0

There are a lot of examples how to deal with an p12 certificate to use it in an App for client authentication. e.g.:

  InputStream is = context.getResources().openRawResource(R.raw.client_cert);
  Base64InputStream b64is = new Base64InputStream(is, Base64.DEFAULT);

  char[] tableauCertPassword = certPassword.toCharArray();

  // Import PKCS12 in KeyStore
  KeyStore appKeyStore = KeyStore.getInstance("PKCS12");
  appKeyStore.load(b64is, tableauCertPassword);
  is.close();
  b64is.close();

  // lnit keyManagerFactory with Client Certificate's keyStore 
  KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
  keyManagerFactory.init(appKeyStore, tableauCertPassword);
  KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

  SSLContext sslContext = SSLContext.getInstance("TLS");
  sslContext.init(keyManagers, tmf.getTrustManagers(), null);

But I don't want to store my client certificate within the app in the raw directory, right?

The P12 will be provided during the provisioning in the KeyStore of Android, right?

So how I can use the p12 certificate which is stored in KeyStore.getInstance("AndroidKeyStore"), to do an ok http call within client certificate.

Santanu Sur
  • 10,997
  • 7
  • 33
  • 52
deadpoint
  • 433
  • 3
  • 17
  • Does this answer your question? [Import .p12-file into AndroidKeyStore](https://stackoverflow.com/questions/31713011/import-p12-file-into-androidkeystore) – Robert Nov 14 '19 at 13:21
  • The question "how to use this with Okhttp3" I would recommend to move this into a separate question. – Robert Nov 14 '19 at 13:22
  • No the question is how I can use it after importing into AndroidKeyStore. Because I have to init the KeyManagerFactory with an KeyStore. And in all examples they KeyStore is build within a file in the raw directory – deadpoint Nov 14 '19 at 15:58
  • Have you considered this [question+answer](https://stackoverflow.com/questions/55692965/use-hardware-backed-keys-in-sslcontext)? – Robert Nov 14 '19 at 16:02

0 Answers0