Menu
I have already implemented leaf certificate in my project it's working fine. Please check the below code,now the problem is leaf certificate will expire after one year in my server so I want to validate the leaf certificate so that when it expires/invalid I canto use intermediate certificate?
Is there any example to implement intermediate certificate?
Please help me!
Code:-
SSLContext sslContext = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getResources().openRawResource(certRawRef);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext;
} catch (Exception e) {
Log.e("EXCEPTION",e.toString());
//Print here right certificate failure issue
}
523
Once you know a host's certificate or public key, you pin it to that host. In other words, you configure the app to reject all but one or a few predefined certificates or public keys. Whenever the app connects to a server, it compares the server certificate with the pinned certificate(s) or public key(s).
The pinning of a leaf certificate virtually assures a certificate match. Leaf certificates — also known as end-user or end-entity certificates — should typically be revoked and replaced fairly often, requiring corresponding updates to all client applications.
Finally i found the Answer:-
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInputLeaf = context.getResources().openRawResource(leafCert);
InputStream caInputInter = context.getResources().openRawResource(interCert);
try {
if (cf != null) {
ca = cf.generateCertificate(caInputLeaf);
URL url = new URL(URL);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.connect();
chain = conn.getServerCertificates();
if(chain!=null && chain[0].equals(ca)) { //Return Leaf certificate
return ca;
}
else{ //Return Intermediate certificate
ca = cf.generateCertificate(caInputInter);
return ca;
}
}
} catch (Exception cee) {
ca = cf.generateCertificate(caInputInter);
return ca;
}
} catch (Exception e) {
Log.e("EXCEPTION", e.toString());
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With