My code works for http, but not https. I'm trying to make Https connections on the Android phones, using OkHttpClient. Trouble is that i keep getting
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:381)
this is my code:
private OkHttpClient getPinnedCertSslSocketFactory(Context context) {
OkHttpClient client = new OkHttpClient();
try {
// 服务器端需要验证的客户端证书
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// 客户端信任的服务器端证书
KeyStore trustStore = KeyStore.getInstance("BKS");
InputStream ksIn = context.getResources().getAssets().open("client.p12");
InputStream tsIn = context.getResources().getAssets().open("client.truststore");
try {
keyStore.load(ksIn, "123456".toCharArray());
trustStore.load(tsIn, "123456".toCharArray());
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
ksIn.close();
} catch (Exception ignore) {
}
try {
tsIn.close();
} catch (Exception ignore) {
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(trustStore, "123456".toCharArray());
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
client.setSslSocketFactory(sslContext.getSocketFactory());
} catch (Exception e) {
Log.e("tag", e.getMessage(), e);
}
return client;
}
but I use Apache http is work! this is my work code:
public HttpClient getSslHttpClient(Context pContext, int port) {
HttpClient httpsClient = new DefaultHttpClient();
try {
// 服务器端需要验证的客户端证书
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);
// 客户端信任的服务器端证书
KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);
InputStream ksIn = pContext.getResources().getAssets().open(KEY_STORE_CLIENT_PATH);
InputStream tsIn = pContext.getResources().getAssets().open(KEY_STORE_TRUST_PATH);
try {
keyStore.load(ksIn, KEY_STORE_PASSWORD.toCharArray());
trustStore.load(tsIn, KEY_STORE_TRUST_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
ksIn.close();
} catch (Exception ignore) {
}
try {
tsIn.close();
} catch (Exception ignore) {
}
}
SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);
Scheme sch = new Scheme(SCHEME_HTTPS, socketFactory, port);
httpsClient.getConnectionManager().getSchemeRegistry().register(sch);
} catch (KeyManagementException | UnrecoverableKeyException | KeyStoreException | FileNotFoundException | NoSuchAlgorithmException | ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return httpsClient;
}
thank for help!
Frank-Zhu
All 7 comments
How can I make the OkApacheClient accept self signed certificates on my test server?
mrvetz
on 16 Dec 2014
@Frank-Zhu nothing actionable we can do here on this. Are exceptions being logged?
swankjesse
on 16 Dec 2014
@swankjesse Thank you for your reply!
this is exceptions log
12-17 10:02:01.527 14150-14456/com.rongyi.rongyiguang E/NativeCrypto﹕ ssl=0x778acef0 cert_verify_callback x509_store_ctx=0x7cec7ab0 arg=0x0
12-17 10:02:01.527 14150-14456/com.rongyi.rongyiguang E/NativeCrypto﹕ ssl=0x778acef0 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA
12-17 10:02:01.550 14150-14456/com.rongyi.rongyiguang E/MyApp﹕ java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:381)
at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:235)
at com.squareup.okhttp.Connection.connect(Connection.java:153)
at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:169)
at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:119)
at com.squareup.okhttp.internal.http.RouteSelector.next(RouteSelector.java:134)
at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:314)
at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:237)
at com.squareup.okhttp.Call.getResponse(Call.java:233)
at com.squareup.okhttp.Call.execute(Call.java:84)
at com.rongyi.rongyiguang.ui.MoreActivity$2.doInBackground(MoreActivity.java:145)
at android.os.AsyncTask$2.call(AsyncTask.java:287)
at java.util.concurrent.FutureTask.run(FutureTask.java:234)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
at java.lang.Thread.run(Thread.java:838)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:276)
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:197)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:585)
at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:235)
at com.squareup.okhttp.Connection.connect(Connection.java:153)
at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:169)
at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:119)
at com.squareup.okhttp.internal.http.RouteSelector.next(RouteSelector.java:134)
at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:314)
at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:237)
at com.squareup.okhttp.Call.getResponse(Call.java:233)
at com.squareup.okhttp.Call.execute(Call.java:84)
at com.rongyi.rongyiguang.ui.MoreActivity$2.doInBackground(MoreActivity.java:145)
at android.os.AsyncTask$2.call(AsyncTask.java:287)
at java.util.concurrent.FutureTask.run(FutureTask.java:234)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
at java.lang.Thread.run(Thread.java:838)
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:276)
at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:197)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:585)
at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
at com.squareup.okhttp.Connection.upgradeToTls(Connection.java:235)
at com.squareup.okhttp.Connection.connect(Connection.java:153)
at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:169)
at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:119)
at com.squareup.okhttp.internal.http.RouteSelector.next(RouteSelector.java:134)
at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:314)
at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:237)
at com.squareup.okhttp.Call.getResponse(Call.java:233)
at com.squareup.okhttp.Call.execute(Call.java:84)
at com.rongyi.rongyiguang.ui.MoreActivity$2.doInBackground(MoreActivity.java:145)
at android.os.AsyncTask$2.call(AsyncTask.java:287)
at java.util.concurrent.FutureTask.run(FutureTask.java:234)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
at java.lang.Thread.run(Thread.java:838)
iNoles
on 17 Dec 2014
Did you find the solution for this ?
CongBaDo
on 15 Sep 2015
你好,我也遇到这个问题,用的是okhttp3访问https,也是想绕过认证,但是现在好像没这个方法了,有什么解决的办法吗
mawenge
on 4 Apr 2016
👍4
@mawenge 后来解决没有?能否告知一下解决办法,我这搜索了半天也不知道怎么弄,改来改去还是那个错
aolphn
on 7 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings
Related issues
albka1986
·
3Comments
SElab2019
·
3Comments
TheLester
·
3Comments
tangjiabing
·
3Comments
vanshg
·
3Comments
Most helpful comment
你好,我也遇到这个问题,用的是okhttp3访问https,也是想绕过认证,但是现在好像没这个方法了,有什么解决的办法吗