[英]javax.net.ssl.SSLException: Not trusted server certificate - keeps coming back
I managed to fix the not trusted server certificate error, but every other day it comes back. 我设法解决了不受信任的服务器证书错误,但隔天又回来了。 I'm requesting an XML from a third party server.
我正在从第三方服务器请求XML。 I downloaded the certificate with SSLcertDownloader and imported it in the keystore:
我使用SSLcertDownloader下载了证书,并将其导入了密钥库中:
keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord`
It works, but after a day or so I get the same error. 它可以工作,但是经过一天左右的时间,我仍然遇到相同的错误。 I redid it now a few times, but can't use this when the app is live.
我现在重做了几次,但是当应用程序上线时无法使用它。 What can be the reason for the returning error?
返回错误的原因可能是什么?
ERROR LOG: 错误日志:
07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate
07-25 19:04:42.261: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1)
07-25 19:04:42.265: W/System.err(25342): at android.os.AsyncTask$2.call(AsyncTask.java:185)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-25 19:04:42.265: W/System.err(25342): at java.lang.Thread.run(Thread.java:1096)
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
07-25 19:04:42.269: W/System.err(25342): ... 19 more
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.269: W/System.err(25342): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
07-25 19:04:42.269: W/System.err(25342): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
07-25 19:04:42.269: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
EDIT - ADDED THE POST METHOD: 编辑-添加了POST方法:
public String getXmlFromUrl(String url) {
String xml = null;
try {
// defaultHttpClient
DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext());
HttpPost httpPost = new HttpPost(url);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
xml = EntityUtils.toString(httpEntity);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return xml;
}
MYHTTP CLIENT: MYHTTP客户:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(R.raw.alkeystore);
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
trusted.load(in, "PassWord".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
I have discovered that depending on which version of android you are using, you will want to use a different HTTP client, otherwise I would get this ssl exception. 我发现,根据所使用的android版本,您将要使用其他HTTP客户端,否则我将收到此ssl异常。 There are quite a few bugs on different versions of http clients for different android versions.
对于不同的android版本,不同版本的http客户端上存在很多错误。 So far, I haven't seen this exception any more using this:
到目前为止,我再也没有使用此方法看到此异常:
if (UIUtils.hasGingerbread())
{
URL myUrl = new URL(url);
HttpURLConnection urlConnection = (HttpURLConnection) myUrl
.openConnection();
InputStream is = urlConnection.getInputStream();
BufferedInputStream bis = new BufferedInputStream(is, 8192);
ByteArrayBuffer baf = new ByteArrayBuffer(300);
int current = 0;
while ((current = bis.read()) != -1)
{
baf.append((byte) current);
}
String xml = new String(baf.toByteArray());
}
else
{
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpget = new HttpGet(url);
HttpResponse response = client.execute(httpget);
}
and for UIUtils.hasGingerbread: 对于UIUtils.hasGingerbread:
public static boolean hasGingerbread()
{
return Build.VERSION.SDK_INT >= Build.VERSION_CODES.GINGERBREAD;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.