qq_27532517
zmc969213509
采纳率0%
2017-07-14 08:58 阅读 1.3k

Android https 双向验证 报错

20

错误:java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

参数
// private final static String CLIENT_PRI_KEY = "zydClient.cer";
private final static String CLIENT_PRI_KEY = "zydClient.p12";
// private final static String CLIENT_PRI_KEY = "client.bks";
// private final static String CLIENT_PRI_KEY = "214065381190993.pfx";
private final static String TRUSTSTORE_PUB_KEY = "server.bks";
// private final static String TRUSTSTORE_PUB_KEY = "zydServer.cer";
private final static String CLIENT_BKS_PASSWORD = "123456";
private final static String TRUSTSTORE_BKS_PASSWORD = "123456";
private final static String KEYSTORE_TYPE = "BKS";
private final static String PROTOCOL_TYPE = "TLS";
private final static String CERTIFICATE_STANDARD = "X509";
private static final String KEY_STORE_TYPE_BKS = "bks";//证书类型 固定值
private static final String KEY_STORE_TYPE_P12 = "PKCS12";//证书类型 固定值

代码
try {
            // 服务器端需要验证的客户端证书,其实就是客户端的keystore
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);
            // 客户端信任的服务器端证书
            KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);

            //读取证书
            ksIn = context.getAssets().open(CLIENT_PRI_KEY);
            tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY);

            //加载证书
            keyStore.load(ksIn, CLIENT_BKS_PASSWORD.toCharArray());
            trustStore.load(tsIn, TRUSTSTORE_BKS_PASSWORD.toCharArray());


            //初始化SSLContext
            SSLContext sslContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
            trustManagerFactory.init(trustStore);
            keyManagerFactory.init(keyStore, CLIENT_BKS_PASSWORD.toCharArray());
            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

            //通过HttpsURLConnection设置链接
            SSLSocketFactory socketFactory = sslContext.getSocketFactory();
            HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

            URL connectUrl = new URL(str_url);
            HttpsURLConnection conn = (HttpsURLConnection) connectUrl.openConnection();
            //设置ip授权认证:如果已经安装该证书,可以不设置,否则需要设置
            conn.setHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });

            InputStream is = conn.getInputStream();
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

4条回答 默认 最新

  • qq_25981933 SwordDevil_洪健 2017-07-14 08:59

    我来冒个泡 挣个C币

    点赞 评论 复制链接分享
  • qq_27532517 zmc969213509 2017-07-14 09:03

    求大神帮忙解决疑问啊

    点赞 评论 复制链接分享
  • qq_27532517 zmc969213509 2017-07-14 09:28

    顶上去。。。。。。。。。。。。。。。。。。。。。。。

    点赞 评论 复制链接分享
  • qq_23292875 Hefei19881002 2017-07-14 09:55

    信任库用TrustManagerFactory.getInstance()吧

    点赞 评论 复制链接分享

相关推荐