Android Central Keystore

前端 未结 2 1133
野趣味
野趣味 2021-02-14 17:34

I\'m hoping that there\'s a way to programmatically access a central trusted keystore on an Android device. I know one exists, at least for verifying SSL connections etc. which

相关标签:
2条回答
  • 2021-02-14 17:43

    This is not supported, may break in future versions, etc., but here's how to get a list of the trusted certificates. You cannot add new ones without root access, because /system is mounted read-only. But if you do have root access, you can use the regular KeyStore API's to add certificates.

    KeyStore ks = KeyStore.getInstance("BKS");
    InputStream is = new FileInputStream("/etc/security/cacerts.bks");
    ks.load(is, "changeit".toCharArray());
    
    List<X509Certificate> certs = new ArrayList<X509Certificate>();
    Enumeration<String> aliases = ks.aliases();
    while (aliases.hasMoreElements()) {
      String alias = aliases.nextElement();
      X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
      certs.add(cert);
    }
    

    EDIT: This should work with needing to hardcode the path to the keystore:

    TrustManagerFactory tmf = TrustManagerFactory
                        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init((KeyStore) null);
    X509TrustManager xtm = (X509TrustManager) tmf.getTrustManagers()[0];
    for (X509Certificate cert : xtm.getAcceptedIssuers()) {
        String certStr = "S:" + cert.getSubjectDN().getName() + "\nI:"
                            + cert.getIssuerDN().getName();
        Log.d(TAG, certStr);
    }
    
    0 讨论(0)
  • 2021-02-14 18:08

    ICS (Android 4.0 / API 14) introduced the TrustedCertificateStore (not directly available in the SDK) that enables you to do exactly that. You can access it using the JCA Keystore api like this:

    /**
     * Android Central Keystore repo usually located on /data/misc/keychain 
     * including the system trusted anchors located on /system/etc/security
     */
    KeyStore keyStore = KetStore.getInstance("AndroidCAStore");
    keyStore.load(null, null); //Load default system keystore
    Enumeration<String> keyAliases = keyStore.aliases();
    
    while(keyAliases.hasMoreElements()){
        String alias = keyAliases.nextElement();
        X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
    
        //<User cert in whatever way you want>
    }
    
    0 讨论(0)
提交回复
热议问题