本文介绍了获取SSLHandShakeException的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 当我正在访问wsdl url时,我在android中得到异常While I am accessing the wsdl url I am getting the exception in androidjavax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.我已经使用 ksoap2 库来执行 WSDL 文件。i have used ksoap2 library for executing the WSDL file.我也实施了认证课程,但我遇到了同样的问题。I had also implemented certification classes, but i am getting the same issue请告知是否有任何解决方案。please tell if there is any solution for this.我正在使用这两个类进行认证:I am using these two classes for certification: AndroidInsecureHttpsServiceConnectionSE类: package com.example.androidwsdltest;import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.net.URL;import java.security.KeyManagementException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import java.util.Iterator;import java.util.LinkedList;import java.util.List;import java.util.Map;import java.util.Set;import javax.net.ssl.HostnameVerifier;import javax.net.ssl.HttpsURLConnection;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSession;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import javax.net.ssl.X509TrustManager;import org.ksoap2.HeaderProperty;import org.ksoap2.transport.ServiceConnection;import android.util.Log;public class AndroidInsecureHttpsServiceConnectionSE implements ServiceConnection { private HttpsURLConnection connection; public AndroidInsecureHttpsServiceConnectionSE(String host, int port, String file, int timeout) throws IOException { // allowAllSSL(); connection = (HttpsURLConnection) new URL("https", host, port, file) .openConnection(); updateConnectionParameters(timeout); } private static TrustManager[] trustManagers; public static class EasyX509TrustManager implements X509TrustManager { private X509TrustManager standardTrustManager = null; /** * Constructor for EasyX509TrustManager. */ public EasyX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); TrustManagerFactory factory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init(keystore); TrustManager[] trustmanagers = factory.getTrustManagers(); if (trustmanagers.length == 0) { throw new NoSuchAlgorithmException("no trust manager found"); } this.standardTrustManager = (X509TrustManager) trustmanagers[0]; } /** * @see * javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate * [],String authType) */ public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException { standardTrustManager.checkClientTrusted(certificates, authType); } /** * @see * javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate * [],String authType) */ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if ((certificates != null) && (certificates.length == 1)) { certificates[0].checkValidity(); } else { standardTrustManager.checkServerTrusted(certificates, authType); } } /** * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() */ public X509Certificate[] getAcceptedIssuers() { return this.standardTrustManager.getAcceptedIssuers(); } } public static class FakeX509TrustManager implements X509TrustManager { private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {}; public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public boolean isClientTrusted(X509Certificate[] chain) { return true; } public boolean isServerTrusted(X509Certificate[] chain) { return true; } public X509Certificate[] getAcceptedIssuers() { return (_AcceptedIssuers); } } /** * Allow all SSL certificates by setting up a host name verifier that passes * everything and as well setting up a SocketFactory with the * #FakeX509TrustManager. */ public static void allowAllSSL() { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { // TODO Auto-generated method stub return true; } }); SSLContext context = null; if (trustManagers == null) { try { trustManagers = new TrustManager[] { new EasyX509TrustManager( null) }; } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (KeyStoreException e) { // TODO Auto-generated catch block e.printStackTrace(); } } try { context = SSLContext.getInstance("TLS"); context.init(null, trustManagers, new SecureRandom()); } catch (NoSuchAlgorithmException e) { Log.e("allowAllSSL", e.toString()); } catch (KeyManagementException e) { Log.e("allowAllSSL", e.toString()); } // HttpsURLConnection.setDefaultAllowUserInteraction(true); HttpsURLConnection.setDefaultSSLSocketFactory(context .getSocketFactory()); } /** * update the connection with the timeout parameter as well as allowing SSL * if the Android version is 7 or lower (since these versions have a broken * certificate manager, which throws a SSL exception saying "Not trusted * security certificate" * * @param timeout */ private void updateConnectionParameters(int timeout) { connection.setConnectTimeout(timeout); // 20 seconds connection.setReadTimeout(timeout); // even if we connect fine we want // to time out if we cant read // anything.. connection.setUseCaches(false); connection.setDoOutput(true); connection.setDoInput(true); allowAllSSL(); /* * int buildVersion = Build.VERSION.SDK_INT; if (buildVersion <= 7) { * Log.d("Detected old operating system version " + buildVersion + * " with SSL certificate problems. Allowing " + "all certificates.", * String.valueOf(buildVersion)); allowAllSSL(); } else { * Log.d("Full SSL active on new operating system version ", * String.valueOf(buildVersion)); } */ } public void connect() throws IOException { connection.connect(); } public void disconnect() { connection.disconnect(); } public List getResponseProperties() { Map properties = connection.getHeaderFields(); Set keys = properties.keySet(); List retList = new LinkedList(); for (Iterator i = keys.iterator(); i.hasNext();) { String key = (String) i.next(); List values = (List) properties.get(key); for (int j = 0; j < values.size(); j++) { retList.add(new HeaderProperty(key, (String) values.get(j))); } } return retList; } public void setRequestProperty(String key, String value) { // We want to ignore any setting of "Connection: close" because // it is buggy with Android SSL. if ("Connection".equalsIgnoreCase(key) && "close".equalsIgnoreCase(value)) { // do nothing } else { connection.setRequestProperty(key, value); } } public void setRequestMethod(String requestMethod) throws IOException { connection.setRequestMethod(requestMethod); } public OutputStream openOutputStream() throws IOException { return connection.getOutputStream(); } public InputStream openInputStream() throws IOException { return connection.getInputStream(); } public InputStream getErrorStream() { return connection.getErrorStream(); } public String getHost() { return connection.getURL().getHost(); } public int getPort() { return connection.getURL().getPort(); } public String getPath() { return connection.getURL().getPath(); }} AndroidInsecureKeepAliveHttpsTransportSE类: / strong>AndroidInsecureKeepAliveHttpsTransportSE class: package com.example.androidwsdltest;import java.io.IOException;import org.ksoap2.transport.HttpsTransportSE;import org.ksoap2.transport.ServiceConnection;public class AndroidInsecureKeepAliveHttpsTransportSE extends HttpsTransportSE { private AndroidInsecureHttpsServiceConnectionSE conn = null; private final String host; private final int port; private final String file; private final int timeout; public AndroidInsecureKeepAliveHttpsTransportSE(String host, int port, String file, int timeout) { super(host, port, file, timeout); this.host = host; this.port = port; this.file = file; this.timeout = timeout; } @Override protected ServiceConnection getServiceConnection() throws IOException { super.getServiceConnection(); conn = new AndroidInsecureHttpsServiceConnectionSE(host, port, file, timeout); conn.setRequestProperty("Connection", "keep-alive"); return conn; }}使用这些认证课后,我得到了同样的异常After using these certification classes I am getting the same exception请帮助我..提前感谢......:)Thanks in advance......:)推荐答案您将获得授权的SSL证书 - 这可能会解决问题,这是解决问题的最佳方法。You shall have an authorized SSL certificate - That may solve the problem, and that is the best way solving the problem. 如果没有,您必须工作一点:概念是使用SSL Android的安卓程序比平时更难,而且您的Android机器上将拥有证书的权限,所以您应该在Android上安装一个基本密钥库(如谷歌商店,但是免费,并且在自己的Android上),并且通过一些基本的操作,您自己的信任。The concept is that when using SSL, Android is little tougher than usual, and you shall have the certificate rights on your android, so for that, you shall have a basic keystore on your Android (like google store, but for free, and on your own Android), and make your own one trusted, by some basic manipulations. 在服务器上查找证书,并使用私钥导出(您将具有管理员权限) 。这可以通过从start-> run + certmgr.msc运行来完成。 查找受信任的根证书颁发机构。找到您的证书并进行导出(keytool可以加载现有的pfx证书,* .cer类证书,可能没有什么问题。 你将有一个keytool,你可以找到解释在 http://keytool.sourceforge.net/ 您可以安装,但我更喜欢以下推荐:这是通过帮助完成 - 软件更新 - 查找和安装 - 搜索新功能.... 单击新建远程站点并添加 http://keytool.sourceforge.net/update 在名称和URL中,并确保其已被检查命中完成。 添加新的密钥库,并加载证书(使用pcs12协议,选择您可以记住的密码)。 代码需要添加如下: http://developer.android.com/training/articles/security-ssl。 html#UnknownCa 您将关联您的连接。 像样例一样使用HttpTransportSE :: ServiceConnection :: setSSLSocketFactory。 https://code.google.com/p/androidzon/source/browse/Androidzon/src/it/marco/ksoap2/HttpTransportSE.java?r=77 (只需创建新功能你自己的,并连接到网络服务,如果不行,删除?wsdl)Find your certificate on server, and export with private key (you shall have admin privileges). This can be done by running from start->run + certmgr.msc.Look for 'Trusted Root Certificate Authorities'. Found your certificate and do export (the keytool can load existing pfx certificate. on *.cer kind of certificate, there may be little problems.You shall have a keytool. You can find explanation on http://keytool.sourceforge.net/You can install, but I prefer the following recommandation:This is done through Help - Software Updates - Find and install - Search for new feature....Click New Remote Site and add http://keytool.sourceforge.net/update in name and URL, and make sure its checked.Hit Finish.Add a new keystore, and load your certificate (use pcs12 protocol, choose password you can remember).The code need to be add is like :http://developer.android.com/training/articles/security-ssl.html#UnknownCaYou shall relate your connection.You use HttpTransportSE::ServiceConnection::setSSLSocketFactory like the sample.https://code.google.com/p/androidzon/source/browse/Androidzon/src/it/marco/ksoap2/HttpTransportSE.java?r=77(Just create new function of your own, and connect it to the web service. If not working, remove ?wsdl)祝你好运!!! 这篇关于获取SSLHandShakeException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 08-14 06:31