Question

我设法修复了不受信任的服务器证书错误，但每隔一天它就会恢复。我正在从第三方服务器请求XML。我使用SSLcertDownloader下载了证书并将其导入密钥库：

keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord`

它有效，但一天左右后我得到了同样的错误。我现在重做了几次，但是当应用程序运行时无法使用它。返回错误的原因是什么？

错误日志：

07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate
07-25 19:04:42.261: W/System.err(25342):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
07-25 19:04:42.261: W/System.err(25342):    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
07-25 19:04:42.265: W/System.err(25342):    at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85)
07-25 19:04:42.265: W/System.err(25342):    at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330)
07-25 19:04:42.265: W/System.err(25342):    at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269)
07-25 19:04:42.265: W/System.err(25342):    at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1)
07-25 19:04:42.265: W/System.err(25342):    at android.os.AsyncTask$2.call(AsyncTask.java:185)
07-25 19:04:42.265: W/System.err(25342):    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
07-25 19:04:42.265: W/System.err(25342):    at java.util.concurrent.FutureTask.run(FutureTask.java:137)
07-25 19:04:42.265: W/System.err(25342):    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-25 19:04:42.265: W/System.err(25342):    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-25 19:04:42.265: W/System.err(25342):    at java.lang.Thread.run(Thread.java:1096)
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.265: W/System.err(25342):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
07-25 19:04:42.265: W/System.err(25342):    at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
07-25 19:04:42.269: W/System.err(25342):    ... 19 more
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.269: W/System.err(25342):    at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
07-25 19:04:42.269: W/System.err(25342):    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
07-25 19:04:42.269: W/System.err(25342):    at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)

编辑 - 添加了帖子方法：

public String getXmlFromUrl(String url) {
        String xml = null;

        try {
            // defaultHttpClient
            DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext());
            HttpPost httpPost = new HttpPost(url);

            HttpResponse httpResponse = httpClient.execute(httpPost);

            HttpEntity httpEntity = httpResponse.getEntity();
            xml = EntityUtils.toString(httpEntity);

        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (ClientProtocolException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return xml;
    }

MYHTTP客户：

public class MyHttpClient extends DefaultHttpClient {

    final Context context;

    public MyHttpClient(Context context) {
        this.context = context;
    }

    @Override
    protected ClientConnectionManager createClientConnectionManager() {
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        // Register for port 443 our SSLSocketFactory with our keystore
        // to the ConnectionManager
        registry.register(new Scheme("https", newSslSocketFactory(), 443));
        return new SingleClientConnManager(getParams(), registry);
    }

    private SSLSocketFactory newSslSocketFactory() {
        try {
            // Get an instance of the Bouncy Castle KeyStore format
            KeyStore trusted = KeyStore.getInstance("BKS");
            // Get the raw resource, which contains the keystore with
            // your trusted certificates (root and any intermediate certs)
            InputStream in = context.getResources().openRawResource(R.raw.alkeystore);
            try {
                // Initialize the keystore with the provided trusted certificates
                // Also provide the password of the keystore
                trusted.load(in, "PassWord".toCharArray());
            } finally {
                in.close();
            }
            // Pass the keystore to the SSLSocketFactory. The factory is responsible
            // for the verification of the server certificate.
            SSLSocketFactory sf = new SSLSocketFactory(trusted);
            // Hostname verification from certificate
            // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
            sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
            return sf;
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }
}

Answer 1

我发现根据你使用的是哪个版本的android，你会想要使用不同的HTTP客户端，否则我会得到这个ssl异常。对于不同的Android版本，不同版本的http客户端存在相当多的错误。到目前为止，我还没有看到这个例外：

if (UIUtils.hasGingerbread())
    {
        URL myUrl = new URL(url);
        HttpURLConnection urlConnection = (HttpURLConnection) myUrl
                .openConnection();

        InputStream is = urlConnection.getInputStream();
        BufferedInputStream bis = new BufferedInputStream(is, 8192);
        ByteArrayBuffer baf = new ByteArrayBuffer(300);
        int current = 0;
        while ((current = bis.read()) != -1)
        {
            baf.append((byte) current);
        }
        String xml = new String(baf.toByteArray());         
    }
    else
    {
        DefaultHttpClient client = new DefaultHttpClient();
        HttpGet httpget = new HttpGet(url);
        HttpResponse response = client.execute(httpget);            
    }

和UIUtils.hasGingerbread：

public static boolean hasGingerbread()
{
    return Build.VERSION.SDK_INT >= Build.VERSION_CODES.GINGERBREAD;
}

javax.net.ssl.SSLException：不受信任的服务器证书 - 不断回来

1 个答案: