CertificateException时generateCertificate()
CertificateException时generateCertificate()
提问于 2013-11-11 15:57:35
我正在开发我的android应用程序。我正在尝试从我的证书文件流生成X509Certificate实例,但是获取CertificateException,下面是我的简单代码:
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
...
public class CertMgr {
//my certification file 'mycert.p12' located in my app internal storage
File certFile = GET_CERT();
X509Certificate cert = null;
try {
FileInputStream fis = new FileInputStream(certFile);
BufferedInputStream bis = new BufferedInputStream(fis);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
if(bis.available() > 0){
//I got CertificateException here, see the stack trace
cert = (X509Certificate) cf.generateCertificate(bis); //line nr 150
}
}catch(...)
{...}
...
}堆栈跟踪:
javax.security.cert.CertificateException: org.apache.harmony.security.asn1.ASN1Exception: ASN.1 Sequence: mandatory value is missing at [4]
11-11 17:30:20.731: W/System.err(11529): at javax.security.cert.X509Certificate.getInstance(X509Certificate.java:94)
11-11 17:30:20.731: W/System.err(11529): at javax.security.cert.X509Certificate.getInstance(X509Certificate.java:213)
11-11 17:30:20.731: W/System.err(11529): at com.my.app.CertMgr.getCert(CertMgr.java:150)有人能给我解释一下为什么我会有这个例外吗?
P.S.:这里是我从Android X509Certificate,CertificateFactory中使用的类
如果您对我为什么这么做感到好奇,原因是我希望我的应用程序能够通过以下代码安装证书(mycert.p12)(如果上面的代码工作正常):
Intent installIntent = KeyChain.createInstallIntent();
installIntent.putExtra(KeyChain.EXTRA_CERTIFICATE, cert.getEncoded());
installIntent.putExtra(KeyChain.EXTRA_NAME, MY_CERT);
startActivityForResult(installIntent, INSTALL_KEYCHAIN_CODE);回答 1
Stack Overflow用户
回答已采纳
发布于 2013-11-11 19:13:33
您正在尝试读取PKCS#12数据结构,因为它是X509证书。PKCS#12标准指定了一种数据结构,它可以绑定多个证书和私钥,并可选择地受到密码的保护。
为了读取PKCS#12数据,您需要用一个KeyStore加载它。下面的代码片段显示了如何列出PCKS#12文件的所有条目:
KeyStore keyStore = KeyStore.getInstance("PKCS12");
File p12File = GET_CERT();
FileInputStream fis = new FileInputStream(p12File);
BufferedInputStream bis = new BufferedInputStream(fis);
keyStore.load(bis, password.toCharArray()); // password is the PKCS#12 password. If there is no password, just pass null
Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
/* Do something with the keystore entry */
}KeyStore条目可以是私钥,有或没有关联的证书链(即从根证书到对应于私钥的证书的证书序列),或者可信证书。可以通过KeyStore.isKeyEntry和KeyStore.isCertificateEntry方法确定条目类型。
根据您给出的KeyChain意图,您似乎希望在密钥链中添加一个新的可信根CA证书。因此,我认为您应该列出PKCS#12文件的证书条目。
编辑(2013年11月12日)
如何从密钥存储库获得可信证书:
String alias = aliases.nextElement();
if (keyStore.isCertificateEntry(alias)) { // keep only trusted cert entries
Certificate caCert = keyStore.getCertificate(alias)
byte[] extraCertificate = caCert.getEncoded();
Intent installIntent = KeyChain.createInstallIntent();
installIntent.putExtra(KeyChain.EXTRA_CERTIFICATE, extraCertificate);
installIntent.putExtra(KeyChain.EXTRA_NAME, MY_CERT);
startActivityForResult(installIntent, INSTALL_KEYCHAIN_CODE);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/19910593
复制相关文章
相似问题
腾讯云开发者
