java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

0.标题就是0

1.解决办法

a.通过后台生成正规合法的https证书,存在assets中,进行应用验证,这里又分为单向验证和双向验证,这是最根本的解决办法!

具体请移步

b.信任所有证书

在Application的onCreate方法中添加:

/**
     * 忽略OKHttp所有证书验证(信任所有证书)
     */
    private void handleSSLHandshake() {
        try {
            HttpsUtils.SSLParams sslParams = HttpsUtils.getSslSocketFactory(null, null, null);
            OkHttpClient okHttpClient = new OkHttpClient.Builder()
                    .sslSocketFactory(sslParams.sSLSocketFactory, sslParams.trustManager)
                    //其他配置
                    .build();
            OkHttpUtils.initClient(okHttpClient);
            //使用原生的Http请求
            /*TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }

                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }};

            SSLContext sc = SSLContext.getInstance("TLS");
            // trustAllCerts信任所有的证书
            sc.init(null, trustAllCerts, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });*/
        } catch (Exception ignored) {
        }
    }

 

错误:java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 参数 // private final static String CLIENT_PRI_KEY = "zydClient.cer"; private final static String CLIENT_PRI_KEY = "zydClient.p12"; // private final static String CLIENT_PRI_KEY = "client.bks"; // private final static String CLIENT_PRI_KEY = "214065381190993.pfx"; private final static String TRUSTSTORE_PUB_KEY = "server.bks"; // private final static String TRUSTSTORE_PUB_KEY = "zydServer.cer"; private final static String CLIENT_BKS_PASSWORD = "123456"; private final static String TRUSTSTORE_BKS_PASSWORD = "123456"; private final static String KEYSTORE_TYPE = "BKS"; private final static String PROTOCOL_TYPE = "TLS"; private final static String CERTIFICATE_STANDARD = "X509"; private static final String KEY_STORE_TYPE_BKS = "bks";//证书类型 固定值 private static final String KEY_STORE_TYPE_P12 = "PKCS12";//证书类型 固定值 代码 try { // 服务器端需要验证的客户端证书,其实就是客户端的keystore KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12); // 客户端信任的服务器端证书 KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS); //读取证书 ksIn = context.getAssets().open(CLIENT_PRI_KEY); tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY); //加载证书 keyStore.load(ksIn, CLIENT_BKS_PASSWORD.toCharArray()); trustStore.load(tsIn, TRUSTSTORE_BKS_PASSWORD.toCharArray()); //初始化SSLContext SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509"); trustManagerFactory.init(trustStore); keyManagerFactory.init(keyStore, CLIENT_BKS_PASSWORD.toCharArray()); sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); //通过HttpsURLConnection设置链接 SSLSocketFactory socketFactory = sslContext.getSocketFactory(); HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory); URL connectUrl = new URL(str_url); HttpsURLConnection conn = (HttpsURLConnection) connectUrl.openConnection(); //设置ip授权认证:如果已经安装该证书,可以不设置,否则需要设置 conn.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); InputStream is = conn.getInputStream();
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页