Last active
February 11, 2018 08:03
-
-
Save skyer9/88f97b4bf2f5b8ecc28b084593262a46 to your computer and use it in GitHub Desktop.
Using Self-Certification File in Androiod App
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package kr.co.episode.muglangguide.data.remote; | |
import android.content.Context; | |
import org.apache.http.conn.ssl.SSLSocketFactory; | |
import java.io.IOException; | |
import java.io.InputStream; | |
import java.net.URL; | |
import java.security.KeyManagementException; | |
import java.security.KeyStore; | |
import java.security.KeyStoreException; | |
import java.security.NoSuchAlgorithmException; | |
import java.security.UnrecoverableKeyException; | |
import java.security.cert.CertificateException; | |
import javax.net.ssl.HttpsURLConnection; | |
import javax.net.ssl.KeyManager; | |
import javax.net.ssl.KeyManagerFactory; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.TrustManager; | |
import javax.net.ssl.TrustManagerFactory; | |
import kr.co.episode.muglangguide.R; | |
/** | |
* Created by skyer9 on 2018-02-10. | |
*/ | |
/* | |
1. cacerts 에 인증키 추가 | |
$ sudo cp /usr/lib/jvm/java-1.7.0-openjdk.x86_64/jre/lib/security/cacerts /usr/lib/jvm/java-1.7.0-openjdk.x86_64/jre/lib/security/cacerts.org | |
$ sudo keytool -import -trustcacerts \ | |
-keystore /usr/lib/jvm/java-1.7.0-openjdk.x86_64/jre/lib/security/cacerts \ | |
-storepass changeit -noprompt -alias mycert \ | |
-file ./server.crt | |
2. 인증서 파일을 BKS 포멧으로 변경 | |
- 아래 사이트에서 keystore explorer 다운받아 설치 | |
http://keystore-explorer.org/downloads.html | |
- 위에서 생성한 파일을 keystore explorer 를 이용해 오픈 | |
- 메뉴 > Tools > change keystore type : BKS 포멧으로 변경하고 저장 | |
3. 앱에 추가 | |
- /res/raw 에 파일 추가 | |
*/ | |
public class MyHttpsURLConnection { | |
public static HttpsURLConnection getConnection(Context context, URL url) throws NoSuchAlgorithmException, KeyManagementException, IOException, KeyStoreException, CertificateException, UnrecoverableKeyException { | |
// JDK 인증파일에 개인 인증키를 추가하여 인증한다. | |
KeyStore trusted = KeyStore.getInstance("BKS"); | |
InputStream in = context.getResources().openRawResource(R.raw.cacerts); | |
trusted.load(in, "changeit".toCharArray()); | |
in.close(); | |
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509"); | |
keyManagerFactory.init(trusted, "changeit".toCharArray()); | |
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); | |
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
tmf.init(trusted); | |
TrustManager[] managers = tmf.getTrustManagers(); | |
SSLContext sslContext = SSLContext.getInstance("TLS"); | |
sslContext.init(keyManagers, managers, null); | |
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection(); | |
urlConn.setSSLSocketFactory(sslContext.getSocketFactory()); | |
// CN 만 체크한다. | |
urlConn.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); | |
return urlConn; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment