Bouncy Castle Keystore(BKS):java.io.IOException:密钥库的错误版本

Question

我必须连接到基于REST的Web服务.

(https://someurl.com/api/lookup/jobfunction/lang/EN)

在IE或Chrome浏览器中,当我尝试访问此URL时,我获得了一个我必须信任并接受继续的证书之后我必须输入用户名和密码,然后我得到JSON响应.

同样的事情,我必须以编程方式为Android应用程序做.

1. 尝试使用自定义EasySSLSocketFactory和EasyX509TrustManager,Didnt工作.我收到以下错误:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚.

2. 使用BKS密钥库,请注意mykeystore.bks在执行以下命令之前是一个空文件

   keytool -importcert -v -trustcacerts -file "test.crt" -alias IntermediateCA -keystore   "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath   "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234
   
   
   keytool -list -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider  -providerpath "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234
   

MyHTTPClient.java如下所示:

public class MyHttpClient extends DefaultHttpClient { 

final Context context; 

public MyHttpClient(Context context) { 
    this.context = context; 
} 

@Override
protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    // Register for port 443 our SSLSocketFactory with our keystore 
    // to the ConnectionManager 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
} 

private SSLSocketFactory newSslSocketFactory() { 
    try { 
        // Get an instance of the Bouncy Castle KeyStore format 
        KeyStore trusted = KeyStore.getInstance("BKS"); 
        // Get the raw resource, which contains the keystore with 
        // your trusted certificates (root and any intermediate certs) 
        InputStream in = context.getResources().openRawResource(R.raw.mykeystore); 
        try { 
            // Initialize the keystore with the provided trusted certificates 
            // Also provide the password of the keystore 
            trusted.load(in, "abcd1234".toCharArray()); 
        } finally { 
            in.close(); 
        } 
        // Pass the keystore to the SSLSocketFactory. The factory is responsible 
        // for the verification of the server certificate. 
        SSLSocketFactory sf = new SSLSocketFactory(trusted); 
        // Hostname verification from certificate 
        // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); 
        return sf; 
    } catch (Exception e) { 
        throw new AssertionError(e); 
    } 
} 

当我调用webservice时,我收到以下错误:引起:java.lang.AssertionError:java.io.IOException:密钥库的错误版本

请告诉我如何连接到基于HTTPS的rest webservice,它具有用户名和passwd凭据.......

Answer 1

BC jar 版本 148 不适用于 Android。使用版本 146 或 147。