{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《Using the Android TrustStore for aSmack in Android》','https://www.manongdao.com/q-511290.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am not an expert on keystores and have a hard time understanding the nuances of this but this is how far I got:
In creating a xmpp-connection using the asmack build found here one still has to change the truststore, which usually, so say multiple sources on the web, is done using these commands
ConnectionConfiguration config = new ConnectionConfiguration(host, Integer.parseInt(port), service);
config.setTruststorePath("/system/etc/security/cacerts.bks");
config.setTruststorePassword("changeit");
config.setTruststoreType("bks");
XMPPConnection connection = new XMPPConnection(connConfig);
connection.connect();
This works find for older Android versions but under ICS they changed some things and now it does not anymore.The path now is diferent.
Apparently this can be fixed but I have no earthly idea how.
What is needed, obviously, is a method that returns the path depending on SDK version that returns the needed string to set the sdk-path since you can not just return the keystore itself to the xmpp-connection.
In reference to this that method would look like this:
private String getTrustStorePath()
{
String path = System.getProperty("javax.net.ssl.trustStore");
if (path == null)
{
if ( Build.VERSION.SDK_INT >= 14 )
{
//THIS IS THE PART I DONT KNOW
path="";
}
else
{
path = "/system/etc/security/cacerts.bks";
}
return path;
}
Here a commenter says that under Android "4.x; /etc/security/cacerts.bks was replaced with the directory/etc/security/cacerts/ containing the certs as individual PEM encoded files." however, I do not know what relevance, if any, this has.
I have also checked out the code of two projects using xmpp and asmack (gtalksms and yaxim but did not see how they avoid this problem.
Try this:
See https://github.com/Flowdalic/asmack/wiki/Truststore and some background explanation at http://nelenkov.blogspot.com/2011/12/ics-trust-store-implementation.html.
The trust store in ICS is not in a single .bks file any more, but in separate PEM-encoded files in the
/system/etc/security/cacertsdirectory. User-added certs can be placed in/data/misc/keychain/cacerts-added. More details can be found here.Your cert file must be named as:
subject-hash.Nwhere N is an sequential integer starting from 0 (usually just 0, but if 0 is already used, then 1, etc).To get the subject-hash of your cert, you can use openssl like this:
openssl x509 -noout -subject_hash_old -in my-cert-file.pem