Created
April 25, 2016 13:17
-
-
Save bracki/20bbeb614e118b247483ab207e876b15 to your computer and use it in GitHub Desktop.
root ca and java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| We have to create our own key store since our API endpoint doesn't send the intermediate | |
| SSL certificates | |
| (see https://svn.jimdo-server.com/trac/ticket/52929). | |
| 1. Get server certificate: | |
| i.e.: echo | openssl s_client -connect mobile.jimdoapi.com:443 2>&1 | \ | |
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > jimdoapicert.pem | |
| 2. Create keystore: | |
| i.e.: keytool -import -v -trustcacerts -alias 0 -file <(openssl x509 -in jimdoapicert.pem) \ | |
| -storepass jimdoapi -keystore path/to/keystore/file | |
| NB: This works for 'standard' Java apps, but it won't work on Android since it uses a | |
| different default security provider (Bouncy Castle instead of SunJCE). That is, you'll need | |
| to provide `a keystore in BKS format (more info at: | |
| http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html) | |
| */ | |
| public SSLSocketFactory jimdoSSLSocketFactory(InputStream keystoreStream, | |
| String keystorePassword) | |
| throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, | |
| KeyManagementException { | |
| SSLSocketFactory socketFactory = null; | |
| try { | |
| KeyStore trusted = KeyStore.getInstance(KeyStore.getDefaultType()); | |
| trusted.load(keystoreStream, keystorePassword.toCharArray()); | |
| TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509"); | |
| tmf.init(trusted); | |
| SSLContext sslContext = SSLContext.getInstance("TLS"); | |
| sslContext.init(null, tmf.getTrustManagers(), null); | |
| socketFactory = sslContext.getSocketFactory(); | |
| } finally { | |
| try { | |
| if (keystoreStream != null) { | |
| keystoreStream.close(); | |
| } | |
| } catch (IOException ignored) { | |
| } | |
| } | |
| return socketFactory; | |
| } | |
| public SSLSocketFactory jimdoSSLSocketFactory(String keystorePath, String keystorePassword) | |
| throws CertificateException, NoSuchAlgorithmException, KeyStoreException, | |
| KeyManagementException, IOException { | |
| try { | |
| return jimdoSSLSocketFactory(new FileInputStream(keystorePath), keystorePassword); | |
| } catch (FileNotFoundException e) { | |
| e.printStackTrace(); | |
| } | |
| return null; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment