android java.security.cert.CertPathValidatorException:找不到证书路径的信任锚

【问题标题】:android java.security.cert.CertPathValidatorException: Trust anchor for certification path not foundandroid java.security.cert.CertPathValidatorException:找不到证书路径的信任锚
【发布时间】:2017-02-23 11:48:37
【问题描述】:

我正在加载一个试图建立 https 连接所需的密钥库。但是我收到错误 java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。使用方法如下:

public  HttpsURLConnection setUpHttpsConnection()
{
    String HttpMessage="";
    int HttpResult=0;
    HttpsURLConnection urlConnection=null;
    try
    {
        Log.i("status","inside method..");

        InputStream caInput = getAssets().open("myapp_key.p12");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        String pfxPassword = "test123"; // change it to the correct password
        keyStore.load(caInput, pfxPassword.toCharArray());
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        TrustManager[] trustManagers = tmf.getTrustManagers();
        final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];

        TrustManager[] wrappedTrustManagers = new TrustManager[]{
                new X509TrustManager() {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return origTrustmanager.getAcceptedIssuers();
                    }

                    public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                        origTrustmanager.checkClientTrusted(certs, authType);
                    }

                    public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
                        try {
                            origTrustmanager.checkServerTrusted(certs, authType);
                        } catch (CertificateExpiredException e) {
                            e.printStackTrace();
                        }
                    }
                }
        };

        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, wrappedTrustManagers, null);

        // Tell the URLConnection to use a SocketFactory from our SSLContext
        urlConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        URL url = new URL("https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments/");
        urlConnection =(HttpsURLConnection)url.openConnection();
        urlConnection.setDoOutput(true);
        urlConnection.setRequestMethod("POST");
        urlConnection.setRequestProperty("Content-Type", "application/json");
        urlConnection.setRequestProperty("Authorization", "SYZK9LIO98QIQNQ27H6921fgRyt63FHIxrQP76m0hNYT6BZ7I:pB1g5XX3Hw58buPENR03ZM4Vgm7P");
        InputStream in = urlConnection.getInputStream();
       BufferedReader  reader = new BufferedReader(new InputStreamReader(in));
        String res = reader.toString();
        System.out.println(res);




    }catch(SSLHandshakeException he){
        he.printStackTrace();
    }
    catch (Exception ex)
    {
        Log.e("error", "Failed to establish SSL connection to server: " + ex.toString());
        return null;
    }
    return urlConnection;
}

这是错误:

 02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:306)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.Connection.connect(Connection.java:151)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:190)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant.setUpHttpsConnection(PayMerchant.java:515)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:238)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:170)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:288)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:237)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at java.lang.Thread.run(Thread.java:818)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:209)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.eva.mvisa.activities.PayMerchant$4.checkServerTrusted(PayMerchant.java:495)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:525)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err:  ... 18 more
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

【问题讨论】:

    标签: android ssl


    【解决方案1】:

    检查证书链。链中的所有证书都可用,还是需要额外下载?

    我在我的应用程序中收到了相同的消息,并注意到我的链缺少中间证书。一旦我把它放在我的 .pem 文件中,我的问题就解决了。

    使用https://www.ssllabs.com 检查您的申请。

    【讨论】:

    【解决方案2】:

    我的Retrofit2项目也有同样的问题,通过以下方式解决

    public static OkHttpClient getUnsafeOkHttpClient() {

    try {
        final TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return new java.security.cert.X509Certificate[]{};
                    }
                }
        };

        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.sslSocketFactory(sslSocketFactory);

        builder.hostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

        return builder.build();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }

}

    然后改变

    OkHttpClient okHttpClient = new OkHttpClient();

    到:

    OkHttpClient okHttpClient = getUnsafeOkHttpClient();

    【讨论】:

    • 不要用这个方法,google play发现这个,要你去掉这个代码。
    猜你喜欢
    • 2017-01-08
    • 2018-01-06
    • 2016-03-31
    • 2019-08-02
    • 1970-01-01
    • 2016-12-26
    • 2023-02-15
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode