Android Central Keystore

前端 未结 2 1132
野趣味
野趣味 2021-02-14 17:34

I\'m hoping that there\'s a way to programmatically access a central trusted keystore on an Android device. I know one exists, at least for verifying SSL connections etc. which

2条回答
  •  执念已碎
    2021-02-14 17:43

    This is not supported, may break in future versions, etc., but here's how to get a list of the trusted certificates. You cannot add new ones without root access, because /system is mounted read-only. But if you do have root access, you can use the regular KeyStore API's to add certificates.

    KeyStore ks = KeyStore.getInstance("BKS");
    InputStream is = new FileInputStream("/etc/security/cacerts.bks");
    ks.load(is, "changeit".toCharArray());
    
    List certs = new ArrayList();
    Enumeration aliases = ks.aliases();
    while (aliases.hasMoreElements()) {
      String alias = aliases.nextElement();
      X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
      certs.add(cert);
    }
    

    EDIT: This should work with needing to hardcode the path to the keystore:

    TrustManagerFactory tmf = TrustManagerFactory
                        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init((KeyStore) null);
    X509TrustManager xtm = (X509TrustManager) tmf.getTrustManagers()[0];
    for (X509Certificate cert : xtm.getAcceptedIssuers()) {
        String certStr = "S:" + cert.getSubjectDN().getName() + "\nI:"
                            + cert.getIssuerDN().getName();
        Log.d(TAG, certStr);
    }
    

提交回复
热议问题