CertPathValidatorException:未找到证书路径的信任锚 - Retrofit Android

问题描述

https域名,okhttp3请求报java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.错误

解决方法

import java.security.SecureRandom;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSession;

import javax.net.ssl.SSLSocketFactory;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

public class SSLSocketClient {

//获取这个SSLSocketFactory

    public static SSLSocketFactorygetSSLSocketFactory() {

try {

SSLContext sslContext = SSLContext.getInstance("SSL");

            sslContext.init(null, getTrustManager(), new SecureRandom());

            return sslContext.getSocketFactory();

        }catch (Exception e) {

throw new RuntimeException(e);

        }

}

public static final X509TrustManagerIGNORE_SSL_TRUST_MANAGER_X509 =new X509TrustManager() {

@Override

        public void checkClientTrusted(X509Certificate[] chain, String authType) {

}

@Override

        public void checkServerTrusted(X509Certificate[] chain, String authType) {

}

@Override

        public X509Certificate[]getAcceptedIssuers() {

return new X509Certificate[] {};

        }

};

    //获取TrustManager

    public static TrustManager[]getTrustManager() {

TrustManager[] trustAllCerts =new TrustManager[]{

new X509TrustManager() {

@Override

                    public void checkClientTrusted(X509Certificate[] chain, String authType) {

}

@Override

                    public void checkServerTrusted(X509Certificate[] chain, String authType) {

}

@Override

                    public X509Certificate[]getAcceptedIssuers() {

return new X509Certificate[]{};

                    }

}

};

        return trustAllCerts;

    }

//获取HostnameVerifier

    public static HostnameVerifiergetHostnameVerifier() {

HostnameVerifier hostnameVerifier =new HostnameVerifier() {

@Override

            public boolean verify(String s, SSLSession sslSession) {

return true;

            }

};

        return hostnameVerifier;

    }

}


通过这个类我们可以获得SSLSocketFactory,这个东西就是用来管理证书和信任证书的,然后还需要配置一个HostnameVerifier来忽略host验证,然后我们在Okhttp3中设置一下这两个属性。


client = new OkHttpClient.Builder()

                .connectTimeout(1, TimeUnit.SECONDS)

                .sslSocketFactory(SSLSocketClient.getSSLSocketFactory(),SSLSocketClient.IGNORE_SSL_TRUST_MANAGER_X509)

                .hostnameVerifier(SSLSocketClient.getHostnameVerifier())

©著作权归作者所有,转载或内容合作请联系作者
【社区内容提示】社区部分内容疑似由AI辅助生成,浏览时请结合常识与多方信息审慎甄别。
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

相关阅读更多精彩内容

友情链接更多精彩内容