从KeyChain API获得的Android Store凭据到KeyStore
我必须恢复可从KeyChain API获得的凭据信息,然后将此信息复制到密钥库中。背后的想法是,如果在密钥库中可用凭据,则应使用它。如果不可用,请转到钥匙链并加载新的凭据集。
从KeyChain中恢复凭据的实现效果很好,我可以获得PrivateKey和CertifAteChain。
keychainalias属性将在用户首次选择证书时存储在设备的共享声音中,并将其重新使用以从KeyChain加载证书。
PrivateKey privKey = KeyChain.getPrivateKey(context, keychainAlias);
X509Certificate[] certifChain = KeyChain.getCertificateChain(context, keychainAlias);
拥有此数据后,我尝试将它们存储在密钥库对象中:
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
ks.setKeyEntry(keychainAlias, privateKey.getEncoded(), certificateChain);
但是后来我会遇到此错误:
ClientCertificateLoader: Could not save certificate information to keystorejava.security.KeyStoreException: Can only replace keys with same alias: ClientCert12 != ClientCert12_KEYSTOREGRANT_1804289383
出于某种原因,钥匙串使用其他别名在内部存储凭据,当我尝试使用它将其存储在密钥库中时原始别名,密钥库检查它们是否与众不同且失败。
关于如何克服这个问题的任何想法将不胜感激。
I have to recover credentials information that is available from KeyChain API and then replicate this information into a Keystore. The idea behind this is that if the credentials are available in the keystore, it should be used. If not available, go to keychain and load new set of credentials.
The implementation to recover the credentials from keychain works fine and I can get the privateKey and the certificateChain.
The keychainAlias property is stored in device's sharedMemory once the user selects the certificate for the first time, and it's reused to load the certificate from Keychain.
PrivateKey privKey = KeyChain.getPrivateKey(context, keychainAlias);
X509Certificate[] certifChain = KeyChain.getCertificateChain(context, keychainAlias);
Once I have this data, I try to store them in a Keystore object:
KeyStore ks = KeyStore.getInstance("AndroidKeyStore");
ks.load(null);
ks.setKeyEntry(keychainAlias, privateKey.getEncoded(), certificateChain);
But then I get this error:
ClientCertificateLoader: Could not save certificate information to keystorejava.security.KeyStoreException: Can only replace keys with same alias: ClientCert12 != ClientCert12_KEYSTOREGRANT_1804289383
For some reason, the keychain uses a different alias to store the credentials internally, and when I try to store it in the Keystore using the original alias, the keystore checks that they are different and fail.
Any idea on how to overcome this issue will be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论