Android 2.3.x javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚

Android 发布时间：2022-04-28 发布网站：大佬教程 code.js-code.com

大佬教程收集整理的这篇文章主要介绍了Android 2.3.x javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚，大佬教程大佬觉得挺不错的，现在分享给大家，也给大家做个参考。

我只在(可能是一些)2.3.x设备上收到此错误.它适用于运行 Android版本的任何其他设备.

这是我的http requestController：

@H_607_4@public class http requestController { private final static String TAG = "http requestController"; private static http requestController instance; public enum Method { PUT,POST,deletE,GET } private http requestController() { } public static http requestController geTinstance() { if (instance == null) instance = new http requestController(); return instance; } public String dorequest(String url,HashMap<Object,Object> data,Method method,String token) throws Exception { InputStream certificateInputStream = null; if (MyApplication.PRODUCTION) { certificateInputStream = MyApplication.context .getresources().openRawresource(R.raw.production_cert); LogUtils.log("using production SSL certificate"); } else { certificateInputStream = MyApplication.context .getresources().openRawresource(R.raw.staging_cert); LogUtils.log("using staging SSL certificate"); } KeyStore trustStore = KeyStore.geTinstance("BKS"); try{ trustStore.load(certificateInputStream,"re3d6Exe5HBsdskad8efj8CxZwv".tocharArray()); } finally { certificateInputStream.close(); } TrustManagerFactory tmf = TrustManagerFactory.geTinstance("X509"); tmf.init(trustStorE); LogUtils.log("SSL: did init TrustManagerFactory with trust keyStore"); SSLContext context = SSLContext.geTinstance("TLS"); context.init(null,tmf.getTrustManagers(),null); LogUtils.log("SSL: did init context with trust keyStore"); URL request = new URL(url); httpsURLConnection urlConnection = (httpsURLConnection) request .openConnection(); LogUtils.log("SSL: did open httpsURLConnection"); urlConnection.setHostnameVerifier(new StrictHostnameVerifier()); urlConnection.setSSLSocketFactory(context.getSocketFactory()); urlConnection.setConnectTimeout(15000); LogUtils.log("SSL: did set Factory and Timeout."); if (method != Method.GET){ urlConnection.setDoOutput(true); } urlConnection.setDoInput(true); urlConnection.setrequestProperty("Content-Type","application/json"); urlConnection.setrequestProperty("Accept","application/json"); LogUtils.log("SSL: urlConnection did set request properties."); if (token != null) { urlConnection.setrequestProperty("Authorization","Token " + token); } urlConnection.setrequestMethod(method.toString()); urlConnection.connect(); LogUtils.log("SSL: urlConnection did connect."); if (method != Method.GET) { ObjectMapper mapper = new ObjectMapper(); String jsonValue = mapper.writeValueAsString(data); OutputStream os = urlConnection.getOutputStream(); os.write(jsonValue.getBytes()); os.flush(); LogUtils.log(tag,"Params: " + jsonvalue); } LogUtils.log(tag,method.toString() + ": " + url); InputStream in = null; if (urlConnection.getResponseCode() == 200) { in = urlConnection.geTinputStream(); } else { in = urlConnection.getErrorStream(); } String response = convertStreamToString(in); LogUtils.log(tag,"Got response : " + url); LogUtils.log(tag,"Response : " + responsE); return response; } public String convertStreamToString(InputStream inputStream) { BufferedReader buffReader = new BufferedReader(new InputStreamReader( inputStream)); StringBuilder StringBuilder = @R_450_3320@Builder(); String line = null; try { while ((line = buffReader.readLine()) != null) { StringBuilder.append(line + "\n"); } } catch (IOException E) { e.printStackTrace(); } finally { try { inputStream.close(); } catch (IOException E) { e.printStackTrace(); } } return StringBuilder.toString(); } public httpClient retrievehttpClient() { return new MyhttpClient(MyApplication.context); }

}

当我运行命令时：

@H_607_4@openssl s_client -debug -connect www.mysitedomain.com:443

我收到了回复：

@H_607_4@-- some key stuff -- Certificate chain 0 s:/OU=Domain Control Validated/CN=www.mydomainname.com i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2 i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA 2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA --- Server certificate -----BEGIN CERTIFICATE----- some more certificate stuff -----END CERTIFICATE----- ubject=/OU=Domain Control Validated/CN=www.mydomainname.com issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - G2 --- No client certificate CA names sent --- SSL handshake has read 4091 bytes and written 328 bytes --- New,TLSv1/SSLv3,Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 57C379C59483809A7FE1BF8E235C5BFA7789E62AAEBCA9BC14B5273F5D1304E7 Session-ID-ctx: Master-Key: 6FCD498D1294415A42B57420F0C05AB903EF8E56CB6F1530390F73AF5E4CBC22B359D5CDA09811E075A5C598002C380D Key-Arg : None Start Time: 1390473282 Timeout : 300 (seC) Verify return code: 0 (ok) ---

所以它返回没问题…但它仍然给我测试的2.3.x设备的这个错误.

