无法验证证书-找到了TrustAnchor,但证书验证失败
无法验证证书-找到了TrustAnchor,但证书验证失败
提问于 2014-10-10 07:58:47
我试图建立与远程服务器的安全通信,不幸的是,这是由他们自己的认证机构签署的。我在这里读到了官方的安卓文档:https://developer.android.com/training/articles/security-ssl.html和这里写的,当认证机构不在android列表中时,您需要自己接受服务器证书。所以我就这样做了(又是从医生那里):
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.certificate);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);但是它不起作用,我收到了错误:
10-10 09:48:17.320: W/System.err(27787): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.350: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:401)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
10-10 09:48:17.350: W/System.err(27787): at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
10-10 09:48:17.370: W/System.err(27787): at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:282)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:177)
10-10 09:48:17.400: W/System.err(27787): at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271)
10-10 09:48:17.400: W/System.err(27787): at com.myapp..webservice.RequestConfigurationAsyncTask.doInBackground(RequestConfigurationAsyncTask.java:36)
10-10 09:48:17.411: W/System.err(27787): at com.myapp..webservice.RequestConfigurationAsyncTask.doInBackground(RequestConfigurationAsyncTask.java:1)
10-10 09:48:17.411: W/System.err(27787): at android.os.AsyncTask$2.call(AsyncTask.java:287)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.FutureTask.run(FutureTask.java:234)
10-10 09:48:17.441: W/System.err(27787): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
10-10 09:48:17.441: W/System.err(27787): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
10-10 09:48:17.441: W/System.err(27787): at java.lang.Thread.run(Thread.java:841)
10-10 09:48:17.461: W/System.err(27787): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.461: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:308)
10-10 09:48:17.461: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:595)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
10-10 09:48:17.471: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:398)
10-10 09:48:17.471: W/System.err(27787): ... 16 more
10-10 09:48:17.471: W/System.err(27787): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.511: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:122)
10-10 09:48:17.511: W/System.err(27787): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:190)
10-10 09:48:17.571: W/System.err(27787): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:295)
10-10 09:48:17.591: W/System.err(27787): ... 20 more
10-10 09:48:17.591: W/System.err(27787): Caused by: com.android.org.bouncycastle.jce.provider.AnnotatedException: TrustAnchor found but certificate validation failed.
10-10 09:48:17.591: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.findTrustAnchor(CertPathValidatorUtilities.java:235)
10-10 09:48:17.591: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:117)
10-10 09:48:17.591: W/System.err(27787): ... 22 more
10-10 09:48:17.591: W/System.err(27787): Caused by: java.security.SignatureException: Signature was not verified
10-10 09:48:17.591: W/System.err(27787): at org.apache.harmony.security.provider.cert.X509CertImpl.verify(X509CertImpl.java:384)
10-10 09:48:17.601: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.verifyX509Certificate(CertPathValidatorUtilities.java:1427)
10-10 09:48:17.621: W/System.err(27787): at com.android.org.bouncycastle.jce.provider.CertPathValidatorUtilities.findTrustAnchor(CertPathValidatorUtilities.java:222)
10-10 09:48:17.621: W/System.err(27787): ... 23 more为什么我要找到TrustAnchor,但是证书验证失败了?看起来证书被加载了,但是它不正确或有效,但是我通过web浏览器下载了页面证书( crt,pem格式,但都没有工作),所以它应该能工作。怎么了?
回答 2
Stack Overflow用户
发布于 2014-10-10 08:11:31
有三个原因,请看下面的链接
颁发服务器证书的CA未知服务器证书不是由CA签名的,而是自签名的服务器配置缺少中间CA
https://developer.android.com/training/articles/security-ssl.html
Stack Overflow用户
发布于 2017-04-26 05:23:04
在普通的java应用程序中,这对我起作用,而在android中则不然。
新org.bouncycastle.jce.provider.BouncyCastleProvider(),1(Security.insertProviderAt);
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/26294549
复制相关文章
相似问题
腾讯云开发者
