[英]javax.net.ssl.SSLHandshakeException: Trust anchor for certification path not found
I am getting this error 我收到此错误
D/OkHttp: <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I,am using Android SDK version 4.2.2,while my code is working fine with Android SDK version 8. 我使用的是Android SDK版本4.2.2,而我的代码可以在Android SDK版本8中正常工作。
code 码
public static Retrofit getClient() {
if (retrofit == null) {
HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor();
loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
Log.d("testing", "0000000");
OkHttpClient.Builder okHttpClient = new OkHttpClient().newBuilder().addInterceptor(loggingInterceptor);
okHttpClient = enableTls12OnPreLollipop(okHttpClient);
final String authUserName = "@@@@@-###-***";
final String authPassword = "*****";
if (authUserName != null && authPassword != null) { // set authentication header if credentials available for accessing endpoints
okHttpClient.addInterceptor(new Interceptor() {
@Override
public okhttp3.Response intercept(Chain chain) throws IOException {
String credentials = authUserName + ":" + authPassword;
final String basic = Base64.encodeToString(credentials.getBytes(), Base64.NO_WRAP);
RequestBody body = RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), "grant_type=client_credentials");
Request newRequest = chain.request().newBuilder().addHeader(HTTP_AUTH_HEADER, "Basic " + basic).addHeader("Content_Type", "application/x-www-form-urlencoded").post(body).build();
return chain.proceed(newRequest);
}
});
}
retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.client(okHttpClient.build())
.build();
}
return retrofit;
}
public static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
Context context = null;
try {
KeyStore ksTrust = KeyStore.getInstance("CRT");
InputStream instream = context.getResources().openRawResource(R.raw.curl);
ksTrust.load(instream, "secret".toCharArray());
// TrustManager decides which certificate authorities to use.
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksTrust);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
client.sslSocketFactory(sslContext.getSocketFactory());
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | KeyManagementException e) {
e.printStackTrace();
}
return client;
}
and my log shows this 我的日志显示了这个
*
D/dalvikvm: DexOpt: unable to opt direct call 0x59ab at 0x08 in Lcom/google/android/gms/org/conscrypt/Platform;.wrapSSLSession
I/ProviderInstaller: Installed default security provider GmsCore_OpenSSL
D/testing: 0000000
W/System.err: java.security.KeyStoreException: java.security.NoSuchAlgorithmException: KeyStore CRT implementation not found
at java.security.KeyStore.getInstance(KeyStore.java:119)
at com.example.z00402fj.token.RetrofitClient.enableTls12OnPreLollipop(RetrofitClient.java:94)
at com.example.z00402fj.token.RetrofitClient.getClient(RetrofitClient.java:59)
at com.example.z00402fj.token.MainActivity.onClick(MainActivity.java:66)
W/System.err: at android.view.View.performClick(View.java:4206)
at android.view.View$PerformClick.run(View.java:17357)
at android.os.Handler.handleCallback(Handler.java:725)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:5045)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:818)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:584)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.security.NoSuchAlgorithmException: KeyStore CRT implementation not found
at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:151)
at java.security.KeyStore.getInstance(KeyStore.java:116)
... 14 more
D/OkHttp: --> POST https://********/oauth/token http/1.1
Content-Length: 0
--> END POST (0-byte body)
W/dalvikvm: VFY: unable to find class referenced in signature (Ljava/nio/file/Path;)
VFY: unable to find class referenced in signature ([Ljava/nio/file/OpenOption;)
I/dalvikvm: Could not find method java.nio.file.Files.newOutputStream, referenced from method okio.Okio.sink
W/dalvikvm: VFY: unable to resolve static method 24869: Ljava/nio/file/Files;.newOutputStream (Ljava/nio/file/Path;[Ljava/nio/file/OpenOption;)Ljava/io/OutputStream;
D/dalvikvm: VFY: replacing opcode 0x71 at 0x0002
W/dalvikvm: VFY: unable to find class referenced in signature (Ljava/nio/file/Path;)
VFY: unable to find class referenced in signature ([Ljava/nio/file/OpenOption;)
I/dalvikvm: Could not find method java.nio.file.Files.newInputStream, referenced from method okio.Okio.source
W/dalvikvm: VFY: unable to resolve static method 24868: Ljava/nio/file/Files;.newInputStream (Ljava/nio/file/Path;[Ljava/nio/file/OpenOption;)Ljava/io/InputStream;
D/dalvikvm: VFY: replacing opcode 0x71 at 0x0002
D/OkHttp: <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
D/OkHttp: --> POST https://*************/oauth/token http/1.1
Content-Length: 0
D/OkHttp: --> END POST (0-byte body)
D/OkHttp: --> POST https://*********.io/oauth/token http/1.1
Content-Length: 0
--> END POST (0-byte body)
D/OkHttp: <-- HTTP FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
* *
Context context = null;
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
return builder;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Finally this code run for me 最终这段代码为我运行
ProviderInstaller.installIfNeededAsync(this, this);
You add this in your Main acticvity 您将此添加到您的主要目标
Try using the latest TLS v1.2 in your Main Application class. 尝试在主应用程序类中使用最新的TLS v1.2。 This is provided via Google Play Services package, with the following code: 这是通过Google Play服务包提供的,带有以下代码:
try {
ProviderInstaller.installIfNeeded(getApplicationContext());
SSLContext sslContext;
sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, null, null);
sslContext.createSSLEngine();
} catch (GooglePlayServicesRepairableException | GooglePlayServicesNotAvailableException |
NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}
try {
ProviderInstaller.installIfNeeded(this);
} catch (GooglePlayServicesRepairableException e) {
e.printStackTrace();
} catch (GooglePlayServicesNotAvailableException e) {
e.printStackTrace();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.