This is my first time dealing with certificates in Android and this is what I am trying to do. The server sends the public CA cert, Exchange user certificate and Wifi user certificate to the device. While I am able to use the user certificates, I am still at loss on how to trust the CA certificate. This is only for my app and not the whole phone ( phone is not rooted and app is not system app). I was able to install the CA cert using
Intent intent = KeyChain.createInstallIntent();
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
intent.putExtra( KeyChain.EXTRA_CERTIFICATE, cert.getEncoded() );
intent.putExtra(KeyChain.EXTRA_NAME, "MyCACert");
Now my question is Can I install/trust the CA cert silently programatically ? If yes, how ? If not my other question KeyChain API is only from 4.3 ? How to do the same thing on older versions? I tried to follow the posts at here and here. But all of them all are dealing with overriding the default trustmanager or SSLFactory. I do not understand how it will help with what I am trying to achieve. Please help. Any help/direction will be greatly appreciated.
I also tried this from the links above but I have no idea what they are doing.
TrustManagerFactory tmf;
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null,null);
keyStore.setCertificateEntry("CA", cert);
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
X509Certificate[] chain = new X509Certificate[]{cert};
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
