Android截击错误:“未找到证书路径的信任锚”,仅在真实的设备中,而不是模拟器中

hfwmuf9z  于 2023-06-04  发布在  Android
关注(0)|答案(5)|浏览(197)

我在我的Android应用程序中遇到了一个问题,在我的一个片段中,我使用volley来执行网络请求:

JsonObjectRequest request = new JsonObjectRequest(
            Request.Method.POST,
            CustomNetworkManager.getInstance(this.getActivity().getApplicationContext()).getRequestUrl(url),
            requestData,
            new Response.Listener<JSONObject>() {
                @Override
                public void onResponse(JSONObject response) {
                    // process response
                    } catch (JSONException e) {
                        e.printStackTrace();
                    }
                }
            },
            new Response.ErrorListener() {
                @Override
                public void onErrorResponse(VolleyError error) {
                    Log.d("FeedFragment", "Volley error: " + error.toString());
                }
            });

在一个真实的设备上,我得到以下错误(运行API 23):

D/FeedFragment: Volley error: com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

在运行相同API版本的AVD中,它工作正常。我检查了其他类似的线程,但找不到答案。
谢谢你的帮助

edit:如果有人遇到同样的错误,请确保您的证书没有任何问题(http://developer.android.com/intl/pt-br/training/articles/security-ssl.html#CommonProblems)

bq8i3lrv

bq8i3lrv1#

尝试将此函数添加到您的应用程序中:

/**
     * Enables https connections
     */
    @SuppressLint("TrulyRandom")
    public static void handleSSLHandshake() {
        try {
            TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }

                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }};

            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String arg0, SSLSession arg1) {
                    return true;
                }
            });
        } catch (Exception ignored) {
        }
    }

然后在Application onCreate中调用它。

更新:

此代码不相关,不应使用!这是Google禁止的。有关更多信息,请查看here

toe95027

toe950272#

万一有人还在用Volley...
按照此处的说明操作:
https://developer.android.com/training/articles/security-ssl#java
下载证书文件(.crt),将其放入assets目录(在java和res目录旁边),然后更改以下代码:

InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));

使用资源中的文件:

InputStream caInput = new BufferedInputStream(getAssets().open("load-der.crt"));

忘了后面的部分吧

// Tell the URLConnection to use a SocketFactory from our SSLContext

并添加一行:

HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());

在建立任何连接之前运行此代码。
就这样

inb24sb2

inb24sb23#

这解决了我的问题,试图运行我的android凌空应用程序对弧焊机只需要运行一次。。在最初的飞溅活动

z9smfwbn

z9smfwbn4#

步骤1:创建一个实现X509TrustManagerHttpsTrustManager类:

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsTrustManager implements X509TrustManager {

    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

    @Override
    public void checkClientTrusted(
            java.security.cert.X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    @Override
    public void checkServerTrusted(
            java.security.cert.X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    public boolean isClientTrusted(X509Certificate[] chain) {
        return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
        return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }

        });

        SSLContext context = null;
        if (trustManagers == null) {
            trustManagers = new TrustManager[]{new HttpsTrustManager()};
        }

        try {
            context = SSLContext.getInstance("TLS");
            context.init(null, trustManagers, new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }

        HttpsURLConnection.setDefaultSSLSocketFactory(context
                .getSocketFactory());
    }

}

步骤2:在发出HTTPS请求之前添加HttpsTrustManager.allowAllSSL()

HttpsTrustManager.allowAllSSL();
tzcvj98z

tzcvj98z5#

我的问题是查尔斯。配置/关闭它,一切都为我工作

相关问题