1
我正在嘗試與遠程服務器建立安全通信,但不幸由自己的證書頒發機構簽署。我在這裏閱讀官方的android文檔:https://developer.android.com/training/articles/security-ssl.html,它寫在這裏,當認證機構不在android列表中時,您需要自己接受服務器證書。所以,我沒有像這樣(再次從文檔):無法驗證證書 - 發現TrustAnchor但證書驗證失敗
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.certificate);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
但它不工作,我得到錯誤:
10-10 09:48:17.320: W/System.err(27787): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.350: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:401)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
10-10 09:48:17.370: W/System.err(27787): at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:282)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:177)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271)
10-10 09:48:17.400: W/System.err(27787): at com.myapp..webservice.RequestConfigurationAsyncTask.doInBackground(RequestConfigurationAsyncTask.java:36)
10-10 09:48:17.411: W/System.err(27787): at com.myapp..webservice.RequestConfigurationAsyncTask.doInBackground(RequestConfigurationAsyncTask.java:1)
10-10 09:48:17.411: W/System.err(27787): at android.os.AsyncTask$2.call(AsyncTask.java:287)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.FutureTask.run(FutureTask.java:234)
10-10 09:48:17.441: W/System.err(27787): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
10-10 09:48:17.441: W/System.err(27787): at java.lang.Thread.run(Thread.java:841)
10-10 09:48:17.461: W/System.err(27787): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.461: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:308)
10-10 09:48:17.461: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:595)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:398)
10-10 09:48:17.471: W/System.err(27787): ... 16 more
10-10 09:48:17.471: W/System.err(27787): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.511: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:122)
10-10 09:48:17.511: W/System.err(27787): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
10-10 09:48:17.571: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295)
10-10 09:48:17.591: W/System.err(27787): ... 20 more
10-10 09:48:17.591: W/System.err(27787): Caused by: com.android.org.bouncycastle.jce.provider.AnnotatedException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.591: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.findTrustAnchor(CertPathValidatorUtilities.java:235)
10-10 09:48:17.591: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:117)
10-10 09:48:17.591: W/System.err(27787): ... 22 more
10-10 09:48:17.591: W/System.err(27787): Caused by: java.security.SignatureException: Signature was not verified
10-10 09:48:17.591: W/System.err(27787): at org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:384)
10-10 09:48:17.601: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.verifyX509Certificate(CertPathValidatorUtilities.java:1427)
10-10 09:48:17.621: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.findTrustAnchor(CertPathValidatorUtilities.java:222)
10-10 09:48:17.621: W/System.err(27787): ... 23 more
爲什麼我得到TrustAnchor的發現,但證書驗證失敗?看起來像證書已加載,但它是不正確或有效的 - 但我通過網頁瀏覽器下載證書(在crt,pem格式但沒有任何工作),所以它應該工作。怎麼了?
你有沒有檢查你的最小SDK和目標SDK? – Boldbayar 2014-10-10 08:03:39
分鐘是14,目標是19 ...爲什麼? – qkx 2014-10-10 08:04:17