“未找到证书路径的信任锚”的问题。

Question

Hello i didn't found solution for my problem.您好，我没有找到解决问题的方法。 In new OkHttp and Retrofit is some function:在新的 OkHttp 和 Retrofit 中是一些 function：

 HandshakeCertificates certificates =  new HandshakeCertificates.Builder()
                        .addPlatformTrustedCertificates()
                        .addInsecureHost("192.168.0.150")
                        .build();

I am trying to connect my Android App to Spring Boot Server.我正在尝试将我的 Android 应用程序连接到 Spring 引导服务器。 This Server must use HTTPS - not my idea.此服务器必须使用 HTTPS - 不是我的想法。 On this server i generated self-sign certyficate, but still i got error, now i don't have any ideas.在这台服务器上，我生成了自签名证书，但仍然出现错误，现在我没有任何想法。 Here is a full error: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.这是一个完整的错误： java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Below i insert code of Retrofit generator:下面我插入 Retrofit 生成器的代码：

public class ServiceGenerator {
    public static final String API_BASE_URL = "https://192.168.0.150:8443/";
    private static OkHttpClient.Builder httpClient = new OkHttpClient.Builder();
    // private static OkHttpClient httpClient = getUnsafeOkHttpClient();

    private static Retrofit.Builder builder =
            new Retrofit.Builder()
                    .baseUrl(API_BASE_URL)
                    .addConverterFactory(GsonConverterFactory.create());

    private static Retrofit retrofit = builder.build();

    public static <S> S createService(Class<S> serviceClass) {
        return createService(serviceClass, null);
    }

    static public <S> S createService(
            Class<S> serviceClass, final String authToken) {
        if (!TextUtils.isEmpty(authToken)) {
            AuthenticationInterceptor interceptor =
                    new AuthenticationInterceptor(authToken);

            if (!httpClient.interceptors().contains(interceptor)) {
                httpClient.addInterceptor(interceptor);

                HandshakeCertificates certificates =  new HandshakeCertificates.Builder()
                        .addPlatformTrustedCertificates()
                        .addInsecureHost("192.168.0.150")
                        .build();
                httpClient.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager());

                OkHttpClient okHttpClient = httpClient.build();

                builder.client(okHttpClient);
                retrofit = builder.build();
            }
        }

        return retrofit.create(serviceClass);
    }
}

Request Code:请求代码：

 private void doLoginRequest() {
        DeviceAPI deviceAPI = ServiceGenerator.createService(DeviceAPI.class);
        Call<JWTResponse> call = deviceAPI.login(new Login(usernameEditText.getText().toString(), passwordEditText.getText().toString()));
        call.enqueue(new Callback<JWTResponse>() {
            @Override
            public void onResponse(Call<JWTResponse> call, Response<JWTResponse> response) {
                if (response.isSuccessful()) {
                    Toast.makeText(LoginActivity.this, response.body().toString(), Toast.LENGTH_SHORT).show();
                } else {
                    Toast.makeText(LoginActivity.this, response.message(), Toast.LENGTH_SHORT).show();
                }
            }

            @Override
            public void onFailure(Call<JWTResponse> call, Throwable t) {
                System.out.println(t.getCause());
                Toast.makeText(LoginActivity.this, t.getMessage() , Toast.LENGTH_SHORT).show();
            }
        });
    }

Api Code: Api 代码：

public interface DeviceAPI {
    @POST("api/auth/signin")
    Call<JWTResponse> login(@Body Login login);
}

If you need more information give me feedback!如果您需要更多信息，请给我反馈！

Answer 1

This example shows connecting twice to a host - Once with a valid HTTPS Handshake, and second using addInsecureHost.此示例显示了两次连接到主机 - 一次使用有效的 HTTPS 握手，第二次使用 addInsecureHost。 nb you won't get a handshake peer in the second because the handshake won't result in valid certificates.注意，您将不会在第二次获得握手对等体，因为握手不会产生有效的证书。

The same will apply if you run against a dev server, so edit the example to use your devserver.如果您针对开发服务器运行，同样适用，因此请编辑示例以使用您的开发服务器。

https://gist.github.com/yschimke/796e58a6152137bdcd7d2f9d63e26363 https://gist.github.com/yschimke/796e58a6152137bdcd7d2f9d63e26363

import okhttp3.OkHttpClient
import okhttp3.Request
import okhttp3.tls.HandshakeCertificates.Builder

fun main() {
  val request = Request.Builder()
      .url("https://httpbin.org/get")
      .build()

  var client = OkHttpClient();
  var response = client.newCall(request).execute()

  println(response.handshake?.peerPrincipal) // CN=httpbin.org
  println(response.code)

  val certificates = Builder()
      .addInsecureHost("httpbin.org")
      .build()

  client = OkHttpClient.Builder().sslSocketFactory(certificates.sslSocketFactory(),
      certificates.trustManager
  ).build();
  response = client.newCall(request).execute()

  println(response.handshake?.peerPrincipal) // null
  println(response.code)
}

“未找到证书路径的信任锚”的问题。

问题描述

1 个解决方案

解决方案1
-1 2020-07-19 06:51:37

“未找到证书路径的信任锚”的问题。

问题描述

1 个解决方案

解决方案1 -1 2020-07-19 06:51:37

解决方案1
-1 2020-07-19 06:51:37