I know this question is discussed in many places, but after I went through almost all of them, I decided to create my first StackOverflow question ...
The problem is this:
I want to connect to a secure web service (https), which uses a certificate to restrict access, as well as a username / password for user authentication. Therefore, I have a client certificate (p12 file) and a server certificate (pem or der file). I am trying to use the HttpURLConnection class, because from what I heard, the Apache library will no longer be supported on Android.
So these are my implementations (serverCert and clientCert are the full path to my files):
// Load CAs from our reference to the file CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = new BufferedInputStream(new FileInputStream(serverCert)); X509Certificate serverCertificate; try { serverCertificate = (X509Certificate)cf.generateCertificate(caInput); System.out.println("ca=" + serverCertificate.getSubjectDN()); } finally { caInput.close(); } Log.d(TAG, "Server Cert: " + serverCertificate); // Create a KeyStore containing our trusted CAs KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null); trustStore.setCertificateEntry("my ca", serverCertificate); //Load the Client certificate in the keystore KeyStore keyStore = KeyStore.getInstance("PKCS12"); FileInputStream fis = new FileInputStream(clientCert); keyStore.load(fis,CLIENT_PASSWORD); // Create a TrustManager that trusts the CAs in our KeyStore TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); //Build the SSL Context KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, pref.getString(Constants.clientCertificatePassword, "").toCharArray ()); //Create the SSL context SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); ... //And later, we use that sslContext to initiatize the socketFactory urlConnection = (HttpsURLConnection) requestedUrl.openConnection(); urlConnection.setSSLSocketFactory(CertificateManager.getInstance().getSslContext().getSocketFactory()); ...
So, I can create my SSLContext and display my two certificates. But when I try to make my HTTPS connection, I get the following exception:
09-23 13: 43: 30.283: W / System.err (19422): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: The trust binding for the certification path was not found.
Have any of you ever encountered the following error? What was your decision?
This is the website I went through (without success):
http://blog.chariotsolutions.com/2013/01/https-with-client-certificates-on.html
http://nelenkov.blogspot.ch/2011/12/using-custom-certificate-trust-store-on.html
android certificate ssl
Theonlyyam
source share