1

在我的android應用程序中,我通過https連接。我正在使用自簽名證書進行連接。 它正在以下API級別24(機器人牛軋糖之前),但在Android牛軋糖,它拋出的SSL握手異常設備:SSL握手異常,同時通過https連接使用Android中的自簽名證書Nougat

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException:未找到 認證路徑的信任錨點。

我這是怎麼連接通過https: -

SSLContext context = null; 
    try 
    { 
     KeyStore keyStore = KeyStore.getInstance("PKCS12"); 
     // Get the raw resource, which contains the keystore with 
     // your trusted certificates (root and any intermediate certs) 
     InputStream input = new BufferedInputStream(context.getAssets().open(pkcsFilename)); 
     try { 
      // Initialize the keystore with the provided trusted certificates 
      // Also provide the password of the keystore 
      keyStore.load(input, password.toCharArray()); 
     } finally { 
      input.close(); 
     } 

     KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
     keyFactory.init(keyStore, "".toCharArray()); 

     // Load CAs from an InputStream 
     // (could be from a resource or ByteArrayInputStream or ...) 
     CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
     Certificate ca = null; 
     input = new BufferedInputStream(context.getAssets().open(certificateFilename)); 
     try 
     { 
      ca = cf.generateCertificate(input); 
     } 
     finally 
     { 
      input.close(); 
     } 
     KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
     trustStore.load(null, null); 
     trustStore.setCertificateEntry("server", ca); 

     // Create a TrustManager that trusts the CAs in our KeyStore 
     TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
     tmf.init(trustStore); 

     // Create an SSLContext that uses our TrustManager 
     context = SSLContext.getInstance("TLS"); 
     context.init(keyFactory.getKeyManagers(), tmf.getTrustManagers(), null); 

     HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); 

我嘗試以下link,但它並不能幫助。

這是我的網絡配置文件。我已將它添加到我的AndroidManifest.xml文件中。

<?xml version="1.0" encoding="utf-8"?> 
<network-security-config> 
    <domain-config> 
     <domain includeSubdomains="true">xyz.com</domain> 
     <trust-anchors> 
     <certificates src="@raw/root_ca" /> 
     </trust-anchors> 
    </domain-config> 
</network-security-config> 

請幫我解決這個問題。

回答

0

我得到它通過添加自定義信任管理器的工作時間 重新啓動服務器。初始化SSL上下文context.init(keyFactory.getKeyManagers(), tmf.getTrustManagers(), null);

I modified it as : 

context.init(keyFactory.getKeyManagers(), new TrustManager[] { tm }, null); 
TrustManager tm = new X509TrustManager() { 
       public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
       } 

       public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
        for (int j=0; j<chain.length; j++) 
        { 
         chain[j].checkValidity(); 
         try { 
          chain[j].verify(ca.getPublicKey()); 
         } catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | 
           SignatureException e) { 
          e.printStackTrace(); 
          throw new CertificateException(e.getMessage()); 
         } 
        } 
       } 

       public X509Certificate[] getAcceptedIssuers() { 
        return null; 
       } 
      }; 

我使用服務器證書驗證證書。現在它的工作。

相關問題