无声安装PFX到Android系统可信CA用户密钥库
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了无声安装PFX到Android系统可信CA用户密钥库相关的知识,希望对你有一定的参考价值。
我的公司正在使用android平板电脑开发一个信息亭。我们正在使用TLS与私人服务器进行通信。我们有平台密钥来为我们的客户提供应用程序系统权限。如果客户端使用授权的客户端证书进行连接,则服务器将仅允许客户端连接。为了制造平板电脑,我们需要将PFX格式的客户端证书和私钥加载到Android系统可信CA用户密钥库中。多个应用程序需要从User密钥库中检索PrivateKey和Certificate链。我们的制造过程是一个自动化过程,没有人可以单击是和确定屏幕提示。我们还需要静默证书安装过程,以便在将来过期时替换客户端证书。
如何在没有用户交互的情况下从平台签名应用程序中静默加载PFX文件到系统可信CA用户存储?
答案
这仅适用于企业wifi配置。以下方法将使用CA证书和用户证书配置WPA / EAP-TLS wifi配置。
public static void createEapConfig(Context context, String ssid, String password, boolean connectAutomatically, boolean hiddenNetwork, Integer eapMethod, Integer phase2, String identity, String anonymousIdentity, String caCertificateData, String clientCertificateData, String clientCertPass) { if (ssid == null || eapMethod == null) { return; } WifiManager wifiManager = (WifiManager) context.getSystemService(Context.WIFI_SERVICE); boolean connect = connectAutomatically; boolean isWifiReceiverRegistered = false; try { Logger.logEnteringOld(); WifiConfiguration config = new WifiConfiguration(); config.SSID = """ + ssid + """; config.hiddenSSID = hiddenNetwork;//false; //hidden network is always set to false. config.status = WifiConfiguration.Status.ENABLED; config.priority = 40; try { wifiManager.getClass().getMethod("setWifiApEnabled", WifiConfiguration.class, boolean.class).invoke(wifiManager, config, false); } catch (Exception e) { Logger.logError(e); } Settings.isWifiHotspotEnabled(false); if (!wifiManager.isWifiEnabled()) { wifiManager.setWifiEnabled(true); Thread.sleep(5000); } if (connect) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); wifiManager.disableNetwork(lastActNetId); wifiManager.disconnect(); } config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.WPA_EAP); config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.IEEE8021X); // Set defaults if (phase2 == null) phase2 = WifiEnterpriseConfig.Phase2.NONE; if (identity == null) identity = ""; if (anonymousIdentity == null) anonymousIdentity = ""; if (caCertificateData == null) caCertificateData = ""; if (clientCertificateData == null) clientCertificateData = ""; if (Build.VERSION.SDK_INT >= 18) { if (Util.isNullOrEmpty(password)) { config.enterpriseConfig.setPassword(password); } config.enterpriseConfig.setEapMethod(eapMethod); if (phase2 != null) { config.enterpriseConfig.setPhase2Method(phase2); } if (!Util.isNullOrEmpty(identity)) { config.enterpriseConfig.setIdentity(identity); } if (!Util.isNullOrEmpty(anonymousIdentity)) { config.enterpriseConfig.setAnonymousIdentity(anonymousIdentity); } InputStream is = null; if (!Util.isNullOrEmpty(caCertificateData)) { try { byte[] decodedCaCert = Base64.decode(caCertificateData); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/local-root(1).cer" ); CertificateFactory cf = CertificateFactory.getInstance("X.509"); try { is = new ByteArrayInputStream(decodedCaCert); X509Certificate caCert = (X509Certificate) cf.generateCertificate(is); config.enterpriseConfig.setCaCertificate(caCert); } catch (CertificateException ex) { Logger.logError(ex); } finally { if (is != null) { is.close(); } } } catch (Throwable t) { Logger.logError(t); } } if (!Util.isNullOrEmpty(clientCertificateData) && !Util.isNullOrEmpty(clientCertPass)) { try { byte[] decodedClientCert = Base64.decode(clientCertificateData); KeyStore p12 = KeyStore.getInstance("pkcs12"); is = new ByteArrayInputStream(decodedClientCert); //is = new FileInputStream(Environment.getExternalStorageDirectory()+"/createdDERCert(1).pfx"); p12.load(is, clientCertPass.toCharArray()); Enumeration aliases = p12.aliases(); for (String alias : Collections.list(aliases)) { if (alias == null) { continue; } PrivateKey privateKey = (PrivateKey) p12.getKey(alias, clientCertPass.toCharArray()); if (privateKey == null) { continue; } X509Certificate clientCert = (X509Certificate) p12.getCertificate(alias); if (clientCert != null) { config.enterpriseConfig.setClientKeyEntry(privateKey, clientCert); } } } catch (Throwable t) { Logger.logError(t); } finally { if (is != null) { try { is.close(); } catch (IOException e) { e.printStackTrace(); } } } } } int networkId = -1; networkId = wifiManager.addNetwork(config); wifiManager.enableNetwork(networkId, true); wifiManager.saveConfiguration(); if (connect) { wifiManager.reconnect(); IntentFilter filter = new IntentFilter(); filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION); Settings.cntxt.registerReceiver(wifiReceiver, filter); isWifiReceiverRegistered = true; Thread.sleep(15000); } } catch (InterruptedException ie) { if (NetworkStateReceiver.activeConnection(Settings.cntxt)) { lastActNetId = wifiManager.getConnectionInfo().getNetworkId(); } } catch (Exception ex) { Logger.logError(ex); } finally { // unregister wifi state receiver if (connect && isWifiReceiverRegistered) { isWifiReceiverRegistered = false; Settings.cntxt.unregisterReceiver(wifiReceiver); } } Logger.logEnteringOld(); }
以上是关于无声安装PFX到Android系统可信CA用户密钥库的主要内容,如果未能解决你的问题,请参考以下文章
请问Windows系统的平板电脑可以安装pfx格式的数字证书吗?