How can I use the client certificate which storing in AndroidKeyStore at SSL mutual communication?

-1

I use KeyGenParameterSpec to generate keypair:

```
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA,"AndroidKeyStore");
        keyPairGenerator.initialize(
                new KeyGenParameterSpec.Builder(alias, KeyProperties.PURPOSE_SIGN|KeyProperties.PURPOSE_ENCRYPT|KeyProperties.PURPOSE_DECRYPT|KeyProperties.PURPOSE_VERIFY)
                        .setDigests(KeyProperties.DIGEST_SHA256,KeyProperties.DIGEST_SHA512)
                        .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)

                        .setCertificateSubject(new X500Principal("C=US"))
                        .build());

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
```

then use the keypair generate a self-signed by my own CA,store it in AndroidKeyStore,use it to communicate in ssl mutual session:

```    SSLContext ctx;

       KeyStore clientKeyStore = KeyStore.getInstance("AndroidKeyStore");
       clientKeyStore.load(null,null);
       KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
       kmf.init(clientKeyStore,null);
       KeyStore serverKeyStore = KeyStore.getInstance("BKS");
        serverKeyStore.load(getResources().getAssets().open(TRUSTSTORE_PUB_KEY), "123456".toCharArray());

       TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
       tmf.init(serverKeyStore);
       ctx = SSLContext.getInstance("TLSv1.2");
       ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
       SSLSocketFactory factory = ctx.getSocketFactory();
       SSLSocket socket = (SSLSocket) factory.createSocket(SERVICE_HOST, 443);
       socket.startHandshake();
```

however it's wrong,I don't know where to correct it:

```

    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:913)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getInvalidKeyException(KeyStore.java:938)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.KeyStoreCryptoOperationUtils.getInvalidKeyExceptionForInit(KeyStoreCryptoOperationUtils.java:54)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreSignatureSpiBase.java:219)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:99)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.keystore.AndroidKeyStoreSignatureSpiBase.engineInitSign(AndroidKeyStoreSignatureSpiBase.java:77)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.init(Signature.java:1357)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.chooseProvider(Signature.java:1310)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature$Delegate.engineInitSign(Signature.java:1385)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.security.Signature.initSign(Signature.java:679)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.CryptoUpcalls.rawSignDigestWithPrivateKey(CryptoUpcalls.java:88)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:345)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
    2019-05-08 14:54:46.407 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.lang.Thread.run(Thread.java:784)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: android.security.KeyStoreException: -65530
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.security.KeyStore.getKeyStoreException(KeyStore.java:851)
    2019-05-08 14:54:46.408 21651-21777/com.example.myfirstloginapplication W/System.err:   ... 23 more
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:286)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.SSLTwoWaySocket(LoginActivity.java:525)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity.access$500(LoginActivity.java:74)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:589)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.example.myfirstloginapplication.LoginActivity$UserLoginTask.doInBackground(LoginActivity.java:556)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:345)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:257)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    2019-05-08 14:54:46.452 21651-21777/com.example.myfirstloginapplication W/System.err:     at java.lang.Thread.run(Thread.java:784)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x748f38c608: Failure in SSL library, usually a protocol error
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err: error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/common/src/jni/main/cpp/conscrypt/native_crypto.cc:698 0x74a1936e07:0x00000000)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
    2019-05-08 14:54:46.453 21651-21777/com.example.myfirstloginapplication W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)

```

I don't know how to change it, but I think the problem is at the KeyManagerFactory instance init ,but i don't know can anyone help me? Thanks very much!

java
android
android-keystore
asked on Stack Overflow May 8, 2019 by mirping • edited May 8, 2019 by mirping

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0