如何在没有用户交互的情况下以编程方式在 Android 上安装 CA 证书 | 如何在没有用户交互的情况下以编程方式在

本文介绍了如何在没有用户交互的情况下以编程方式在 Android 上安装 CA 证书的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我试图在不提示用户的情况下安装证书.我知道这不是一个好的做法，但这正是 PM 想要的.

I'm trying to install certificates without prompting the user. I know this is not good practice, but that's what PM wants.

使用KeyChain.createInstallIntent()，我可以通过调用startActivity让Android启动证书安装对话框.但是，当我将意图传递给 sendBroadcast 时，没有任何反应.也许平台出于安全原因不支持此功能?

Using KeyChain.createInstallIntent(), I can get Android to launch the certificate installation dialog by calling startActivity. However, when I pass the intent to sendBroadcast, nothing happens. Maybe the platform doesn't support this for security reasons?

String CERT_FILE = Environment.getExternalStorageDirectory() + "/test/IAT.crt";
Intent intent = KeyChain.createInstallIntent();
try {
    FileInputStream certIs = new FileInputStream(CERT_FILE);
    byte [] cert = new byte[(int)certFile.length()];
    certIs.read(cert);
    X509Certificate x509 = X509Certificate.getInstance(cert);
    intent.putExtra(KeyChain.EXTRA_CERTIFICATE, x509.getEncoded());
    intent.putExtra(KeyChain.EXTRA_NAME, "IAT Cert");
    EapActivity.this.startActivityForResult(intent, 0);  // this works but shows UI
    EapActivity.this.sendBroadcast(intent);  // this doesn't install cert
} catch (IOException e) {

推荐答案

只有拥有系统权限才能静默安装证书.显示确认对话框是有意的，因为信任证书可能会产生严重后果——Android 可以在没有警告的情况下愉快地打开网络钓鱼站点等.也就是说，ICS/JB 中的对话框非常糟糕——它没有告诉你什么您正在安装的证书以及谁颁发的证书，只是它是一个 CA 证书，这很明显.

You can only install certificates silently if you have system privileges. Showing up a confirmation dialog is intentional, since trusting certificates can have serious consequences -- Android could happily open phishing sites without a warning, etc. That said, the dialog in ICS/JB is pretty bad -- it doesn't tell you what certificate you are installing and who issued it, just that it's a CA certificate, which is kind of obvious.

因此，要么使用公共 KeyChain API 并使用 startActivity() 获取确认对话框，要么在将设备处理给用户之前预先配置设备.

So, either use the public KeyChain API and use startActivity() to get the confirmation dialog, or pre-provision devices before handling them to users.

更新:在 Android 4.4 中，DevicePolicyManager 有一个隐藏的 API (installCaCert)，允许您静默安装证书.您需要 MANAGE_CA_CERTIFICATES 权限，即 signature|system，因此对于用户安装的应用程序仍然不可行.

Update: In Android 4.4, DevicePolicyManager has a hidden API (installCaCert) that allows you to install certificates silently. You need the MANAGE_CA_CERTIFICATES permission, which is signature|system, so still not doable for user-installed apps.

这篇关于如何在没有用户交互的情况下以编程方式在 Android 上安装 CA 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！