Android P移除BC相关的算法,可以使用AndroidOpenSSL java.security.cert.CertificateException: X.509 not found Caused by: java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for CertificateFactory.X.509. Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details. CertificateFactory certificateFactory; if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) { //适配Android P及以后版本,否则报错NoSuchAlgorithmException certificateFactory = CertificateFactory.getInstance("X.509", "AndroidOpenSSL");// } else { certificateFactory = CertificateFactory.getInstance("X.509", "BC"); } //CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509","BC");//, "BC" Logger.e("TAG", " certificates.length: " + certificates.length); //CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate ca = certificateFactory.generateCertificate(certificates[0]); pinningPublicKey = new BigInteger(1, ca.getPublicKey().getEncoded()).toString(16); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); keyStore.setCertificateEntry("certificateAlias", ca); for (InputStream certificate : certificates) { try { if (certificate != null) certificate.close(); } catch (IOException e) { } } TrustManagerFactory trustManagerFactory = null; trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: inStream is empty
如果用Certificate ca = certificateFactory.generateCertificate(certificates[0]);的时候
再次keyStore.setCertificateEntry("certificateAlias", certificateFactory.generateCertificate(certificates[0]));就会出现上面错误
keyStore.setCertificateEntry("certificateAlias", ca); 就没有问题
顺带记录下问题