javax.net.ssl.SSLException：不受信任的服務器證書 - 不斷回來

Question

我設法修復了不受信任的服務器證書錯誤，但每隔一天它又回來。我正在從第三方服務器請求XML。 我下載的證書與SSLcertDownloader並將其導入密鑰庫中：

keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord` 

它的工作原理，但在一天左右後，我得到同樣的錯誤。我現在重做了幾次，但當應用程序運行時無法使用它。什麼可能是返回錯誤的原因？

錯誤日誌：

07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate 
07-25 19:04:42.261: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269) 
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1) 
07-25 19:04:42.265: W/System.err(25342): at android.os.AsyncTask$2.call(AsyncTask.java:185) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068) 
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561) 
07-25 19:04:42.265: W/System.err(25342): at java.lang.Thread.run(Thread.java:1096) 
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. 
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168) 
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366) 
07-25 19:04:42.269: W/System.err(25342): ... 19 more 
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found. 
07-25 19:04:42.269: W/System.err(25342): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149) 
07-25 19:04:42.269: W/System.err(25342): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202) 
07-25 19:04:42.269: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164) 

編輯 - 添加的POST方法：

public String getXmlFromUrl(String url) { 
     String xml = null; 

     try { 
      // defaultHttpClient 
      DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext()); 
      HttpPost httpPost = new HttpPost(url); 

      HttpResponse httpResponse = httpClient.execute(httpPost); 

      HttpEntity httpEntity = httpResponse.getEntity(); 
      xml = EntityUtils.toString(httpEntity); 

     } catch (UnsupportedEncodingException e) { 
      e.printStackTrace(); 
     } catch (ClientProtocolException e) { 
      e.printStackTrace(); 
     } catch (IOException e) { 
      e.printStackTrace(); 
     } 
     return xml; 
    } 

MYHTTP客戶：

public class MyHttpClient extends DefaultHttpClient { 

    final Context context; 

    public MyHttpClient(Context context) { 
     this.context = context; 
    } 

    @Override 
    protected ClientConnectionManager createClientConnectionManager() { 
     SchemeRegistry registry = new SchemeRegistry(); 
     registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
     // Register for port 443 our SSLSocketFactory with our keystore 
     // to the ConnectionManager 
     registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
     return new SingleClientConnManager(getParams(), registry); 
    } 

    private SSLSocketFactory newSslSocketFactory() { 
     try { 
      // Get an instance of the Bouncy Castle KeyStore format 
      KeyStore trusted = KeyStore.getInstance("BKS"); 
      // Get the raw resource, which contains the keystore with 
      // your trusted certificates (root and any intermediate certs) 
      InputStream in = context.getResources().openRawResource(R.raw.alkeystore); 
      try { 
       // Initialize the keystore with the provided trusted certificates 
       // Also provide the password of the keystore 
       trusted.load(in, "PassWord".toCharArray()); 
      } finally { 
       in.close(); 
      } 
      // Pass the keystore to the SSLSocketFactory. The factory is responsible 
      // for the verification of the server certificate. 
      SSLSocketFactory sf = new SSLSocketFactory(trusted); 
      // Hostname verification from certificate 
      // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
      sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); 
      return sf; 
     } catch (Exception e) { 
      throw new AssertionError(e); 
     } 
    } 
} 

Answer 1

我發現，這取決於Android版本你使用，你會想要使用不同的HTTP客戶端，否則我會得到這個ssl異常。不同版本的http客戶端針對不同的android版本有不少bug。到目前爲止，我還沒有看到這個異常更多的使用這樣的：

if (UIUtils.hasGingerbread()) 
    { 
     URL myUrl = new URL(url); 
     HttpURLConnection urlConnection = (HttpURLConnection) myUrl 
       .openConnection(); 

     InputStream is = urlConnection.getInputStream(); 
     BufferedInputStream bis = new BufferedInputStream(is, 8192); 
     ByteArrayBuffer baf = new ByteArrayBuffer(300); 
     int current = 0; 
     while ((current = bis.read()) != -1) 
     { 
      baf.append((byte) current); 
     } 
     String xml = new String(baf.toByteArray());   
    } 
    else 
    { 
     DefaultHttpClient client = new DefaultHttpClient(); 
     HttpGet httpget = new HttpGet(url); 
     HttpResponse response = client.execute(httpget);    
    } 

和UIUtils.hasGingerbread：

public static boolean hasGingerbread() 
{ 
    return Build.VERSION.SDK_INT >= Build.VERSION_CODES.GINGERBREAD; 
}