问题
I am loding a keystore that is required for a https connection am trying to make. However I get the error java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. The method in use is as below:
public HttpsURLConnection setUpHttpsConnection()
{
String HttpMessage="";
int HttpResult=0;
HttpsURLConnection urlConnection=null;
try
{
Log.i("status","inside method..");
InputStream caInput = getAssets().open("myapp_key.p12");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
String pfxPassword = "test123"; // change it to the correct password
keyStore.load(caInput, pfxPassword.toCharArray());
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];
TrustManager[] wrappedTrustManagers = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return origTrustmanager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
origTrustmanager.checkClientTrusted(certs, authType);
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
origTrustmanager.checkServerTrusted(certs, authType);
} catch (CertificateExpiredException e) {
e.printStackTrace();
}
}
}
};
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, wrappedTrustManagers, null);
// Tell the URLConnection to use a SocketFactory from our SSLContext
urlConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL("https://sandbox.api.visa.com/visadirect/mvisa/v1/merchantpushpayments/");
urlConnection =(HttpsURLConnection)url.openConnection();
urlConnection.setDoOutput(true);
urlConnection.setRequestMethod("POST");
urlConnection.setRequestProperty("Content-Type", "application/json");
urlConnection.setRequestProperty("Authorization", "SYZK9LIO98QIQNQ27H6921fgRyt63FHIxrQP76m0hNYT6BZ7I:pB1g5XX3Hw58buPENR03ZM4Vgm7P");
InputStream in = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
String res = reader.toString();
System.out.println(res);
}catch(SSLHandshakeException he){
he.printStackTrace();
}
catch (Exception ex)
{
Log.e("error", "Failed to establish SSL connection to server: " + ex.toString());
return null;
}
return urlConnection;
}
This is the error:
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.641 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:306)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.Connection.upgradeToTls(Connection.java:197)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.Connection.connect(Connection.java:151)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:276)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:211)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:323)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:190)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant.setUpHttpsConnection(PayMerchant.java:515)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:238)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$PayMerchantAsync.doInBackground(PayMerchant.java:170)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:288)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:237)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at java.lang.Thread.run(Thread.java:818)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:209)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.eva.mvisa.activities.PayMerchant$4.checkServerTrusted(PayMerchant.java:495)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:525)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:302)
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: ... 18 more
02-23 14:33:10.651 27643-28086/com.eva.mvisa W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
回答1:
Check the certificate chain. Are all the certs in the chain available, or does one need an extra download?
I had the same message in my app, and noticed my chain was missing the intermediate cert. Once i have put this in my .pem file, my issue was resolved.
Use https://www.ssllabs.com to check your application.
回答2:
I have the same problem in my Retrofit2 project,Solved by the following ways
public static OkHttpClient getUnsafeOkHttpClient() {
try {
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
return builder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
then change
OkHttpClient okHttpClient = new OkHttpClient();
to:
OkHttpClient okHttpClient = getUnsafeOkHttpClient();
来源:https://stackoverflow.com/questions/42414958/android-java-security-cert-certpathvalidatorexception-trust-anchor-for-certific