Wrong version of keystore on android call

Question

I want to make a https request.

I use bouncycastle to generate the keystore like this :

keytool -importcert -trustcacerts -alias ludevCA -file lu_de         


        

Answer 1

Solution is Here , able to remove the version prolem

Creating BKS file for android client

Software installation details required to create BKS file:

Download Keystore Explorer software from link http://keystore-explorer.sourceforge.net/

Download UnlimitedJCEPolicyJDK7 from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Extract zip and copy US_export_policy and local_policy to your C:/programes file/java/jre7/lib/security folder.

install Keystore Explorer software.

Steps to Generate BKS file: (Need CA file , Certificate file , Key File and .P12 i.e.PKCS file(if available).

1) Creating Trust file using CA .crt file using keystore software.

Steps:

Open software
Go File->New->select .BKS from the wizard To import CA certificate file Go Tool->Import trusted certificate ->select CA .crt file -> entert password->(It will throwa an exception if certificate is self sign) import file forcefully.

4.Save file with .bks extension.

2) Creating Key file using .P12 file using keystore software

Steps

Open software Go File->New->select .BKS from the wizard

Import >p12 file Go Tool -> Import key pair -> select PKCS #12 from wizard - >enter decription password for file and brows file -> Enter alise name(if want to change else can keep as it is) ->Enter new password

Save file with .bks extension.

3) Creating Key file using if .P12 is not available file using keystore software

Steps

Open software

Go File->New->select .BKS from the wizard Import >p12 file Go Tool -> Import key pair -> select OpenSSL from wizard - >unchecked decription password for file ,brows .key and .crt (Certificate file not CA) file -> Enter alise name(if want to change else can keep as it is) ->Enter new password

Save file with .bks extension.

Copy both file in res/raw folder(Both BKS file are compulsarry).

Code:

 static final String ENABLED_CIPHERS[] = {
    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
    "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
    "TLS_RSA_WITH_AES_256_CBC_SHA",
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "SSL_RSA_WITH_3DES_EDE_CBC_SHA",
    "SSL_RSA_WITH_RC4_128_SHA",
    "SSL_RSA_WITH_RC4_128_MD5",
};
// put this in a place where it can be reused
static final String ENABLED_PROTOCOLS[] = {
        "TLSv1.2", "TLSv1.1", "TLSv1"
    };

   private void sslCon()
    {
        try {
                             // setup truststore to provide trust for the server certificate
              // load truststore certificate
            InputStream trustStoresIs = getResources().openRawResource(R.raw.client_ca);
            String trustStoreType = KeyStore.getDefaultType();
            KeyStore trustStore = KeyStore.getInstance(trustStoreType);
            trustStore.load(trustStoresIs, "spsoft_123".toCharArray());
            //keyStore.setCertificateEntry("ca", ca);

            // initialize trust manager factory with the read truststore
            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(trustStore);

            // setup client certificate
            // load client certificate
            InputStream keyStoreStream = getResources().openRawResource(R.raw.client_cert_key);
            KeyStore keyStore = null;
            keyStore = KeyStore.getInstance("BKS");
            keyStore.load(keyStoreStream, "your password".toCharArray());

            KeyManagerFactory keyManagerFactory = null;
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, "your password".toCharArray());

            // Create an SSLContext that uses our TrustManager
            SSLContext context = SSLContext.getInstance("SSL");
            context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null);

            SSLSocketFactory sslsocketfactory = (SSLSocketFactory)context.getSocketFactory();
            InetAddress serverAddr = InetAddress.getByName("192.168.11.104");
            sslSocket = (SSLSocket) sslsocketfactory.createSocket(serverAddr, 5212);
            //String[] ciphers = sslSocket.getEnabledCipherSuites();
            sslSocket.setEnabledCipherSuites(ENABLED_CIPHERS);
            // put this right before setEnabledCipherSuites()!
            //sslSocket.setEnabledProtocols(ENABLED_PROTOCOLS);
            //InputStream inputStream =  sslSocket.getInputStream();
            OutputStream out = sslSocket.getOutputStream();

            Toast.makeText(getApplicationContext(), "Connected", Toast.LENGTH_SHORT).show();
            sslSocket.close();


        } catch (KeyManagementException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (CertificateException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (FileNotFoundException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (KeyStoreException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

    }

}