You can check the code of K9 Mail. It's open source. I am sure you will get some info from there.
Thanks and Regards, Kumar Bibek On Apr 8, 12:51 pm, swapnil kamble <[email protected]> wrote: > Hi All, > I want client authentication on my server. I want to trust peer certificate > based on user's confirmation. So for that first time i want to trust all > received cert, but at this point itself I am getting excpetion in > getPeerCertificate as SSLPeerUnVerified. I tried adding handshakecompleted > listener but it is not getting invoked..I have already added code > setWantClientAuth(true). > > I have used BKS keystore not JKS, and In standard Java same code works > perfectly fine. > > Here is my server code, > * KeyStore keyStore = KeyStore.getInstance("BKS");* > keyStore.load(new FileInputStream(KEYSTORE_FILE, KEYSTORE_PASSWORD); > > String sslKeyManagerFactoryAlgorithm = > (Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm")); > // cert algorithm > KeyManagerFactory keyManagerFactory = > KeyManagerFactory.getInstance(sslKeyManagerFactoryAlgorithm); > keyManagerFactory.init(keyStore,KEYSTORE_PASSWORD); > keyManagers = keyManagerFactory.getKeyManagers(); > > SSLContext context = SSLContext.getInstance("TLS"); > > context.init(keyManagers, trustAllCerts, null); > > SSLServerSocketFactory sslserversocketfactory = > context.getServerSocketFactory(); > SSLServerSocket sslserversocket = (SSLServerSocket) > sslserversocketfactory.createServerSocket(SERVER_PORT); > Log.d(TAG,"Want Client Auth"); > sslserversocket.setWantClientAuth(true); > Log.d(TAG,"Need Client Auth"); > sslserversocket.setNeedClientAuth(true); > mSslsocket = (SSLSocket) sslserversocket.accept(); > //Log.d(TAG,"not Starting Handshake completed listener"); > //mSslsocket.addHandshakeCompletedListener(new MyHandshakeListener()); > //mSslsocket.startHandshake(); > > mSslSession = mSslsocket.getSession(); > > java.security.cert.Certificate[] localcerts = > mSslSession.getLocalCertificates(); > > Log.d(TAG,"localcerts SHA1 Thumbprint="* > MsgDigest.getThumbprint((X509Certificate)localcerts[0],"SHA1")); > > if(mSslsocket.getNeedClientAuth() == true) { > Log.d(TAG,"Client Authenticated.\nPeer Certificates are "); > java.security.cert.Certificate[] clientcerts = > mSslSession.getPeerCertificates(); > > } > > else { > Log.d(TAG,"Client is not authenticated."); > > } > > My TrustAllCertificate Manager code is as follows, out of which only > checkClientTrusted() is called twice, not getAcceptedIssuers(). > > private TrustManager[] trustAllCerts = new TrustManager[] { > new X509TrustManager() { > > public java.security.cert.X509Certificate[] getAcceptedIssuers() { > Log.d(TAG,"getAcceptedIssuers"); > return new X509Certificate[0]; > > } > > public void checkClientTrusted(java.security.cert.X509Certificate[] certs, > String authType) { > Log.d(TAG,"checkClientTrusted"+certs.length*" authtype"*authType); > for (int i = 0; i < certs.length; i+*) { > Log.d(TAG,"Certificate ["* i* "] =>"+certs[i].toString()); > > } > } > > public void checkServerTrusted(java.security.cert.X509Certificate[] certs, > String authType) { > Log.d(TAG,"checkServerTrusted certs count"+certs.length); > > } > > I am stuck on this problem for last 2 days, can someone please help me in > getting this working. > > || Hare Krishna Hare Krishna Krishna Krishna Hare Hare || > || Hare Rama Hare Rama Rama Rama Hare Hare || -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en To unsubscribe, reply using "remove me" as the subject.
