CODEWITHSUNDEEP
androidsslhttpscertificate
Hilal
Hilal

Reputation: 952

Android cannot generate certificate

I have problem while generating certificate. Following is related code.

@SuppressLint("SdCardPath")
public HttpsURLConnection setUpHttpsConnection(String urlString)
{
    try
    {
        CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");

        AssetManager assManager = context.getAssets();
        InputStream caInput = assManager.open("testCert.pfx");

        KeyStore keyStore = KeyStore.getInstance("PKCS12");

        Certificate ca = cf.generateCertificate(caInput);

        System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());

        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        URL url = new URL(urlString);
        HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
        urlConnection.setSSLSocketFactory(context.getSocketFactory());

        return urlConnection;
    }
    catch (Exception ex)
    {
        Log.e("fff", "Failed to establish SSL connection to server: " + ex.toString());
        ex.printStackTrace();
        return null;
    }

}

Program gives an error at following line.

CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");

Error trace ;

com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory$ExCertificateException
rer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
 at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:220)
 at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:196)
 at com.example.hilalinan.cert.ServiceCall.setUpHttpsConnection(ServiceCall.java:125)
 at com.example.hilalinan.cert.ServiceCall.doInBackground(ServiceCall.java:58)
 at android.os.AsyncTask$2.call(AsyncTask.java:295)
 at java.util.concurrent.FutureTask.run(FutureTask.java:237)
 at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
 at java.lang.Thread.run(Thread.java:818)
Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.ASN1Integer
 at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:98)
 at com.android.org.bouncycastle.asn1.x509.TBSCertificate.getInstance(TBSCertificate.java:64)
 at com.android.org.bouncycastle.asn1.x509.Certificate.<init>(Certificate.java:61)
 at com.android.org.bouncycastle.asn1.x509.Certificate.getInstance(Certificate.java:45)
 at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.readDERCertificate(CertificateFactory.java:68)
 at com.android.org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory.engineGenerateCertificate(CertificateFactory.java:215)
... 9 more

When I searched this issue I found this question in stackoverflow. I understood that my phone does not have BC provider in trusted credentials. OP of the question suggested that I add BC provider to my phone. But even though I install, how can I provide other users install that who are using my program. Also when I googled it how to add BC to my list I couldnt find anything useful.

Is there any idea how to solve my issue?

Thanks in advance.

Upvotes: 0

Views: 3059

Answers (1)

Robert
Robert

Reputation: 42615

A pfx file is a PKCS#12 file which may contain multiple certificates and keys (unless you changed the file extension).

The code you use expects a simple certificate (.cer, .crt or .der) file.

Therefore you have to load it directly as PKCS12 keystore and not try to generate a certificate object from it:

InputStream caInput = assManager.open("testCert.pfx");
String pfxPassword = "password"; // change it to the correct password
keyStore.load(caInput, pfxpassword.toCharArray());
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);

Upvotes: 2

Related Questions