如何以编程方式在Android上安装CA证书,而无需用户交互证书、方式、用户、CA
我试图安装证书不提示用户。我知道这是不好的做法,但是这点需要什么。
使用 KeyChain.createInstallIntent(),我可以让机器人通过调用启动证书安装对话框 startActivity 。然而,当我传球意图 sendBroadcast ,没有任何反应。也许这个平台不支持此出于安全原因?
字符串cert_file中= Environment.getExternalStorageDirectory()+/test/IAT.crt;
意向意图= KeyChain.createInstallIntent();
尝试 {
的FileInputStream CERTIS =新的FileInputStream(cert_file中);
byte []的证书=新的字节[(INT)certFile.length()];
certIs.read(证书);
X509证书X509 = X509Certificate.getInstance(证书);
intent.putExtra(KeyChain.EXTRA_CERTIFICATE,x509.getEn codeD());
intent.putExtra(KeyChain.EXTRA_NAME,IAT证书);
EapActivity.this.startActivityForResult(意向,0); //这个工作,但显示的UI
EapActivity.this.sendBroadcast(意向); //这个不安装证书
}赶上(IOException异常E){
解决方案
您只能安装证书默默的,如果你有系统权限。显示一个确认对话框是故意的,因为信任证书可以产生严重的后果 - 机器人可以在不发出警告,等这就是说,在ICS对话框愉快地打开钓鱼网站/ JB是pretty的坏 - 它不告诉你什么证书要安装,谁发出的,只是它的CA证书,这是一种显而易见的。
因此,无论是使用公共钥匙链 API,并使用 startActivity()得到确认对话框,或$前比较,P $ P-提供设备处理他们的用户。
更新:在Android 4.4系统, DevicePolicyManager 有一个隐藏的API( installCaCert ),使您可以静默安装证书。您需要 MANAGE_CA_CERTIFICATES 权限,这是签名|系统,所以还没有可行的用户安装的应用程序。
I'm trying to install certificates without prompting the user. I know this is not good practice, but that's what PM wants.
Using KeyChain.createInstallIntent(), I can get Android to launch the certificate installation dialog by calling startActivity. However, when I pass the intent to sendBroadcast, nothing happens. Maybe the platform doesn't support this for security reasons?
String CERT_FILE = Environment.getExternalStorageDirectory() + "/test/IAT.crt";
Intent intent = KeyChain.createInstallIntent();
try {
FileInputStream certIs = new FileInputStream(CERT_FILE);
byte [] cert = new byte[(int)certFile.length()];
certIs.read(cert);
X509Certificate x509 = X509Certificate.getInstance(cert);
intent.putExtra(KeyChain.EXTRA_CERTIFICATE, x509.getEncoded());
intent.putExtra(KeyChain.EXTRA_NAME, "IAT Cert");
EapActivity.this.startActivityForResult(intent, 0); // this works but shows UI
EapActivity.this.sendBroadcast(intent); // this doesn't install cert
} catch (IOException e) {
解决方案
You can only install certificates silently if you have system privileges. Showing up a confirmation dialog is intentional, since trusting certificates can have serious consequences -- Android could happily open phishing sites without a warning, etc. That said, the dialog in ICS/JB is pretty bad -- it doesn't tell you what certificate you are installing and who issued it, just that it's a CA certificate, which is kind of obvious.
So, either use the public KeyChain API and use startActivity() to get the confirmation dialog, or pre-provision devices before handling them to users.
Update: In Android 4.4, DevicePolicyManager has a hidden API (installCaCert) that allows you to install certificates silently. You need the MANAGE_CA_CERTIFICATES permission, which is signature|system, so still not doable for user-installed apps.
