0

I am trying to make a connection via my Android client to my server. The server is HTTPS. To make the client connect to the server I used a client.key and client.crt that was signed via the same CA .crt file as the server and converted to a .p12 format. The client is supposed to have the private key and public key. But the client shouldn't have the server private key. The only way to get Android to work is to load in a p12 file from the server into the TrustManagerFactory. But this is not the right way since the private key from the server is inside that file. The TrustManagerFactory doesn't allow me to load in a .crt file.

My question is: How do I load a .crt file into KeyStore instead of the p12 I am using now. Or do I need to use something else then the KeyStore.

Rockernaap
  • 143
  • 1
  • 7
  • Pls read the following to see if it can help you or not http://stackoverflow.com/questions/32969952/android-to-server-communication-using-ssl-with-bouncy-castle/32980130#32980130 – BNK Oct 29 '15 at 13:57
  • @BNK Your answer won't help him because he didn't want to load `.p12` file (because of server private key included in it), he wanted to use pure `.crt`. And there is no information how to create `Keystore` with certificate only so that he can ship that `Keystore` only. – Than Oct 29 '15 at 15:54
  • @Than in my link there are two options: for keystore file and for cert file. – BNK Oct 30 '15 at 00:40

1 Answers1

1

Directly from google dev guide working solution for ya:

// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// From https://www.washington.edu/itconnect/security/ca/load-der.crt
InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));
Certificate ca;
try {
    ca = cf.generateCertificate(caInput);
    System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
    caInput.close();
}

// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);

// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);

// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);

// Tell the URLConnection to use a SocketFactory from our SSLContext
URL url = new URL("https://certs.cac.washington.edu/CAtest/");
HttpsURLConnection urlConnection =
    (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
Than
  • 2,759
  • 1
  • 20
  • 41