android - sirven - que pasa si se borran las credenciales de un celular
Listado de todos los certificados instalados en Android (5)
Estoy escribiendo una aplicación que enumera todos los certificados instalados en el dispositivo. Pero encontré que hay dos lugares donde se almacenan los certificados:
Sistema / etc / security / cacerts.bks : este archivo contiene una lista de todos los certificados preinstalados. Puedo leer este archivo usando la clase de almacén de claves definida en frameworks / base / keystore / java / android / security.
data / misc / keystore : otra forma de instalar certificados (por ejemplo, a través de la aplicación certinstaller) instala un certificado de terceros y realiza su entrada en este directorio.
Pero no entiendo cómo leer la información del certificado como SerialNumber, IssuerDN, etc. de este archivo.
Al mirar a través de / etc / security / cacerts, veo una lista de todos estos certificados almacenados como prueba ASCII. Los parámetros que ha solicitado, la información del número de serie y del emisor se almacenan como texto. Solo ábralo como un archivo de texto y lea las cadenas que está buscando.
# ls -al /etc/security/cacerts/ff783690.0
ls -al /etc/security/cacerts/ff783690.0
-rw-r--r-- root root 5106 2011-12-13 23:49 ff783690.0
# cat /etc/security/cacerts/ff783690.0
cat /etc/security/cacerts/ff783690.0
-----BEGIN CERTIFICATE-----
MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG
A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe
MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v
d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh
cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn
0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ
M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a
MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd
oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI
DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy
oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0
dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy
bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF
BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM
//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli
CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE
CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t
3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS
KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:be:0c:8b:50:00:24:b4:11:d3:36:2a:fe:65:0a:fd
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Validity
Not Before: Jul 9 18:10:42 1999 GMT
Not After : Jul 9 18:19:22 2019 GMT
Subject: C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:b1:f7:c3:38:3f:b4:a8:7f:cf:39:82:51:67:d0:
6d:9f:d2:ff:58:f3:e7:9f:2b:ec:0d:89:54:99:b9:
38:99:16:f7:e0:21:79:48:c2:bb:61:74:12:96:1d:
3c:6a:72:d5:3c:10:67:3a:39:ed:2b:13:cd:66:eb:
95:09:33:a4:6c:97:b1:e8:c6:ec:c1:75:79:9c:46:
5e:8d:ab:d0:6a:fd:b9:2a:55:17:10:54:b3:19:f0:
9a:f6:f1:b1:5d:b6:a7:6d:fb:e0:71:17:6b:a2:88:
fb:00:df:fe:1a:31:77:0c:9a:01:7a:b1:32:e3:2b:
01:07:38:6e:c3:a5:5e:23:bc:45:9b:7b:50:c1:c9:
30:8f:db:e5:2b:7a:d3:5b:fb:33:40:1e:a0:d5:98:
17:bc:8b:87:c3:89:d3:5d:a0:8e:b2:aa:aa:f6:8e:
69:88:06:c5:fa:89:21:f3:08:9d:69:2e:09:33:9b:
29:0d:46:0f:8c:cc:49:34:b0:69:51:bd:f9:06:cd:
68:ad:66:4c:bc:3e:ac:61:bd:0a:88:0e:c8:df:3d:
ee:7c:04:4c:9d:0a:5e:6b:91:d6:ee:c7:ed:28:8d:
ab:4d:87:89:73:d0:6e:a4:d0:1e:16:8b:14:e1:76:
44:03:7f:63:ac:e4:cd:49:9c:c5:92:f4:ab:32:a1:
48:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
A1:72:5F:26:1B:28:98:43:95:5D:07:37:D5:85:96:9D:4B:D2:C3:45
X509v3 CRL Distribution Points:
URI:http://crl.usertrust.com/UTN-USERFirst-Hardware.crl
X509v3 Extended Key Usage:
TLS Web Server Authentication, IPSec End System, IPSec Tunnel, I
PSec User
Signature Algorithm: sha1WithRSAEncryption
47:19:0f:de:74:c6:99:97:af:fc:ad:28:5e:75:8e:eb:2d:67:
ee:4e:7b:2b:d7:0c:ff:f6:de:cb:55:a2:0a:e1:4c:54:65:93:
60:6b:9f:12:9c:ad:5e:83:2c:eb:5a:ae:c0:e4:2d:f4:00:63:
1d:b8:c0:6c:f2:cf:49:bb:4d:93:6f:06:a6:0a:22:b2:49:62:
08:4e:ff:c8:c8:14:b2:88:16:5d:e7:01:e4:12:95:e5:45:34:
b3:8b:69:bd:cf:b4:85:8f:75:51:9e:7d:3a:38:3a:14:48:12:
c6:fb:a7:3b:1a:8d:0d:82:40:07:e8:04:08:90:a1:89:cb:19:
50:df:ca:1c:01:bc:1d:04:19:7b:10:76:97:3b:ee:90:90:ca:
c4:0e:1f:16:6e:75:ef:33:f8:d3:6f:5b:1e:96:e3:e0:74:77:
74:7b:8a:a2:6e:2d:dd:76:d6:39:30:82:f0:ab:9c:52:f2:2a:
c7:af:49:5e:7e:c7:68:e5:82:81:c8:6a:27:f9:27:88:2a:d5:
58:50:95:1f:f0:3b:1c:57:bb:7d:14:39:62:2b:9a:c9:94:92:
2a:a3:22:0c:ff:89:26:7d:5f:23:2b:47:d7:15:1d:a9:6a:9e:
51:0d:2a:51:9e:81:f9:d4:3b:5e:70:12:7f:10:32:9c:1e:bb:
9d:f8:66:a8
SHA1 Fingerprint=04:83:ED:33:99:AC:36:08:05:87:22:ED:BC:5E:46:00:E3:BE:F9:D7
Para mí y mi Mac con 10.7.5 y la herramienta JavaVM + keytool incluida, el proceso descrito por Shashwat Shriparv es ligeramente diferente:
adb pull /system/etc/security/cacerts.bks cacerts.bks
wget http://bouncycastle.org/download/bcprov-jdk16-141.jar
keytool -list -v -keystore cacerts.bks -storepass "" -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath ./bcprov-jdk16-141.jar
Uso el siguiente fragmento de código para listar
public void PrintInstalledCertificates( ){
try
{
KeyStore ks = KeyStore.getInstance("AndroidCAStore");
if (ks != null)
{
ks.load(null, null);
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements())
{
String alias = (String) aliases.nextElement();
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) ks.getCertificate(alias);
//To print System Certs only
if(cert.getIssuerDN().getName().contains(“system”)){
System.out.println(cert.getIssuerDN().getName());
}
//To print User Certs only
if(cert.getIssuerDN().getName().contains(“user”)){
System.out.println(cert.getIssuerDN().getName());
}
//To print all certs
System.out.println(cert.getIssuerDN().getName());
}
}
} catch (IOException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (java.security.cert.CertificateException e) {
e.printStackTrace();
}
}
Here hay una aplicación de Android de código abierto que podría ayudarte a ver la información del Certificado X509
1. get the certificates file
adb pull /system/etc/security/cacerts.bks cacerts.bks
2. download http://bouncycastle.org/download/bcprov-jdk16-141.jar and place it on $JAVA_HOME/jre/lib/ext/
3. run the keytool utility
keytool -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass -keystore cacerts.bks -list -v