Android Wifi EAP TLS using WifiEnterpriseConfig setClientKeyEntry

Question

WifiEnterpriseConfig setClientKeyEntry method takes private key & certificate references. I have a .p12 certificate stored in Android certificate store. Can I use the KeyChain API (getCertificateChain, getPrivateKey) to get the private key and certificate reference and pass it to setClientKeyEntry? Alternatively, if I have a .p12 certificate in String or byte array format, then do I need to store it in certificate store to be able to use it for Wifi EAP-TLS?

Assumptions: setClientKeyEntry method is required for programatically set EAP-TLS on the Android 4.3+ client.

Answer 1

Try this:

WifiConfiguration wc = new WifiConfiguration();
wc.SSID = "\"your_ssid\"";
wc.allowedKeyManagement.set(KeyMgmt.WPA_EAP);
wc.allowedKeyManagement.set(KeyMgmt.IEEE8021X);
wc.enterpriseConfig.setEapMethod(Eap.TLS);
wc.status = WifiConfiguration.Status.ENABLED;

...

KeyStore pkcs12ks = KeyStore.getInstance("pkcs12");

in = new BufferedInputStream(new FileInputStream(new File("/path/to/your.p12")));
// alternatively you can read from any input stream, e.g. ByteArrayInputStream to read from String

pkcs12ks.load(in, "pasword".toCharArray());

Enumeration<String> aliases = pkcs12ks.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    Log.d(TAG, "Processing alias " + alias);

    X509Certificate cert = (X509Certificate) pkcs12ks.getCertificate(alias);
    Log.d(TAG, cert.toString());

    PrivateKey key = (PrivateKey) pkcs12ks.getKey(alias, "password".toCharArray());
    Log.d(TAG, key.toString());

    wc.enterpriseConfig.setClientKeyEntry(key, cert);
    wc.enterpriseConfig.setIdentity("WiFi-1");
}

...

int netID = wifiManager.addNetwork(wc);
wifiManager.saveConfiguration();
wifiManager.enableNetwork(netID, true);

Proper exception handling not shown.