您的位置: 首页  >  技术问答  >  javax.net.ssl.SSLException:不受信任的服务器证书 - 不断回来

javax.net.ssl.SSLException:不受信任的服务器证书 - 不断回来

分类: 技术问答 2022-09-29 18:18:33
问题描述:

我设法修复了不受信任的服务器证书错误,但每隔一天它又回来。我正在从第三方服务器请求XML。 我下载的证书与SSLcertDownloader并将其导入密钥库中:javax.net.ssl.SSLException:不受信任的服务器证书 - 不断回来

keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord`

它的工作原理,但在一天左右后,我得到同样的错误。我现在重做了几次,但当应用程序运行时无法使用它。什么可能是返回错误的原因?

错误日志:

07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate 
07-25 19:04:42.261: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1) 
07-25 19:04:42.265: W/System.err(25342): at android.os.AsyncTask$2.call(AsyncTask.java:185) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561) 
07-25 19:04:42.265: W/System.err(25342): at java.lang.Thread.run(Thread.java:1096) 
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. 
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) 
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366) 
07-25 19:04:42.269: W/System.err(25342): ... 19 more 
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. 
07-25 19:04:42.269: W/System.err(25342): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) 
07-25 19:04:42.269: W/System.err(25342): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) 
07-25 19:04:42.269: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)

编辑 - 添加的POST方法:

public String getXmlFromUrl(String url) { 
     String xml = null; 

     try { 
      // defaultHttpClient 
      DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext()); 
      HttpPost httpPost = new HttpPost(url); 

      HttpResponse httpResponse = httpClient.execute(httpPost); 

      HttpEntity httpEntity = httpResponse.getEntity(); 
      xml = EntityUtils.toString(httpEntity); 

     } catch (UnsupportedEncodingException e) { 
      e.printStackTrace(); 
     } catch (ClientProtocolException e) { 
      e.printStackTrace(); 
     } catch (IOException e) { 
      e.printStackTrace(); 
     } 
     return xml; 
    }

MYHTTP客户:

public class MyHttpClient extends DefaultHttpClient { 

    final Context context; 

    public MyHttpClient(Context context) { 
     this.context = context; 
    } 

    @Override 
    protected ClientConnectionManager createClientConnectionManager() { 
     SchemeRegistry registry = new SchemeRegistry(); 
     registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
     // Register for port 443 our SSLSocketFactory with our keystore 
     // to the ConnectionManager 
     registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
     return new SingleClientConnManager(getParams(), registry); 
    } 

    private SSLSocketFactory newSslSocketFactory() { 
     try { 
      // Get an instance of the Bouncy Castle KeyStore format 
      KeyStore trusted = KeyStore.getInstance("BKS"); 
      // Get the raw resource, which contains the keystore with 
      // your trusted certificates (root and any intermediate certs) 
      InputStream in = context.getResources().openRawResource(R.raw.alkeystore); 
      try { 
       // Initialize the keystore with the provided trusted certificates 
       // Also provide the password of the keystore 
       trusted.load(in, "PassWord".toCharArray()); 
      } finally { 
       in.close(); 
      } 
      // Pass the keystore to the SSLSocketFactory. The factory is responsible 
      // for the verification of the server certificate. 
      SSLSocketFactory sf = new SSLSocketFactory(trusted); 
      // Hostname verification from certificate 
      // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
      sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); 
      return sf; 
     } catch (Exception e) { 
      throw new AssertionError(e); 
     } 
    } 
}

我发现,这取决于Android版本你使用,你会想要使用不同的HTTP客户端,否则我会得到这个ssl异常。不同版本的http客户端针对不同的android版本有不少bug。到目前为止,我还没有看到这个异常更多的使用这样的:

if (UIUtils.hasGingerbread()) 
    { 
     URL myUrl = new URL(url); 
     HttpURLConnection urlConnection = (HttpURLConnection) myUrl 
       .openConnection(); 

     InputStream is = urlConnection.getInputStream(); 
     BufferedInputStream bis = new BufferedInputStream(is, 8192); 
     ByteArrayBuffer baf = new ByteArrayBuffer(300); 
     int current = 0; 
     while ((current = bis.read()) != -1) 
     { 
      baf.append((byte) current); 
     } 
     String xml = new String(baf.toByteArray());   
    } 
    else 
    { 
     DefaultHttpClient client = new DefaultHttpClient(); 
     HttpGet httpget = new HttpGet(url); 
     HttpResponse response = client.execute(httpget);    
    }

和UIUtils.hasGingerbread:

public static boolean hasGingerbread() 
{ 
    return Build.VERSION.SDK_INT >= Build.VERSION_CODES.GINGERBREAD; 
}
+0

谢谢,这看起来很有希望。尽管我已经使用我添加的方法测试了API8,但它值得尝试。我如何从urlConnection中检索XML? – Diego

+1

修改我的HttpUrlConnection来检索一个xml字符串 –

+0

我一直有同样的问题,奇怪的是它的工作,然后停止工作......如果我重做的过程中下载和导入证书它的作品有一段时间 – Diego

相关推荐