ssl - How to make NanoHTTPD on Android accept connection from client with dedicated client certificate -


i make web service on android device using nanohttpd. trust certificate , accept ssl connection client. want limit access specific client only.

update: try work this:

        string keystorepass = "test";         char[]ctpass = keystorepass.tochararray();         keystore ks = keystore.getinstance("pkcs12");          //directly load cert resources         //ks.load(ctx.getresources().openrawresource(r.raw.cayan_cert),kspass);          //or dynamically generate cert , use         ipaddressincn = mainapplication.getipaddress();          //use current ip address generate cert signed hard coded ca, , add keystore         string cn = "cn=" + ipaddressincn;         ks.load(null, null);         generatecsr.addcerttokeystore(ks, ctpass, cn);          keymanagerfactory kmf = keymanagerfactory.getinstance(keymanagerfactory.getdefaultalgorithm());         kmf.init(ks, ctpass);          sslcontext sc = sslcontext.getinstance("tls");          trustmanager[] tm = new trustmanager[]{new x509trustmanager() {              public java.security.cert.x509certificate[] getacceptedissuers() {                  return new java.security.cert.x509certificate[0];             }              public void checkclienttrusted(java.security.cert.x509certificate[] certs,                                            string authtype) {                 system.out.println("abc");                 return;             }              public void checkservertrusted(java.security.cert.x509certificate[] certs,                                            string authtype) {                  return;             }          }};          sc.init(kmf.getkeymanagers(), tm, null);         server.makesecure(sc.getserversocketfactory(), null); 

i try set break point custom trust manager functions never called.

but trust certificate , accept ssl connection client.

not true. accept ssl connections clients trusted certificates, unless have installed brain-dead trust-all-certificates garbage, in case should remove them.

i want limit access specific client only.

you should via authorization, have implement in nanohttpd.


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -