使用非信任服务器自签名证书会导致“找不到证书路径的信任锚”

Question

我试图使用HttpsUrlConnction向服务器发出POST请求。通过执行以下步骤，我可以使用从服务器下载的证书创建梯形失真。

这是证书，我把它放在基石中：download the certificate

创建梯形失真的步骤：

1。从服务器下载证书

2。使用命令行从pfx文件生成密钥库。

keytool -importkeystore -srckeystore domain.pfx -srcstoretype pkcs12 -destkeystore name_of_the_keystore_file.jks -deststoretype jks

3。从密钥库中导出证书

keytool -export -alias client-alias -storepass changeit -file client.cer -keystore client_keystore.jks

4。使用证书创建信任库

keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore domain-dir / config / cacerts.jks -keypass changeit -storepass changeit

5。将所有文件放在Androidstudio的原始文件夹中。

我按照开发者指南创建了我的Mainactivity类：Security with HTTPS and SSL

我的MainActivity类：

private Certificate ca;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);


    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream ins = getResources().openRawResource(getResources().getIdentifier("trustedbankid", "raw", getPackageName()));
        ca = cf.generateCertificate(ins);
        ins.close();
    } catch (CertificateException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    } catch (IOException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    }


    try {
        String keystoreType = KeyStore.getDefaultType();
        Log.d("Keystore","Current type: "+KeyStore.getDefaultType());
        KeyStore keyStore = KeyStore.getInstance(keystoreType);
        keyStore.load(null,null);
        keyStore.setCertificateEntry("<aliens name>",ca);

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        Map<String, String> postData = new HashMap<>();
        postData.put("personalNumber","197564535512");
        postData.put("endUserIp", "<IP Address>");
        postData.put("requirement","\"{\\\"certificatePolicies\\\":[\\\"1.2.752.78.1.5\\\", \\\"1.2.752.71.1.3\\\",\n" +
                "\\\"1.2.752.78.1.2\\\"], \\\"allowFingerprint\\\": false}\"");
        HttpPostAsyncTask task = new HttpPostAsyncTask(postData,context);
        task.execute("https://appapi2.test.bankid.com/rp/v5");





    } catch (KeyStoreException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    } catch (CertificateException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    } catch (IOException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    } catch (KeyManagementException e) {
        Log.d("Error", e.toString());
        e.printStackTrace();
    }


}

这是我收到的错误消息：

2018-09-20 12：09：18.694 32103-32137 / com.example.bankidandroidfinal D /约束：java.security.cert.CertPathValidatorException：找不到证书路径的信任锚。 < / p>