ssl android java.security.cert.CertPathValidatorException:找不到证书路径的信任锚

drkbr07n  于 2023-10-19  发布在  Android
关注(0)|答案(3)|浏览(152)

我正在洛丁一个密钥库,这是一个https连接所需的我试图使。但是我得到错误java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。使用的方法如下:

public  HttpsURLConnection setUpHttpsConnection()
{
    String HttpMessage="";
    int HttpResult=0;
    HttpsURLConnection urlConnection=null;
    try
    {
        Log.i("status","inside method..");

        InputStream caInput = getAssets().open("myapp_key.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        String pfxPassword = "test123"; // change it to the correct password
        keyStore.load(caInput, pfxPassword.toCharArray());
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        TrustManager[] trustManagers = tmf.getTrustManagers();
        final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];

        TrustManager[] wrappedTrustManagers = new TrustManager[]{
                new X509TrustManager() {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return origTrustmanager.getAcceptedIssuers();
                    }

                    public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                        origTrustmanager.checkClientTrusted(certs, authType);
                    }

                    public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                        try {
                            origTrustmanager.checkServerTrusted(certs, authType);
                        } catch (CertificateExpiredException e) {
                            e.printStackTrace();
                        }
                    }
                }
        };

        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, wrappedTrustManagers, null);

        // Tell the URLConnection to use a SocketFactory from our SSLContext
        urlConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        URL url = new URL("https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments/");
        urlConnection =(HttpsURLConnection)url.openConnection();
        urlConnection.setDoOutput(true);
        urlConnection.setRequestMethod("POST");
        urlConnection.setRequestProperty("Content-Type", "application/json");
        urlConnection.setRequestProperty("Authorization", "SYZK9LIO98QIQNQ27H6921fgRyt63FHIxrQP76m0hNYT6BZ7I:pB1g5XX3Hw58buPENR03ZM4Vgm7P");
        InputStream in = urlConnection.getInputStream();
       BufferedReader  reader = new BufferedReader(new InputStreamReader(in));
        String res = reader.toString();
        System.out.println(res);



    }catch(SSLHandshakeException he){
        he.printStackTrace();
    }
    catch (Exception ex)
    {
        Log.e("error", "Failed to establish SSL connection to server: " + ex.toString());
        return null;
    }
    return urlConnection;
}

这是错误:

02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:306)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:151)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:190)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant.setUpHttpsConnection(PayMerchant.java:515)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:238)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:170)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:288)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.lang.Thread.run(Thread.java:818)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:209)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$4.checkServerTrusted(PayMerchant.java:495)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:525)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:  ... 18 more
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
3j86kqsm

3j86kqsm1#

检查证书链。链中的所有证书都可用吗?还是需要额外下载?
我在我的应用程序中有相同的消息,并注意到我的链缺少中间证书。一旦我把这个放在我的.pem文件中,我的问题就解决了。
使用https://www.ssllabs.com检查您的应用程序。

htrmnn0y

htrmnn0y2#

我在我的Retrofit2项目中遇到了同样的问题,通过以下方式解决

public static OkHttpClient getUnsafeOkHttpClient() {

    try {
        final TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return new java.security.cert.X509Certificate[]{};
                    }
                }
        };

        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.sslSocketFactory(sslSocketFactory);

        builder.hostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

        return builder.build();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }

}

然后更改
OkHttpClient okHttpClient = new OkHttpClient();
收件人:
OkHttpClient okHttpClient = getUnsafeOkHttpClient();

oogrdqng

oogrdqng3#

在我的情况下,原因是在Android模拟器上使用代理服务器(我使用Charles)。我只是添加了服务器部分“旁路代理”(在模拟器上的wifi设置)。在Charles中可以找到大量的服务器。或者你可以juct禁用代理。

相关问题