0

I just have created a Java keystore and placed a self signed certificate inside. This keystore loads perfectly on stand alone Java application but not inside Android where it complains about wrong version of keystore.

So it it documented anywhere what is the acceptable version of Keystore for Android? This addresses the issue but in 2011 and using JDK 1.6.

Wrong version of keystore on android call

Is there something special about BouncyCastle? Do we need to use this in particular?

I will use whatever works but just wondering where this crucial piece of information about Android Java security is documented?

Here is my full activity code:

import android.content.res.AssetManager;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;

import com.google.protobuf.ByteString;
import com.test.echo.EchoRequest;
import com.test.echo.EchoResponse;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Arrays;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;


public class MainActivity extends AppCompatActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    testSSLConnection();

    AssetManager am = getAssets();

}

 private void testSSLConnection(){
     System.out.println("Testing SSLConnection ....");
     try{
     echoHttpsTest();
     } catch(Exception e){ }

 }

 private  SSLContext getSSLContext() {
    AssetManager am = getAssets();
    InputStream fis = null;
    try {
         fis = am.open("cacerts.jks");
    } catch (Exception e) {  }



    return null;
 }




    private  SSLContext sslContext(String keystoreFile, String password)
        throws GeneralSecurityException, IOException {
    AssetManager am = getAssets();
    InputStream fis = null;

      KeyStore keystore =   KeyStore.getInstance(KeyStore.getDefaultType());

    try (InputStream in = am.open(keystoreFile)) {
        keystore.load(in, password.toCharArray());
    }
    KeyManagerFactory keyManagerFactory =
               KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keystore, password.toCharArray());

    TrustManagerFactory trustManagerFactory =
            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(
            keyManagerFactory.getKeyManagers(),
            trustManagerFactory.getTrustManagers(),
            new SecureRandom());

    return sslContext;
}

public void echoHttpsTest() throws java.io.IOException {

    Certificate c = null;

    SSLContext sslContext = null;



    try {

        sslContext = sslContext("cacerts.jks", "Password");
    } catch(Exception e) {
        System.out.println("error "+ e.getMessage());
    }



    String message = "hello";

    byte[] zeroByte = {0};

    byte[] messageBytes = EchoRequest
            .newBuilder()
            .setMessage(message)
            .build().getMessageBytes().toByteArray();
    System.out.println("number Bytes: "+messageBytes.length);


 }

}

Steven Smart
  • 495
  • 3
  • 7
  • 22

1 Answers1

0

You have to use of KeyStore class in java.security package. You can get an instance of this class through getInstance function which takes some parameters. The most important parameter is Provider. It is recommended that use Android key store where it is possible (API 18 and above). You can take a look at this link for more information.

No Body
  • 671
  • 5
  • 14