在我的android應用程序中,我通過https連接。我正在使用自簽名證書進行連接。 它正在以下API級別24(機器人牛軋糖之前),但在Android牛軋糖,它拋出的SSL握手異常設備:SSL握手異常,同時通過https連接使用Android中的自簽名證書Nougat
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException:未找到 認證路徑的信任錨點。
我這是怎麼連接通過https: -
SSLContext context = null;
try
{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream input = new BufferedInputStream(context.getAssets().open(pkcsFilename));
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
keyStore.load(input, password.toCharArray());
} finally {
input.close();
}
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, "".toCharArray());
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = null;
input = new BufferedInputStream(context.getAssets().open(certificateFilename));
try
{
ca = cf.generateCertificate(input);
}
finally
{
input.close();
}
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
trustStore.setCertificateEntry("server", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
// Create an SSLContext that uses our TrustManager
context = SSLContext.getInstance("TLS");
context.init(keyFactory.getKeyManagers(), tmf.getTrustManagers(), null);
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
我嘗試以下link,但它並不能幫助。
這是我的網絡配置文件。我已將它添加到我的AndroidManifest.xml文件中。
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">xyz.com</domain>
<trust-anchors>
<certificates src="@raw/root_ca" />
</trust-anchors>
</domain-config>
</network-security-config>
請幫我解決這個問題。