How can I use the client certificate which storing in AndroidKeyStore at SSL mutual communication?
I use KeyGenParameterSpec to generate keypair:
```
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA,"AndroidKeyStore");
keyPairGenerator.initialize(
new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_SIGN|KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT|KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256,KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
.setCertificateSubject(new X500Principal("C=US"))
.build());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
```
then use the keypair generate a self-signed by my own CA,store it in AndroidKeyStore,use it to communicate in ssl mutual session:
``` SSLContext ctx;
KeyStore clientKeyStore = KeyStore.getInstance("AndroidKeyStore");
clientKeyStore.load(null,null);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(clientKeyStore,null);
KeyStore serverKeyStore = KeyStore.getInstance("BKS");
serverKeyStore.load(getResources().getAssets().open(TRUSTSTORE_PUB_KEY), "123456".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(serverKeyStore);
ctx = SSLContext.getInstance("TLSv1.2");
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(SERVICE_HOST, 443);
socket.startHandshake();
```
however it's wrong,I don't know where to correct it:
```
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.KeyStore.getInvalidKeyException(KeyStore.java:913)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.KeyStore.getInvalidKeyException(KeyStore.java:938)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.keystore.AndroidKeyStoreSignatureSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java:219)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.security.Signature$Delegate.init(Signature.java:1357)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.security.Signature$Delegate.chooseProvider(Signature.java:1310)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.security.Signature$Delegate.engineInitSign(Signature.java:1385)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.security.Signature.initSign(Signature.java:679)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(CryptoUpcalls.java:88)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:345)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: at java.lang.Thread.run(Thread.java:784)
2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: android.security.KeyStoreException: -65530
2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: at android.security.KeyStore.getKeyStoreException(KeyStore.java:851)
2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: ... 23 more
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:286)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:345)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: at java.lang.Thread.run(Thread.java:784)
2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x748f38c608: Failure in SSL library, usually a protocol error
2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/common/src/jni/main/cpp/conscrypt/native_crypto.cc:698 0x74a1936e07:0x00000000)
2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
```
I don't know how to change it, but I think the problem is at the KeyManagerFactory instance init ,but i don't know can anyone help me? Thanks very much!
mirping0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0