我正在洛丁一个密钥库,这是一个https连接所需的我试图使。但是我得到错误java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。使用的方法如下:
public HttpsURLConnection setUpHttpsConnection()
{
String HttpMessage="";
int HttpResult=0;
HttpsURLConnection urlConnection=null;
try
{
Log.i("status","inside method..");
InputStream caInput = getAssets().open("myapp_key.p12");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
String pfxPassword = "test123"; // change it to the correct password
keyStore.load(caInput, pfxPassword.toCharArray());
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];
TrustManager[] wrappedTrustManagers = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return origTrustmanager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
origTrustmanager.checkClientTrusted(certs, authType);
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
origTrustmanager.checkServerTrusted(certs, authType);
} catch (CertificateExpiredException e) {
e.printStackTrace();
}
}
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, wrappedTrustManagers, null);
// Tell the URLConnection to use a SocketFactory from our SSLContext
urlConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL("https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments/");
urlConnection =(HttpsURLConnection)url.openConnection();
urlConnection.setDoOutput(true);
urlConnection.setRequestMethod("POST");
urlConnection.setRequestProperty("Content-Type", "application/json");
urlConnection.setRequestProperty("Authorization", "SYZK9LIO98QIQNQ27H6921fgRyt63FHIxrQP76m0hNYT6BZ7I:pB1g5XX3Hw58buPENR03ZM4Vgm7P");
InputStream in = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
String res = reader.toString();
System.out.println(res);
}catch(SSLHandshakeException he){
he.printStackTrace();
}
catch (Exception ex)
{
Log.e("error", "Failed to establish SSL connection to server: " + ex.toString());
return null;
}
return urlConnection;
}这是错误:
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:306)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.Connection.connect(Connection.java:151)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:190)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant.setUpHttpsConnection(PayMerchant.java:515)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:238)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:170)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:288)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:237)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.lang.Thread.run(Thread.java:818)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:209)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$4.checkServerTrusted(PayMerchant.java:495)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:525)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: ... 18 more
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
3条答案
按热度按时间3j86kqsm1#
检查证书链。链中的所有证书都可用吗?还是需要额外下载?
我在我的应用程序中有相同的消息,并注意到我的链缺少中间证书。一旦我把这个放在我的.pem文件中,我的问题就解决了。
使用https://www.ssllabs.com检查您的应用程序。
htrmnn0y2#
我在我的Retrofit2项目中遇到了同样的问题,通过以下方式解决
然后更改
OkHttpClient okHttpClient = new OkHttpClient();收件人:
OkHttpClient okHttpClient = getUnsafeOkHttpClient();oogrdqng3#
在我的情况下,原因是在Android模拟器上使用代理服务器(我使用Charles)。我只是添加了服务器部分“旁路代理”(在模拟器上的wifi设置)。在Charles中可以找到大量的服务器。或者你可以juct禁用代理。