Hi,
Your entry was very useful. I was wondering if you could offer some
more assistance. I added
TrustManagerFactory mTrustManagerFactory = new
TrustManagerFactory(mTrustManagerFactorySpi, null, malg);
KeyStore ks = null;
try {
mTrustManagerFactory.init(ks);
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
to onCreate in my application. I have three questions:
1) Is this what you meant by "create a TrustManagerFactory and specify
a null KeyStore in the init() method"?
2) How do I check that it worked? Access the TrustStore property
informtion?
3) If I was successful, in order to take advantage of having all the
certificates in cacerts.bks available to my application, would I need
to change my application's entry in files such as packages.xml?
Thanks for your help.
Alex Donnini
On Mar 16, 5:40 am, Scytmo <[email protected]> wrote:
> Also, I wouldn't rely on the file necessarily always being available
> at that path. For instance, if a later update to Android includes the
> ability for the end-user to add root certificates, then the mechanism
> for the certificate store would likely change.
>
> For a desktop J2SE installation, you would set the Java system
> property "javax.net.ssl.trustStore" on the Java command-line to point
> to the default KeyStore. In contrast, on Android, if you create a
> TrustManagerFactory and specify a null KeyStore in the init() method,
> then Android sets the "javax.net.ssl.trustStore" Java system property
> to point to thatcacerts.bks file and you therefore get your
> TrustManagerFactory populated with those certificates (as a side-
> effect, you can also find out where the file is by querying the
> javax.net.ssl.trustStore Java system property).
>
> Seehttp://developer.android.com/reference/javax/net/ssl/TrustManagerFact...
>
> And, for those who are interested, the code where this is done is on
> lines 53-62 here:
>
> http://android.git.kernel.org/?p=platform/dalvik.git;a=blob;f=libcore...
>
> While this mechanism also doesn't appear to be documented, I would
> suggest that using this is preferable to relying on the particular
> pathname of thecacerts.bks file.
>
> On Mar 15, 8:47 pm, Kumar Bibek <[email protected]> wrote:
>
> > Yes, this would be available in all the devices. This is a storehouse
> > of all the valid certificates that Android(Browser and other apps)
> > accepts by default.
>
> > But, I guess, with this fact, you don;t have much freedom to do
> > anything with this file. You cannot edit this file from your program
> > if that is what you are looking for. You cannot even update this file
> > on a device through the adb.
>
> > Thanks and Regards,
> > Kumar Bibek
>
> > On Mar 15, 12:19 pm, p c <[email protected]> wrote:
>
> > >cacerts.bks is a certificate store, which is present on Droid at the
> > > location /system/etc/security/cacerts.bks.
>
> > > Would this certificate store be present on all the devices ? I
> > > searched through the Android documentation but could not find any
> > > mention of it.
>
> > > Does the default Android browser and mail client use it ? If not do
> > > they ship with their own certificate store ?
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
