Bouncy Castle Keystore (BKS) : java.io.IOException: Wrong version of key store

Question

I have to connect to a REST based webservice.

(https://someurl.com/api/lookup/jobfunction/lang/EN)

In IE or chrome browser when I try to access this URL, I get a certificate that I have to trust and accept to continue After that I have to enter username and password and then I get JSON response.

Same thing I have to do it programatically for an android app.

1. Tried with custom EasySSLSocketFactory and EasyX509TrustManager , Didnt work. I got the following error : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

2. Used the BKS keystore, please note that mykeystore.bks is an empty file before i executed the below commands

   keytool -importcert -v -trustcacerts -file "test.crt" -alias IntermediateCA -keystore   "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath   "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234
   
   
   keytool -list -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider  -providerpath "bcprov-jdk15on-148.jar" -storetype BKS -storepass abcd1234
   

MyHTTPClient.java looks like below :

public class MyHttpClient extends DefaultHttpClient { 

final Context context; 

public MyHttpClient(Context context) { 
    this.context = context; 
} 

@Override
protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    // Register for port 443 our SSLSocketFactory with our keystore 
    // to the ConnectionManager 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
} 

private SSLSocketFactory newSslSocketFactory() { 
    try { 
        // Get an instance of the Bouncy Castle KeyStore format 
        KeyStore trusted = KeyStore.getInstance("BKS"); 
        // Get the raw resource, which contains the keystore with 
        // your trusted certificates (root and any intermediate certs) 
        InputStream in = context.getResources().openRawResource(R.raw.mykeystore); 
        try { 
            // Initialize the keystore with the provided trusted certificates 
            // Also provide the password of the keystore 
            trusted.load(in, "abcd1234".toCharArray()); 
        } finally { 
            in.close(); 
        } 
        // Pass the keystore to the SSLSocketFactory. The factory is responsible 
        // for the verification of the server certificate. 
        SSLSocketFactory sf = new SSLSocketFactory(trusted); 
        // Hostname verification from certificate 
        // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); 
        return sf; 
    } catch (Exception e) { 
        throw new AssertionError(e); 
    } 
} 

When I call the webservice , I am getting the below error : Caused by: java.lang.AssertionError: java.io.IOException: Wrong version of key store

Please tell me what I have to do to connect to HTTPS based rest webservice which has username and passwd credentials. ......

Answer 1

I got help from someone others. the solution is steps follow:

• 1、Download tool KeyStore Explorer
• 2、After install, open your bks certificate, then find Tools->Change Type
• 3、select BKS-V1, then save and use it.

Answer 2

Version 148 of the BC jar doesn't work with Android. Use version 146 or 147.