Open nhatha12368 opened 4 weeks ago
@locnvbetasoft I did the same as in the instructions you sent but I don't know why when I connect to Android TV using webSocket it goes into onFailure and shows the error that there are no trusted certificates
Do you have a github link for detailed instructions in java or kotlin on this issue? Thanks you very much.
You must create a certificate that can use bouncycastle
public static X509Certificate generateX509V3Certificate(KeyPair pair, String name, Date notBefore, Date notAfter, BigInteger serialNumber) throws GeneralSecurityException { java.security.Security .addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
org.bouncycastle.x509.X509V3CertificateGenerator certGen = new org.bouncycastle.x509.X509V3CertificateGenerator();
X500Name dnName = new org.bouncycastle.asn1.x500.X500Name(name);
X500Principal principal = new X500Principal(name);
certGen.setSerialNumber(serialNumber);
// certGen.setIssuerDN(dnName);
// certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setIssuerDN(principal);
certGen.setSubjectDN(principal);
certGen.setNotBefore(notBefore);
certGen.setNotAfter(notAfter);
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extension.basicConstraints, true,
new BasicConstraints(false));
certGen.addExtension(X509Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment
| KeyUsage.keyCertSign));
certGen.addExtension(X509Extension.extendedKeyUsage, true,
new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
AuthorityKeyIdentifier authIdentifier = createAuthorityKeyIdentifier(
pair.getPublic(), dnName, serialNumber);
certGen.addExtension(X509Extension.authorityKeyIdentifier, true,
authIdentifier);
// certGen.addExtension(X509Extension.subjectKeyIdentifier, true,
// new SubjectKeyIdentifier(pair.getPublic()));
certGen.addExtension(X509Extension.subjectAlternativeName, false,
new GeneralNames(new GeneralName(GeneralName.rfc822Name,
"googletv@.Device")));
// This method is deprecated, but Android Eclair does not provide the
// generate() methods.
X509Certificate cert = certGen.generate(pair.getPrivate());
return cert;
}
public static X509Certificate generateX509V3Certificate(KeyPair pair,
String name) throws GeneralSecurityException {
Calendar calendar = Calendar.getInstance();
calendar.set(2009, 0, 1);
Date notBefore = new Date(calendar.getTimeInMillis());
calendar.set(2099, 0, 1);
Date notAfter = new Date(calendar.getTimeInMillis());
BigInteger serialNumber = BigInteger.valueOf(Math.abs(System
.currentTimeMillis()));
return generateX509V3Certificate(pair, name, notBefore, notAfter,
serialNumber);
}
@locnvbetasoft Are you Vietnamese? Can you send me the detailed content in this function? createAuthorityKeyIdentifier(pair.getPublic(), dnName, serialNumber);
private static AuthorityKeyIdentifier createAuthorityKeyIdentifier(
PublicKey publicKey, org.bouncycastle.asn1.x500.X500Name dnName,
BigInteger serialNumber) {
GeneralName genName = new GeneralName(dnName);
SubjectPublicKeyInfo info;
try {
info = new SubjectPublicKeyInfo((ASN1Sequence) new ASN1InputStream(
publicKey.getEncoded()).readObject());
} catch (IOException e) {
throw new RuntimeException("Error encoding public key");
}
return new AuthorityKeyIdentifier(info, new GeneralNames(genName),
serialNumber);
}
here
@locnvbetasoft Can you send me the code that uses this certificate? Thank you very much
https://github.com/Aymkdn/assistant-freebox-cloud/wiki/Google-TV-(aka-Android-TV)-Remote-Control-(v2)