Importing a Certificate into the Data Vault

Obtain a certificate reference and store it in a password-protected data vault to use for X.509 certificate authentication.

Importing a certificate from a system store is not supported on Android. You can only import a certificate binary large object (BLOB), which is a digitally signed copy of the public X.509 certificate, from a file directory.

// Obtain a reference to the certificate store
CertificateStore certStore = CertificateStore.getDefault();


// Import a certificate from a file on SDCard
String certFile = "/mnt/sdcard/mycert.p12";
String password = "my p12 password";

LoginCertificate cert = certStore.getSignedCertificateFromFile(certFile, password);

// Lookup or create data vault
String vaultPassword = ...; // ask user or from O/S protected storage
String vaultName = "..."; // for example, "SAP.CRM.CertificateVault"
String vaultSalt = "..."; // for example, a hard-coded random GUID
DataVault vault;
try
{
    vault = DataVault.getVault(vaultName);
    vault.unlock(vaultPassword, vaultSalt);
}
catch (DataVaultException ex)
{
    vault = DataVault.createVault(vaultName, vaultPassword, vaultSalt);
}

// Save certificate into data vault
cert.save("myCert", vault);

Parent topic: Single Sign-On With X.509 Certificate Related Object API