今天项目升级targetSDK到android 9.0(28)后,下载文件出现了个异常:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
经分析主要问题原因:
由于项目的https.bks证书不是正规的CA签发的证书,而是二级代理商等签发的证书,验证不通过造成的!!!
解决方法:
1、获取正规合法的https证书,让后台上传或者存在assets中,进行应用验证,这是最根本的解决办法!
2、忽略https的证书校验
需要在获取sslParams时,修改并自定义TrustManager为trustAllCerts
在继承的Application类里面onCreate()方法中调用下面方法忽略https的证书校验
public static void ignoreSSLHandshake() {
try {
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
}};
SSLContext sc = SSLContext.getInstance("TLS");
// trustAllCerts信任所有的证书
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
}
}