ssl - How to make NanoHTTPD on Android accept connection from client with dedicated client certificate -
i make web service on android device using nanohttpd. trust certificate , accept ssl connection client. want limit access specific client only.
update: try work this:
string keystorepass = "test"; char[]ctpass = keystorepass.tochararray(); keystore ks = keystore.getinstance("pkcs12"); //directly load cert resources //ks.load(ctx.getresources().openrawresource(r.raw.cayan_cert),kspass); //or dynamically generate cert , use ipaddressincn = mainapplication.getipaddress(); //use current ip address generate cert signed hard coded ca, , add keystore string cn = "cn=" + ipaddressincn; ks.load(null, null); generatecsr.addcerttokeystore(ks, ctpass, cn); keymanagerfactory kmf = keymanagerfactory.getinstance(keymanagerfactory.getdefaultalgorithm()); kmf.init(ks, ctpass); sslcontext sc = sslcontext.getinstance("tls"); trustmanager[] tm = new trustmanager[]{new x509trustmanager() { public java.security.cert.x509certificate[] getacceptedissuers() { return new java.security.cert.x509certificate[0]; } public void checkclienttrusted(java.security.cert.x509certificate[] certs, string authtype) { system.out.println("abc"); return; } public void checkservertrusted(java.security.cert.x509certificate[] certs, string authtype) { return; } }}; sc.init(kmf.getkeymanagers(), tm, null); server.makesecure(sc.getserversocketfactory(), null);
i try set break point custom trust manager functions never called.
but trust certificate , accept ssl connection client.
not true. accept ssl connections clients trusted certificates, unless have installed brain-dead trust-all-certificates garbage, in case should remove them.
i want limit access specific client only.
you should via authorization, have implement in nanohttpd.
Comments
Post a Comment