Re: [android-security-discuss] access certificates installed from SD card on OS < level 14

Wed, 29 Aug 2012 19:34:51 -0700 

Brian,
Thanks for the reply.

I am now creating a BKS keystore with Portecle. And passing the keystore to 
the Apache httpclient by:

      SSLSocketFactory sslFactory = new SSLSocketFactory(keyStore);
      _httpclient.getConnectionManager().getSchemeRegistry().register(new 
Scheme("https", sslFactory, 443));

But when I still got the 403 when accessing the PKI enabled services.

My questions: 
1. Does the default SSLSocketFactory support PKI?  
2. Do you know if there are any document/samples on how to access PKI 
secured services through apache httpclient on Android? (my target OS is >=8)

Thanks in advance.

S.

On Tuesday, August 28, 2012 7:08:08 PM UTC-7, Brian Carlstrom wrote:
>
> No, there is no way, even with private APIs, for a user application to 
> access certificates before the KeyChain API. They were previously only 
> accessible by system user by VPN and WiFi. 
>
> Apps can of course use certificates within their own process. For an 
> example, see the X509TrustManager and X509KeyManager (usage example at 
>
> http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html) 
>
>
> -bri 
>
> On Tue, Aug 28, 2012 at 6:39 PM, Shu Sang <[email protected] <javascript:>> 
> wrote: 
> > I try to access PKI secured services on Android using Java. Certificates 
> were installed on devices through settings->location & security ->Install 
> from SD card. 
> > 
> > Seems like on ICS, certificates are shared under 
> /system/etc/security/cacerts while on GingerBread they are in a keystore: 
> /system/etc/security/cacerts.bks. 
> > 
> > On ICS I found the KeyChain can read all the installed certificates, so 
> my question is: 
> > 
> > Is there a way to access certificates installed from SD card on OS < 
> level 14? 
> > 
> > or 
> > 
> > If there is a unified way to access certificates installed from SD card 
> on OS >= level 8? 
> > 
> > Thanks. 
> > 
> > -- 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/android-security-discuss/-/h_xysuv9S00J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/android-security-discuss?hl=en.

Reply via email to