Hi All,
I want client authentication on my server. I want to trust peer certificate
based on user's confirmation. So for that first time i want to trust all
received cert, but at this point itself I am getting excpetion in
getPeerCertificate as SSLPeerUnVerified. I tried adding handshakecompleted
listener but it is not getting invoked..I have already added code
setWantClientAuth(true).
*I have used BKS keystore not JKS, and In standard Java same code works
perfectly fine, It is only specific to android. Can Android Security team
provide some details about this issue ?*
Here is my server code,
* KeyStore keyStore = KeyStore.getInstance("BKS");*
keyStore.load(new FileInputStream(KEYSTORE_FILE, KEYSTORE_PASSWORD);
String sslKeyManagerFactoryAlgorithm =
(Security.getProperty("ssl.KeyManagerFactory.algorithm")==null?"SunX509":Security.getProperty("ssl.KeyManagerFactory.algorithm"));
// cert algorithm
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(sslKeyManagerFactoryAlgorithm);
keyManagerFactory.init(keyStore,KEYSTORE_PASSWORD);
keyManagers = keyManagerFactory.getKeyManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagers, trustAllCerts, null);
SSLServerSocketFactory sslserversocketfactory =
context.getServerSocketFactory();
SSLServerSocket sslserversocket = (SSLServerSocket)
sslserversocketfactory.createServerSocket(SERVER_PORT);
Log.d(TAG,"Want Client Auth");
sslserversocket.setWantClientAuth(true);
Log.d(TAG,"Need Client Auth");
sslserversocket.setNeedClientAuth(true);
mSslsocket = (SSLSocket) sslserversocket.accept();
//Log.d(TAG,"not Starting Handshake completed listener");
//mSslsocket.addHandshakeCompletedListener(new MyHandshakeListener());
//mSslsocket.startHandshake();
mSslSession = mSslsocket.getSession();
java.security.cert.Certificate[] localcerts =
mSslSession.getLocalCertificates();
Log.d(TAG,"localcerts SHA1 Thumbprint="*
MsgDigest.getThumbprint((X509Certificate)localcerts[0],"SHA1"));
if(mSslsocket.getNeedClientAuth() == true) {
Log.d(TAG,"Client Authenticated.\nPeer Certificates are ");
java.security.cert.Certificate[] clientcerts =
mSslSession.getPeerCertificates();
}
else {
Log.d(TAG,"Client is not authenticated.");
}
My TrustAllCertificate Manager code is as follows, out of which only
checkClientTrusted() is called twice, not getAcceptedIssuers().
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
Log.d(TAG,"getAcceptedIssuers");
return new X509Certificate[0];
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
Log.d(TAG,"checkClientTrusted"+certs.length*" authtype"*authType);
for (int i = 0; i < certs.length; i+*) {
Log.d(TAG,"Certificate ["* i* "] =>"+certs[i].toString());
}
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
Log.d(TAG,"checkServerTrusted certs count"+certs.length);
}
I am stuck on this problem for last 2 days, can someone please help me in
getting this working.
Thanks in advance
Abhay
--
To unsubscribe, reply using "remove me" as the subject.
