onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
在之前接入php介面時是http沒有任何問題完美跑通
但在正式環境下域名切換到https下就會出現一個例外
onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我以為是后臺配置的ssl問題 我在專案中assets下也配置了ssl并在OkHttp下設定了路徑
public static SSLSocketFactory getSslSocketFactory() {
SSLContext sslContext = null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate ca;
InputStream certificates = null;
try {
certificates = MyApplication.APP.getAssets().open("cmzk.cer");
ca = certificateFactory.generateCertificate(certificates);
} finally {
if (certificates != null) {
certificates.close();
}
}
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tmf.getTrustManagers(), null);
} catch (Exception e) {
e.printStackTrace();
}
return sslContext != null ? sslContext.getSocketFactory() : null;
}
在創建OkHttp實體時配置ssl證書,發現并沒任何用還是會拋出ssl例外
okHttpClient = new OkHttpClient.Builder()
.connectTimeout(CON_TIME, TimeUnit.SECONDS)
.readTimeout(READ_TIME, TimeUnit.SECONDS)
.writeTimeout(WRITE_TIME, TimeUnit.SECONDS)
.addNetworkInterceptor(internateInttercepter)
.addInterceptor(appInterceptor)
.sslSocketFactory(getSslSocketFactory())//設定https證書
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
})
.cache(cache)
.build();
到這里就很神奇了?
我沒有配置ssl也會例外,我配置了還會例外 ****(口吐芬芳)
后來發現OkHttp默認驗證SSL 那么給他關掉不久好了(想法 idea)
private SSLSocketFactory createSSLSocketFactory() {
SSLSocketFactory ssfFactory = null;
try {
MyTrustManager mMyTrustManager = new MyTrustManager();
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{mMyTrustManager}, new SecureRandom());
ssfFactory = sc.getSocketFactory();
} catch (Exception ignored) {
ignored.printStackTrace();
}
return ssfFactory;
}
//實作X509TrustManager介面
public static class MyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
okHttpClient = new OkHttpClient.Builder()
.connectTimeout(CON_TIME, TimeUnit.SECONDS)
.readTimeout(READ_TIME, TimeUnit.SECONDS)
.writeTimeout(WRITE_TIME, TimeUnit.SECONDS)
.addNetworkInterceptor(internateInttercepter)
.addInterceptor(appInterceptor)
// .sslSocketFactory(getSslSocketFactory())//設定https證書
.sslSocketFactory(createSSLSocketFactory())//忽略ssl驗證
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})
.cache(cache)
.build();
測驗完美跑通!
*注意 Retrofit也是一樣哦
針對https的處理,目前主要有兩種方式:
客戶端默認信任全部證書
對自簽名網址進行證書的單獨處理
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/280634.html
標籤:其他
上一篇:用安全策略加固無線局域網安全