Re: [mono-android] KeyChain API on Android 4.1 and client certificate authentication

Thu, 07 Feb 2013 08:35:03 -0800 

Hello,
This seems to be common to Java and Android 4.1 issue. I found these StackOverflow. Maybe you can use some technique described there (either by using [DllImport], or create jar for them and use binding library). 

http://stackoverflow.com/questions/11261774/using-android-4-1-keychain
http://stackoverflow.com/questions/12507697/keychain-getprivatekeycontext-string-on-android-4-1

Atsushi Eno

Nikola wrote:

Hi,

I need to issue HTTP requests against a server that requires authentication
with client certificates. So far (on Android 4.0), I've been using KeyChain
API to get the certificate and the associated private key:

          X509Certificate[] certificateChain =
KeyChain.GetCertificateChain(this, alias);
          IPrivateKey privateKey = KeyChain.GetPrivateKey(this, alias);

Then, I've used the following code to get raw representation of both the
certificate chain and the private key so that I can create .NET
X509Certificate2 instance out of them:

          KeyStore pkcs12KeyStore = KeyStore.GetInstance("PKCS12");
          pkcs12KeyStore.Load(null, null);
          pkcs12KeyStore.SetKeyEntry(alias, privateKey, null,
certificateChain);

          Java.Security.Cert.X509Certificate javaCertificate =
(Java.Security.Cert.X509Certificate)pkcs12KeyStore.GetCertificate(alias);

          PKCS8.PrivateKeyInfo privateKeyInfo = new
PKCS8.PrivateKeyInfo(privateKey.GetEncoded());
          RSA privatekeyRsa =
PKCS8.PrivateKeyInfo.DecodeRSA(privateKeyInfo.PrivateKey);

          X509Certificate2 certificate = new
X509Certificate2(javaCertificate.GetEncoded());
          certificate.PrivateKey = privatekeyRsa;

I was then able to create and issue web requests with this certificate using
standard .NET's HttpWebRequest class:

          HttpWebRequest request = (HttpWebRequest)WebRequest.Create(@"url");
          request.ClientCertificates.Add(certificate);

*Now, the problem:* On Android 4.1, this code stopped working. It is no
longer possible to get raw representation of private key
(privateKey.GetEncoded() returns null), therefore, I can no longer convert
it to .NET's X509Certificate2 instance.

Is there some alternative that would allow me to create X509Certificate2
with the KeyChain API?

Thank you very much for any input!



--
View this message in context: 
http://mono-for-android.1047100.n5.nabble.com/KeyChain-API-on-Android-4-1-and-client-certificate-authentication-tp5712844.html
Sent from the Mono for Android mailing list archive at Nabble.com.
_______________________________________________
Monodroid mailing list
Monodroid@lists.ximian.com

UNSUBSCRIBE INFORMATION:
http://lists.ximian.com/mailman/listinfo/monodroid





_______________________________________________
Monodroid mailing list
Monodroid@lists.ximian.com

UNSUBSCRIBE INFORMATION:
http://lists.ximian.com/mailman/listinfo/monodroid






















					Reply via email to