linux下用公鑰，私鑰創建Android bks證書

bks證書一般用於在android的應用https協議，有兩種情形，
1. android上做客戶端和https server 通信
2. android上做服務端創建一個https server,
3.
而https 需要bks證書文件支持

步驟：

a. Install jdk and set JAVA_HOME, ensure ‘keytool’ in PATH environment.

jerome1984@cws15]$ which keytool
/opt/jdk/bin/keytool
jerome1984@cws15]$ echo $JAVA_HOME
/opt/jdk

b. 確保公鑰，私鑰文件，bcprov-jdk16-141.jar 在同一個目錄下
c. 用公鑰，私鑰文件生成p12格式的證書文件

jerome1984@cws15]$ openssl pkcs12 -export -in my_public.crt -inkey my_private.key -out my_tmp.p12 -name plum_file <--別名
Enter Export Password: chengdu   <-- .p12 password
Verifying - Enter Export Password: chengdu

d. 把p12正式轉換爲bks證書

jerome1984@cws15]$ keytool -importkeystore -srckeystore my_tmp.p12 -srcstoretype pkcs12 -destkeystore my_final.bks -deststoretype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar 

Enter destination keystore password:  mypassword <-- bks password, private key password 
Re-enter new password: 

Enter source keystore password:  chengdu   <-- above .p12 password, keystore file's password
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

e. 驗證bks文件

keytool -list -keystore my_final.bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-141.jar -storetype BKS -storepass chengdu

Keystore type: BKS
Keystore provider: BC

Your keystore contains 1 entry

1, May 14, 2015, PrivateKeyEntry, 
Certificate fingerprint (SHA1): CF:F5:CB:C6:1E:AE:5C:39:34:25:62:25:55:24:6E:76:AF:9A:7F:D2

公鑰 my_public.crt, 私鑰 my_private.key是根據證書頒發機構頒發的證書做爲根證書籤發的

java代碼調用

public void setSSLContext() {
        char[] password = Config.sCertFilePwd.toCharArray(); //chengdu
        char[] privateKeyPwd = Config.sCertPrivateKeyPwd.toCharArray(); //mypassword
        InputStream is = null;
        KeyStore ks = null;
        try {
            ks = KeyStore.getInstance("BKS");
            is = NanoHttpServer.class.getClassLoader().getResourceAsStream(Config.sCertFilePath);
//          FileInputStream fis = new FileInputStream("assets/my_final.bks"); //viacube_server.keystore mykey
            ks.load(is, password);
            Key k = ks.getKey("plum_file", privateKeyPwd);
            if (k != null) {
                LogHelper.d(TAG, "k.getAlgorithm() = " + k.getAlgorithm());
            } else {
                LogHelper.d(TAG, "no private key for this android https server");
            }
            // setup the key manager factory
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            kmf.init(ks, privateKeyPwd);
            SSLServerSocketFactory sf = NanoHTTPD.makeSSLSocketFactory(ks, kmf);
            makeSecure(sf);
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } finally {
            if (is != null) {
                try {
                    is.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    }