javax.net.ssl.SSLException:不受信任的服务器证书 - 不断回来
问题描述:
我设法修复了不受信任的服务器证书错误,但每隔一天它又回来。我正在从第三方服务器请求XML。 我下载的证书与SSLcertDownloader并将其导入密钥库中:javax.net.ssl.SSLException:不受信任的服务器证书 - 不断回来
keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord`
它的工作原理,但在一天左右后,我得到同样的错误。我现在重做了几次,但当应用程序运行时无法使用它。什么可能是返回错误的原因?
错误日志:
07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate
07-25 19:04:42.261: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1)
07-25 19:04:42.265: W/System.err(25342): at android.os.AsyncTask$2.call(AsyncTask.java:185)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-25 19:04:42.265: W/System.err(25342): at java.lang.Thread.run(Thread.java:1096)
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
07-25 19:04:42.269: W/System.err(25342): ... 19 more
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.269: W/System.err(25342): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
07-25 19:04:42.269: W/System.err(25342): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
07-25 19:04:42.269: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
编辑 - 添加的POST方法:
public String getXmlFromUrl(String url) {
String xml = null;
try {
// defaultHttpClient
DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext());
HttpPost httpPost = new HttpPost(url);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
xml = EntityUtils.toString(httpEntity);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return xml;
}
MYHTTP客户:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(R.raw.alkeystore);
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
trusted.load(in, "PassWord".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
答
我发现,这取决于Android版本你使用,你会想要使用不同的HTTP客户端,否则我会得到这个ssl异常。不同版本的http客户端针对不同的android版本有不少bug。到目前为止,我还没有看到这个异常更多的使用这样的:
if (UIUtils.hasGingerbread())
{
URL myUrl = new URL(url);
HttpURLConnection urlConnection = (HttpURLConnection) myUrl
.openConnection();
InputStream is = urlConnection.getInputStream();
BufferedInputStream bis = new BufferedInputStream(is, 8192);
ByteArrayBuffer baf = new ByteArrayBuffer(300);
int current = 0;
while ((current = bis.read()) != -1)
{
baf.append((byte) current);
}
String xml = new String(baf.toByteArray());
}
else
{
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpget = new HttpGet(url);
HttpResponse response = client.execute(httpget);
}
和UIUtils.hasGingerbread:
public static boolean hasGingerbread()
{
return Build.VERSION.SDK_INT >= Build.VERSION_CODES.GINGERBREAD;
}
谢谢,这看起来很有希望。尽管我已经使用我添加的方法测试了API8,但它值得尝试。我如何从urlConnection中检索XML? – Diego
修改我的HttpUrlConnection来检索一个xml字符串 –
我一直有同样的问题,奇怪的是它的工作,然后停止工作......如果我重做的过程中下载和导入证书它的作品有一段时间 – Diego