nelenkov / custom-cert-https Goto Github PK
View Code? Open in Web Editor NEWCustom certificate trust store on Android sample app
Home Page: http://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html
License: Other
Custom certificate trust store on Android sample app
Home Page: http://nelenkov.blogspot.com/2011/12/using-custom-certificate-trust-store-on.html
License: Other
When trying the application, the dump is always the default system certificates.
I tried to reproduce it outside the application, and I get an exception
Exception in thread "main" java.lang.RuntimeException: java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Invalid keystore format
at SimpleTest.main(SimpleTest.java:28)
Caused by: java.security.KeyStoreException: problem accessing trust storejava.io.IOException: Invalid keystore format
at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:55)
at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:230)
at SimpleTest.main(SimpleTest.java:20)
Hi there.
I have used your idea of creating a combined TrustManager which you call MyTrustManager
.
However, when instantiating MyTrustManager
, then the defaultTrustManager
's accepted issuers is combined with the local one in this code:
List<X509Certificate> allIssuers = new ArrayList<X509Certificate>();
for (X509Certificate cert : defaultTrustManager.getAcceptedIssuers()) {
allIssuers.add(cert);
}
for (X509Certificate cert : localTrustManager.getAcceptedIssuers()) {
allIssuers.add(cert);
}
acceptedIssuers = allIssuers.toArray(new X509Certificate[allIssuers.size()]);
However, the call to defaultTrustManager.getAcceptedIssuers()
is very slow (5-15sec) on the Android platform (at least on my phone).
In my instance, the Apache HttpClient never calls getAcceptedIssuers()
and therefore the work is wasted.
I rewrote the implementation to prepare the list only if getAcceptedIssuers()
was called:
public X509Certificate[] getAcceptedIssuers() {
Log.d(TAG, "getAcceptedIssuers()...");
if(acceptedIssuers == null) {
synchronized(this) {
if(acceptedIssuers == null) {
List<X509Certificate> allIssuers = new ArrayList<X509Certificate>();
Collections.addAll(allIssuers, defaultTrustManager.getAcceptedIssuers());
Collections.addAll(allIssuers, localTrustManager.getAcceptedIssuers());
acceptedIssuers = allIssuers.toArray(new X509Certificate[allIssuers.size()]);
}
}
}
return acceptedIssuers;
}
It is exactly as slow as your implementation, but if it is not called, the list will not be prepared. Also notice that I used the Collections.addAll
utility methods instead of the for
loops. It uses the singleton pattern as described on stackoverflow. http://stackoverflow.com/a/11165926/477854
I hope you will incorporate these changes such that other people will not have to deal with this problem.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.