Closed mbsysd00 closed 5 years ago
We will have a new property (Keystore-Type
). Default is JKS
if not specified.
On Android devices, the keystore type is usually BKS
. So, the user will set Keystore-Type = BKS
Do we need a new configuration type, or can we infer it from the environment?
Some Android devices may have PKCS12 as keystore type. So, get use Keystore.getDefaultType()
we may get a correct answer. Not sure if we can rely on getDefaultType().
I have found an example for creating BKS keystore for Android platform : https://docs.wso2.com/display/EMM200/Generating+a+BKS+File+for+Android
For my tests
I created 2 BKS files.
Security->Connection Security->CA Certificates
Tests:
TLS with Token
This will require the client to authenticate the server certificate from Watson IoT Platform (no client certificate authentication)TLS with Client Certificate AND Token
This will require server and client certificates authenticationProperties:
Use-Secure-Certificate=true
Keystore-Type
Optional, KeyStore.getDefaultType() will be called if not speicfied. (e.g. Keystore-Type=BKS)TrustStorePath
Fully qualified path to trust storeTrustStorePassword
Password to access the trust storeKeyStorePath
Fully qualified path to client key storeKeyStorePassword
Password to access the client key storeThe fix is now in master branch. It will be available in the next release.
I followed the instructions to create a client certificate here and use them to authenticate android smartwatches to connect to the Watson IoT Platform.
Problem in here. How to porting SSL of AbstractClient.java to support android? I changed the KeyStore.getInstance ("JKS") to KeyStore.getInstance ("BKS") but I got an error log on server like this "Invalid userID () for auth device: ClientID = 'd: v718vj: M1: 1', ClientIP = 202.67 .XX.XXX "