Adding custom certificate to AndroidCaStore for Wi-Fi and HTTPS

こ雲淡風輕ζ 提交于 2019-12-11 17:34:36

问题


I have a central system App that allows user to install CA's which may be used for HTTPS or Wi-Fi Enterprise connection. This App could be viewed as a Certificate manager which would serve multiple applications. (Although it does other things too, mainly configuration)

I am working on Android Pie, and this is my first time working on Android, so pardon my noobness.

Based on excellent discussion in the below links including Nikolai's wonderful blog

Android Central Keystore https://nelenkov.blogspot.com/2011/12/ics-trust-store-implementation.html Programmatically add a certificate authority while keeping Android system SSL certificates

I am attempting to:

1) Make my app as a device owner and then use Device Policy Manager to install the certificate
I did this by (copy rules in my board makefile)

packaging device_policies.xml into /data/system/
packaging device_owner.xml into /data/system/
Modifying the AndroidManifest.xml and implementing device admin class

2) Add the certificates to the central AndroidCaStore using Keystore APis
For this, I

Read certificates from a file
Get keystore instance of "AndroidCStore"
setCertificate()

**Code snippet For (1)**  

DevicePolicyManager dpm = (DevicePolicyManager)getSystemService(Context.DEVICE_POLICY_SERVICE);
ComponentName adminComp = new ComponentName(context, ConfigSettingsAdminReceiver.class);

if (dpm.isAdminActive(adminComp))
{
    String CERT_FILE_1 = "/data/sam/ca1.crt";
    FileInputStream cert1 = new FileInputStream(CERT_FILE_1);

    byte [] cert1_contents = new byte[(int)cert1.available()];
    cert1.read(cert1_contents);

    if (dpm.installCaCert(adminComp, cert1_contents))
    {
        Plog.d("installCustCertificate | SAM |  Installed custom cert 1");
    }
    else
    {
        Plog.e("installCustCertificate | SAM |  FAIL Cert 1");
    }
}

**Code snippet For (2)**  

KeyStore keyStoreAndroid = KeyStore.getInstance("AndroidCAStore");
InputStream fis          = new BufferedInputStream(inputStream);
CertificateFactory cf    = CertificateFactory.getInstance("X.509");
Certificate cert;

keyStoreAndroid.load(null, null);

try{
    cert = cf.generateCertificate(fis);
    keyStoreAndroid.setCertificateEntry("custcert", cert);
} finally {
    cf.close();
}

For (1) above,
I am unable to set my application as a device owner. I could make it a device admin at boot up.
However, I on callig DevicePolicyManager API's installCaCert(), I get error saying
AdminComponentInfo{com.sam.configsettings/com.sam.configsettings.ConfigSettingsAdminReceiver} does not own the profile

On checking /data/system, I see that device_policies.xml is present but there is no sign of device_owner.xml

For (2) above,
I am getting an error as "exception:java.lang.UnsupportedOperationException"

Any idea what I might be missing?

来源:https://stackoverflow.com/questions/56225994/adding-custom-certificate-to-androidcastore-for-wi-fi-and-https

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!