On Thu, Aug 11, 2011 at 1:41 AM, Shreya <[email protected]> wrote:
> Does that means - Keymanager has to be created manually by reading the > bks file from raw resource. > You can write your own X509KeyManager however you like. its an interface. But yes, the one generated via the KeyManagerFactory is created via a KeyStore. Again, it doesn't have to be a BKS KeyStore, you can provide an PKCS#12 one, or one of your own creation. Or is it possible to read the installed certificates from data/misc/ > keysotre > It's not possible for apps to read those files, they are only readable by the keystore UID. There are public feature requests in the issue database about opening this up. > I have tried reading the keystore from raw resource and created the > derived classes from SocketFactory and X509TrustManager. > But in my case, checkClientTrusted of the custom X509TrustManager is > not getting called at all. Only checkServerTrusted is getting called. > An X509TrustManager is for the local end to indentify the CA certs that it accepts as issuers for the server certificate. Do you have an X509KeyManager to provide the local end a cert and private key to use to identify itself to the peer? > Please suggest what could be done so that checkClientTrusted also > gets called. You'll need to use SSLContext.init with your KeyManager and talk to a server that is requesting client certificates. Again, none of this is Android specific. -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
