Hi, Thanks for the reply.
I have used SSLContext.init and passed my keystoreManager to it. My keystoreManager is initalized with the client certificate. But checkclientcertificates are not getting called. Actually, i wanted to accept whatever certificates server is sending and pass my client certificates with every request so that SSO could be achieved. If client certificates are not passed, i do get the response but it asks for the credentials whjich i don't want. Any link or help is highly appreciated. Thanks, Shreya On Aug 11, 10:41 pm, Brian Carlstrom <[email protected]> wrote: > On Thu, Aug 11, 2011 at 1:41 AM, Shreya <[email protected]> wrote: > > Does that means - Keymanager has to be created manually by reading the > > bks file from raw resource. > > You can write your own X509KeyManager however you like. its an interface. > But yes, the one generated via the KeyManagerFactory is created via a > KeyStore. Again, it doesn't have to be a BKS KeyStore, you can provide an > PKCS#12 one, or one of your own creation. > > Or is it possible to read the installed certificates from data/misc/ > > > keysotre > > It's not possible for apps to read those files, they are only readable by > the keystore UID. There are public feature requests in the issue database > about opening this up. > > > I have tried reading the keystore from raw resource and created the > > derived classes from SocketFactory and X509TrustManager. > > But in my case, checkClientTrusted of the custom X509TrustManager is > > not getting called at all. Only checkServerTrusted is getting called. > > An X509TrustManager is for the local end to indentify the CA certs that it > accepts as issuers for the server certificate. Do you have an X509KeyManager > to provide the local end a cert and private key to use to identify itself to > the peer? > > > Please suggest what could be done so that checkClientTrusted also > > gets called. > > You'll need to use SSLContext.init with your KeyManager and talk to a server > that is requesting client certificates. > > Again, none of this is Android specific. > > -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
