安卓 N java.security.cert.CertPathValidatorException : Trust anchor for certification path not found

标签 android android-7.0-nougat

在我的应用程序中,我使用自签名证书通过 https 进行连接。当 compilesdk 设置为 < 24 时,应用程序运行良好,但是当 compilesdk 设置为 24 时,我的应用程序无法通过 https 连接到服务器并抛出以下异常:

07-27 14:35:52.927 11424-11956/com.test.Push W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call.getResponse(Call.java:286)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.worklight.wlclient.CertificatePinningInterceptor.intercept(CertificatePinningInterceptor.java:20)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:232)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.worklight.wlclient.OkHttpInterceptor.intercept(OkHttpInterceptor.java:145)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:232)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.squareup.okhttp.Call.execute(Call.java:80)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at com.worklight.wlclient.WLRequestSender.run(WLRequestSender.java:49)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
07-27 14:35:52.927 11424-11956/com.test.Push W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at java.lang.Thread.run(Thread.java:761)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
07-27 14:35:52.928 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
07-27 14:35:52.929 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
07-27 14:35:52.929 11424-11956/com.test.Push W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
07-27 14:35:52.929 11424-11956/com.test.Push W/System.err:  ... 20 more
07-27 14:35:52.929 11424-11956/com.test.Push W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
07-27 14:35:52.929 11424-11956/com.test.Push W/System.err:  ... 30 more

我遵循了这里提到的步骤 https://developer.android.com/preview/features/security-config.html ,但是我的应用程序仍然无法通过 https 连接到服务器。我的 network_security_config.xml 如下:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config>
        <domain includeSubdomains="true">test.abc.com</domain>
        <trust-anchors>
            <certificates src="@raw/ca_norton"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

在我的 AndroidManifest.xml 中,在应用程序标签下包含以下内容

 <meta-data android:name="android.security.net.config"
            android:resource="@xml/network_security_config" />

ca_norton.crt 也被复制到原始文件夹中。我在这里错过了什么吗?提前致谢。

最佳答案

在 list 中指定网络安全配置的正确方法是:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config"
           ... >
    ...
    </application>
</manifest>

参见 https://developer.android.com/preview/features/security-config.html#manifest .元数据方法仅出现在早期的 N 预览版中,不再受支持。

关于安卓 N java.security.cert.CertPathValidatorException : Trust anchor for certification path not found,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38608850/

上一篇:android - 如何在关闭 android 中的弹出窗口之前在弹出窗口内设置动画 View ?

下一篇:android - 在谷歌地图上沿道路或多段线移动标记

相关文章:

android - 具有自定义样式的 TextView 导致奇怪的膨胀异常

android - 无法在 Nougat 中使用 Adob​​e 打开 PDF 文件

android - 牛轧糖版本的快捷方式

android - 嵌套协调器 + AppBar 布局不起作用

java - android 读取多个txt文件并整理出来

android - Flutter Plugin : crash_dump. cpp:无法附加到线程 185:权限被拒绝

android - PackageManager.getInstalledApplications(0);在安卓 7.0

java - Android N - 在运行时更改区域设置

android - SecureRandom 提供程序 "Crypto"在 Android N 中无法确定地生成 key

java - 如何返回 DocumentSnapShot 作为方法的结果?

©2024 IT工具网  联系我们