在此之后我得到一个例外：

@H_607_4@LogUtils.log("SSL: urlConnection did set request properties.");

这是例外：

@H_607_4@01-23 10:20:28.459: W/System.err(1623): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.xnet.provider.jsse.openSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:477) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.xnet.provider.jsse.openSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.luni.internal.net.www.protocol.http.httpconnection.setupSecureSocket(httpconnection.java:185) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.luni.internal.net.www.protocol.http s.httpsURLConnectionImpl$httpsENGIne.makeSslConnection(httpsURLConnectionImpl.java:433) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.luni.internal.net.www.protocol.http s.httpsURLConnectionImpl$httpsENGIne.makeConnection(httpsURLConnectionImpl.java:378) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.luni.internal.net.www.protocol.http.httpURLConnectionImpl.connect(httpURLConnectionImpl.java:205) 01-23 10:20:28.459: W/System.err(1623): at org.apache.harmony.luni.internal.net.www.protocol.http s.httpsURLConnectionImpl.connect(httpsURLConnectionImpl.java:152)

我称之为的方式是：

@H_607_4@String response = http requestController .geTinstance() .dorequest(ApiUrls.LOGIN,params,Method.POST,null);

它适用于运行2.3.x以上Android版本的任何其他设备(根据我的测试).

Android文档似乎没有关于2.3兼容性的@L_618_17@.

解决方法

您必须告诉Android系统信任您的证书.您的问题是2.3之后的Android接受了您的证书,因为它包含在可信证书列表中,但是之前的版本不包括在内,因此,存在问题.

我建议你在Android文档上做：

@H_607_4@// Load CAs from an InputStream // (Could be from a resource or ByteArrayInputStream or ...) CertificateFactory cf = CertificateFactory.geTinstance("X.509"); // From https://www.washington.edu/itconnect/security/ca/load-der.crt InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt")); Certificate ca; try { ca = cf.generateCertificate(caInput); System .out.println("ca=" + ((X509CertificatE) ca).getSubjectDN()); } finally { caInput.close(); } // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.geTinstance(keyStoreTypE); keyStore.load(null,null); keyStore.setCertificateEntry("ca",ca); // Create a TrustManager that trusts the CAs in our KeyStore String tmfalgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.geTinstance(tmfalgorithm); tmf.init(keyStorE); // Create an SSLContext that uses our TrustManager SSLContext context = SSLContext.geTinstance("TLS"); context.init(null,null); // Tell the URLConnection to use a SocketFactory from our SSLContext URL url = new URL("https://certs.cac.washington.edu/CAtest/"); httpsURLConnection urlConnection = (httpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); InputStream in = urlConnection.geTinputStream(); copyInputStreamToOutputStream(in,System .out);

我也在做同样的事情,它在每台设备上运行正常,使用Android 2.3及以下版本,我的网站证书是私有的.

试试吧,告诉我它现在是否正常工作.

希望它能帮到你！

大佬总结

以上是大佬教程为你收集整理的Android 2.3.x javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚全部内容，希望文章能够帮你解决Android 2.3.x javax.net.ssl.SSLHandshakeException：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚所遇到的程序开发问题。

如果觉得大佬教程网站内容还不错，欢迎将大佬教程推荐给程序员好友。

本图文内容来源于网友网络收集整理提供，作为学习参考使用，版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ：384754419，请注明来意。

标签：3 cert javax security ssl x 信任找不到证书路径锚

上一篇: android – TableLayout with la... 下一篇:android – 使用MediaRecorder录...

猜你在找的Android相关文章

对自己的文件使用keystore签名 2022-04-28
Android的onCreateOptionsMenu()创建菜单Menu详解 2019-10-14
CSS3 Media Queries(响应式布局可以让你定制不同的分辨率和设备) 2019-10-14
JQueryMobile + PhoneGap 经验总结 2019-10-14
响应式布局设置--@media only screen and 2019-10-14
-webkit-min-device-pixel-ratio的常见值对照 2019-10-14
Android 打包签名从生成keystore到完成签名 -- 转 2019-10-14
Android App启动错误的问题（connection to the server was unsuccessful） 2019-10-14
关于使用微信登录第三方APP的实现（Android版） 2019-10-14
android 为应用程序创建桌面快捷方式技巧分享 2019-10-14