我有我的文件key.key,我现在使用OpenSSL将其转换为pkcs8格式,这是密钥模板
-----BEGIN PRIVATE KEY-----
some letters and numbers
-----END PRIVATE KEY-----
当我试图将其这样加载到我的密钥存储区中时:
PrivateKey privateKey = kf.generatePrivate(new pkcs8EncodedKeySpec(privateKeyBytes));
我收到错误
com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: Error parsing private key
(即使用OkHttpChannel构建器和Conscrypt作为安全提供程序)。
我尝试更改密钥的格式,这就是为什么它现在在pkcs8中的原因,因为iv'e读取了最简单的密钥供android java读取。
更新:
即使在加载密钥和两个证书后,我仍然得到
------------------Untrusted chain: ----------------------
错误,有帮助吗?
使用的代码:
private static byte[] getBytesFromInputStream(InputStream is) throws IOException {
ByteArrayOutputStream os = new ByteArrayOutputStream();
byte[] buffer = new byte[0xFFFF];
for (int len = is.read(buffer); len != -1; len = is.read(buffer)) {
os.write(buffer,len);
}
return os.toByteArray();
}
// build a key store from a set of raw certificates
private static KeyStore createKeyStore(Resources resources,int certsId,boolean ca) {
KeyStore ks = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
if (ca) {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null,null);
InputStream certIS = resources.openRawResource(R.raw.ca_crt);
X509Certificate cert = (X509Certificate) cf.generateCertificate(certIS);
ks.setCertificateEntry("ca",cert);
} else {
ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null,null);
InputStream certIS = resources.openRawResource(R.raw.client_crt);
Certificate cert = cf.generateCertificate(certIS);
InputStream privateKeyIS = resources.openRawResource(R.raw.client_pkcs8);
byte[] privateKeyBytes = RNGrpcChannelBuilder.getBytesFromInputStream(privateKeyIS);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(new pkcs8EncodedKeySpec(privateKeyBytes));
Certificate[] certChain = new Certificate[1];
certChain[0] = cert;
ks.setKeyEntry("client",privateKey,null,certChain);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
return ks;
}
public static ManagedChannel build(String host,int port,Resources resources,@Nullable String serverHostOverride) {
KeyStore ca = RNGrpcChannelBuilder.createKeyStore(resources,R.array.certs,true);
KeyStore client = RNGrpcChannelBuilder.createKeyStore(resources,false);
OkHttpChannelBuilder channelBuilder =
OkHttpChannelBuilder.forAddress(host,port);
if (serverHostOverride != null) {
// Force the hostname to match the cert the server uses.
channelBuilder.overrideAuthority(serverHostOverride);
}
try {
channelBuilder.negotiationType(io.grpc.okhttp.NegotiationType.TLS);
channelBuilder.useTransportSecurity();
channelBuilder.sslSocketFactory(getSslSocketFactory(ca,client));
} catch (Exception e) {
throw new RuntimeException(e);
}
return channelBuilder.build();
}
private static SSLSocketFactory getSslSocketFactory(KeyStore ca,KeyStore client)
throws Exception {
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
String password = "";
kmf.init(client,password.toCharArray());
// initialize trust manager factor from certs keystore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ca);
// initialize SSL context from trust manager factory
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(),tmf.getTrustManagers(),new SecureRandom());
// return socket factory from the SSL context
return context.getsocketFactory();
}