Android截击错误：“未找到证书路径的信任锚”，仅在真实的设备中，而不是模拟器中

hfwmuf9z 于 2023-06-04 发布在 Android

关注(0)|答案(5)|浏览(185)

我在我的Android应用程序中遇到了一个问题，在我的一个片段中，我使用volley来执行网络请求：

JsonObjectRequest request = new JsonObjectRequest(
            Request.Method.POST,
            CustomNetworkManager.getInstance(this.getActivity().getApplicationContext()).getRequestUrl(url),
            requestData,
            new Response.Listener<JSONObject>() {
                @Override
                public void onResponse(JSONObject response) {
                    // process response
                    } catch (JSONException e) {
                        e.printStackTrace();
                    }
                }
            },
            new Response.ErrorListener() {
                @Override
                public void onErrorResponse(VolleyError error) {
                    Log.d("FeedFragment", "Volley error: " + error.toString());
                }
            });

在一个真实的设备上，我得到以下错误（运行API 23）：

D/FeedFragment: Volley error: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

在运行相同API版本的AVD中，它工作正常。我检查了其他类似的线程，但找不到答案。
谢谢你的帮助

edit：如果有人遇到同样的错误，请确保您的证书没有任何问题（http：//developer.android.com/intl/pt-br/training/articles/security-ssl.html#CommonProblems）

android

来源：https://stackoverflow.com/questions/36043324/android-volley-error-trust-anchor-for-certification-path-not-found-only-in-r

5条答案

按热度按时间

bq8i3lrv1#

尝试将此函数添加到您的应用程序中：

/**
     * Enables https connections
     */
    @SuppressLint("TrulyRandom")
    public static void handleSSLHandshake() {
        try {
            TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }

                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }};

            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String arg0, SSLSession arg1) {
                    return true;
                }
            });
        } catch (Exception ignored) {
        }
    }

然后在Application onCreate中调用它。

更新：

此代码不相关，不应使用！这是Google禁止的。有关更多信息，请查看here。

赞(0）回复(0）举报 2023-06-04

toe950272#

万一有人还在用Volley...
按照此处的说明操作：
https://developer.android.com/training/articles/security-ssl#java
下载证书文件（.crt），将其放入assets目录（在java和res目录旁边），然后更改以下代码：

InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));

使用资源中的文件：

InputStream caInput = new BufferedInputStream(getAssets().open("load-der.crt"));

忘了后面的部分吧

// Tell the URLConnection to use a SocketFactory from our SSLContext

并添加一行：

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());

在建立任何连接之前运行此代码。
就这样

赞(0）回复(0）举报 2023-06-04

inb24sb23#

这解决了我的问题，试图运行我的android凌空应用程序对弧焊机只需要运行一次。。在最初的飞溅活动

赞(0）回复(0）举报 2023-06-04

z9smfwbn4#

步骤1：创建一个实现X509TrustManager的HttpsTrustManager类：

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsTrustManager implements X509TrustManager {

    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

    @Override
    public void checkClientTrusted(
            java.security.cert.X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    @Override
    public void checkServerTrusted(
            java.security.cert.X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    public boolean isClientTrusted(X509Certificate[] chain) {
        return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
        return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }

        });

        SSLContext context = null;
        if (trustManagers == null) {
            trustManagers = new TrustManager[]{new HttpsTrustManager()};
        }

        try {
            context = SSLContext.getInstance("TLS");
            context.init(null, trustManagers, new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }

        HttpsURLConnection.setDefaultSSLSocketFactory(context
                .getSocketFactory());
    }

}

步骤2：在发出HTTPS请求之前添加HttpsTrustManager.allowAllSSL()：