握手失败Android 23
问题描述:
我遇到了Android中的Keystore问题。握手失败Android 23
我试图将Android中的客户端连接到java中的服务器。我的代码与API的15个工作井到Android的22,但与新的API 23更新时间:
我已经得到了Android客户端上的错误:
javax.net.ssl.SSLHandshakeException: Handshake failed
,并在此错误服务器:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
这里是我的代码,这是用API 22或之前正常工作:
在客户端,R.raw.publickey是公共.bks证书,R.raw.publickey_v1是较旧的版本与API 15. .bks兼容性正
服务器:
public static SSLServerSocket getServerSocketWithCert(int port, InputStream pathToCert, String passwordFromCert) throws IOException,
KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException{
TrustManager[] tmm;
KeyManager[] kmm;
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(pathToCert, passwordFromCert.toCharArray());
tmm=tm(ks);
kmm=km(ks, passwordFromCert);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmm, tmm, null);
SSLServerSocketFactory socketFactory = (SSLServerSocketFactory) ctx.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket) socketFactory.createServerSocket(port);
return ssocket;
}
private static TrustManager[] tm(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustMgrFactory.init(keystore);
return trustMgrFactory.getTrustManagers();
};
private static KeyManager[] km(KeyStore keystore, String password) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyMgrFactory.init(keystore, password.toCharArray());
return keyMgrFactory.getKeyManagers();
};
public static void main(String[] args){
SSLServerSocket ss = null;
try {
ss = getServerSocketWithCert(12345, Server.class.getResourceAsStream("/privateKey.store"), "password");
} catch(BindException e){
e.printStackTrace();
System.exit(1);
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
while(true){
SSLSocket s = ss.accept();
new DataOutputStream(s.getOutputStream()).writeUTF("test");
//TODO ERROR IS APPENING HERE
}
}
客户:
public static SSLSocket getSocketWithCert(InetAddress ip, int port, InputStream pathToCert, String passwordFromCert) throws IOException,
KeyManagementException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
TrustManager[] tmm;
KeyStore ks = KeyStore.getInstance("BKS");
ks.load(pathToCert, passwordFromCert.toCharArray());
tmm=tm(ks);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmm, null);
SSLSocketFactory SocketFactory = (SSLSocketFactory) ctx.getSocketFactory();
SSLSocket socket = (SSLSocket) SocketFactory.createSocket();
socket.connect(new InetSocketAddress(ip, port), 5000);
return socket;
}
private static TrustManager[] tm(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustMgrFactory.init(keystore);
return trustMgrFactory.getTrustManagers();
};
public static void(String[] args){
int id;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN){
id = R.raw.publickey;
} else {
id = R.raw.publickey_v1;
}
try {
Socket s = SSLSocketKeystoreFactory.getSocketWithCert("myip", 12345, HackerMainActivity.this.getResources().openRawResource(id), "password");
} catch (UnknownHostException | SecurityException e) {
e.printStackTrace();
return;
} catch(SocketTimeoutException e){
e.printStackTrace();
return;
} catch (KeyManagementException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
e.printStackTrace();
}
DataInputStream in = new DataInputStream(s.getInputStream());
//TODO ERROR IS APPENING HERE
}
非常感谢您的帮助!
答
我终于成功地做到这一点...
的错误是,在Android 6.0是不支持了SHA-1。
错误是太奇怪了,我并没有设法直接看到它...
对于一个谁比我有同样的错误,只是使用SHA-256重新创建你的证书......