Obtain a certificate reference and store it in a password-protected data vault to use for X.509 certificate authentication.
You can import a certificate binary large object (BLOB), which is a digitally signed copy of the public X.509 certificate, from either a file directory or from X509Certificate/PrivateKey retrieved from system credential storage using the Android KeyChain API.
// Obtain a reference to the certificate store
CertificateStore certStore = CertificateStore.getDefault();
// Import a certificate from a file on SDCard
String certFile = "/mnt/sdcard/mycert.p12";
String password = "my p12 password";
LoginCertificate cert = certStore.getSignedCertificateFromFile(certFile, password);
// Import a certificate blob from the system credential storage
X509Certificate[] certChain = KeyChain.getCertificateChain(context, alias);
PrivateKey privateKey = KeyChain.getPrivateKey(context, alias);
LoginCertificate cert = certStore.getSignedCertificate(certChain[0], privateKey);
// Lookup or create data vault
String vaultPassword = ...; // ask user or from O/S protected storage
String vaultName = "..."; // for example, "SAP.CRM.CertificateVault"
String vaultSalt = "..."; // for example, a hard-coded random GUID
DataVault vault;
try
{
vault = DataVault.getVault(vaultName);
vault.unlock(vaultPassword, vaultSalt);
}
catch (DataVaultException ex)
{
vault = DataVault.createVault(vaultName, vaultPassword, vaultSalt);
}
// Save certificate into data vault
cert.save("myCert", vault);