 格式的资源文件中读取证书,但删除了 -----BEGIN/END CERTIFICATE----- 行。我已经使用了这段代码的所有元素,但不是在这个精确的配置中。如果有任何问题,我很乐意尝试解决它们。
该证书不受信任,因此用户必须手动进入设备选项下的证书存储应用程序并“信任”该证书。确保他们了解他们无法撤销证书。如果不擦除并重新安装操作系统,则无法在设备上撤消该操作。唯一的其他选择是重新颁发新证书。
如果有人知道如何解决这些棘手的问题,请告诉我,我将在此代码中包含解决方案,或链接到它现在存在的任何位置。
X509Certificate _x509;
try {
// Get an input stream for the certificate in a resource file
InputStream rs = getClass().getResourceAsStream("/certificate.pem");
// PEM format is Base64 encoded
Base64InputStream b64is = new Base64InputStream(rs);
// Create the X509 certificate
_x509 = new X509Certificate(b64is);
// Clean up.
b64is.close();
rs.close();
// if the certificate is self signed this will perform a
// verfication check. For non-self signed certificates
// one could provide the signer's certificate in another
// resource file and validate it with that public key. Other
// versions of verify will verify it with a certificate in
// a keystore, but then we wouldn't need to do all this.
_x509.verify(_x509.getPublicKey());
System.out.println(_x509.getSubjectFriendlyName());
System.out.println(Integer.toHexString(_x509.hashCode()));
// Add the certificate to the DeviceKeyStore
KeyStore ks = DeviceKeyStore.getInstance();
// Associated data is set to null, but can be used if there is associated
// data known. You can use _x509.getStatus() instead of encoding the GOOD
// constant, but if the device can not find a revokation or validation list
// it will set the status to UNKNOWN which will confuse users. ks.getTicket()
// will prompt the user for permission for the program to access the key store.
// This may also cause the system to ask the user to set a password, unfortunately
// I can't remember, but I don't think it will if there is no private key in the
// certificate.
ks.set(null, _x509.getSubjectFriendlyName(), _x509, CertificateStatus.GOOD,
ks.getTicket() );
} catch (CertificateException ce) {
System.out.println(ce.toString());
} catch (CryptoException crypt) {
System.out.println(crypt);
} catch (IOException ioe) {
System.out.println(ioe.toString());
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
