linux下用公钥，私钥创建Android bks证书

最新推荐文章于 2023-12-01 10:12:39 发布

从杰

最新推荐文章于 2023-12-01 10:12:39 发布

阅读量4k

点赞数

文章标签： bks证书签发

本文链接：https://blog.csdn.net/mu399/article/details/50750071

版权

bks证书一般用于在android的应用https协议，有两种情形，
1. android上做客户端和https server 通信
2. android上做服务端创建一个https server,
3.
而https 需要bks证书文件支持

步骤：

a. Install jdk and set JAVA_HOME, ensure ‘keytool’ in PATH environment.

jerome1984@cws15]$ which keytool
/opt/jdk/bin/keytool
jerome1984@cws15]$ echo $JAVA_HOME
/opt/jdk

b. 确保公钥，私钥文件，bcprov-jdk16-141.jar 在同一个目录下
c. 用公钥，私钥文件生成p12格式的证书文件

jerome1984@cws15]$ openssl pkcs12 -export -in my_public.crt -inkey my_private.key -out my_tmp.p12 -name plum_file <--别名
Enter Export Password: chengdu   <-- .p12 password
Verifying - Enter Export Password: chengdu

d. 把p12正式转换为bks证书

jerome1984@cws15]$ keytool -importkeystore -srckeystore my_tmp.p12 -srcstoretype pkcs12 -destkeystore my_final.bks -deststoretype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar 

Enter destination keystore password:  mypassword <-- bks password, private key password 
Re-enter new password: 

Enter source keystore password:  chengdu   <-- above .p12 password, keystore file's password
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

e. 验证bks文件

keytool -list -keystore my_final.bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar -storetype BKS -storepass chengdu

Keystore type: BKS
Keystore provider: BC

Your keystore contains 1 entry

1, May 14, 2015, PrivateKeyEntry, 
Certificate fingerprint (SHA1): CF:F5:CB:C6:1E:AE:5C:39:34:25:62:25:55:24:6E:76:AF:9A:7F:D2

公钥 my_public.crt, 私钥 my_private.key是根据证书颁发机构颁发的证书做为根证书签发的

java代码调用

public void setSSLContext() {
        char[] password = Config.sCertFilePwd.toCharArray(); //chengdu
        char[] privateKeyPwd = Config.sCertPrivateKeyPwd.toCharArray(); //mypassword
        InputStream is = null;
        KeyStore ks = null;
        try {
            ks = KeyStore.getInstance("BKS");
            is = NanoHttpServer.class.getClassLoader().getResourceAsStream(Config.sCertFilePath);
//          FileInputStream fis = new FileInputStream("assets/my_final.bks"); //viacube_server.keystore mykey
            ks.load(is, password);
            Key k = ks.getKey("plum_file", privateKeyPwd);
            if (k != null) {
                LogHelper.d(TAG, "k.getAlgorithm() = " + k.getAlgorithm());
            } else {
                LogHelper.d(TAG, "no private key for this android https server");
            }
            // setup the key manager factory
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(ks, privateKeyPwd);
            SSLServerSocketFactory sf = NanoHTTPD.makeSSLSocketFactory(ks, kmf);
            makeSecure(sf);
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } finally {
            if (is != null) {
                try {
                    is.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }