Android java.security.cert.CertPathValidatorException: 未找到证书路径的信任锚点
Android应用程序有三个主机执行身份验证和授权。最后一个主机是 REST API。这是第一次使用Oauth身份验证和授权过程,它可以毫无问题地工作。
但是,如果用户在登录并访问REST API提供的服务后终止了应用程序,然后再次打开该应用程序,则会出现此问题。在这段时间里,身份验证和授权过程没有发生,只有REST API。它导致了,但它在第一次使用(登录,然后使用应用程序)期间工作。java.security.cert.CertPathValidatorException
有人可以解释此异常背后的场景以及该应用程序的问题吗?如果根据此 SO 答案,认证异常被忽略为波纹管,则此方法有效。
SSLSocketFactory sslSocketFactory = null;
try {
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
// Initialise the TMF as you normally would, for example:
try {
tmf.init((KeyStore)null);
} catch(KeyStoreException e) {
e.printStackTrace();
}
TrustManager[] trustManagers = tmf.getTrustManagers();
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0];
// Create a trust manager that does not validate certificate chains
TrustManager[] wrappedTrustManagers = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return origTrustmanager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
origTrustmanager.checkClientTrusted(certs, authType);
} catch(CertificateException e) {
e.printStackTrace();
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
origTrustmanager.checkServerTrusted(certs, authType);
} catch(CertificateException e) {
e.printStackTrace();
}
}
}
};
//TrustManager[] trustAllCerts = TrustManagerFactory.getInstance("SSL").getTrustManagers();
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
sslSocketFactory = sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}
return sslSocketFactory;
我正在使用Okhttp 3进行http请求。任何建议都将有助于解决问题。如果我使用上面的代码片段,请让我知道,这是安全违规吗?它会影响应用程序的安全性吗?
