解决以下异常问题:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
1.在new OkHttpClient()时忽略
public OKHttpUtil(Context context) {
this.context = context;
buildType = context.getResources().getString(R.string.buildType);
dbManager = new DBManager(context);
mOkHttpClient = new OkHttpClient();
mOkHttpClient.setSslSocketFactory(createSSLSocketFactory()); //**重点**在new OkHttpClient()下添加此代码进行ssl的忽略
}
private SSLSocketFactory createSSLSocketFactory() {
SSLSocketFactory ssfFactory = null;
try {
mMyTrustManager = new MyTrustManager();
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{mMyTrustManager}, new SecureRandom());
ssfFactory = sc.getSocketFactory();
} catch (Exception ignored) {
ignored.printStackTrace();
}
return ssfFactory;
}
//实现X509TrustManager接口
public static class MyTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
2.在webview中忽略
webview.setWebViewClient(new WebViewClient() {
@Override
public void onPageFinished(WebView view, String url) {
ptrFrame.refreshComplete();
}
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed();//**重点**接受所有证书验证
}
});
3.在HttpURLConnection时忽略
private static InputStream getImageStream(String urlParam) throws Exception {
AppLog.i("hxiao 3, ThreadId="+Thread.currentThread().getId());
URL url = new URL(urlParam);
HttpURLConnection conn = null;
//**关键代码**
//ignore https certificate validation |忽略 https 证书验证
if (url.getProtocol().toUpperCase().equals("HTTPS")) {
trustAllHosts();
HttpsURLConnection https = (HttpsURLConnection) url
.openConnection();
https.setHostnameVerifier(InternetUtil.DO_NOT_VERIFY);
conn = https;
} else {
conn = (HttpURLConnection) url.openConnection();
}
conn.setConnectTimeout(5 * 1000);
conn.setRequestMethod("GET");
AppLog.i("wzz----conn.getResponseCode()------"+conn.getResponseCode());
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
return conn.getInputStream();
}
return null;
}
public static void trustAllHosts() {
// Create a trust manager that does not validate certificate chains
// Android use X509 cert
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
} };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}
}
public final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
