Ancrage de confiance HTTPS auto-signé Android pour le chemin de certificateion introuvable

Je suis un débutant Android. Cette question a été posée à plusieurs resockets, mais j’ai parcouru presque toutes les questions ici.

J’essaie d’utiliser un certificate auto-signé sur le serveur Node.Js (en utilisant express) et Volley sur Android.
Utilisation de: http://blog.applegrew.com/2015/04/using-pinned-self-signed-ssl-certificatee-with-android-volley/

Je ne peux pas utiliser http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificatee/ car il y a trop de code à modifier sur mon application.

C’est l’erreur.

Gestion des jetons d’actualisation pour les groupes de périphériques FCM

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: ancre de confiance pour le chemin de certificateion introuvable.

Mon code de volleysingelton:

private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format KeyStore trusted = KeyStore.getInstance("BKS"); // Get the raw resource, which contains the keystore with // your trusted certificatees (root and any intermediate certs) InputStream in = mCtx.getResources().openRawResource(R.raw.evennewer); try { // Initialize the keystore with the provided trusted certificatees // Provide the password of the keystore trusted.load(in, KEYSTORE_PASSWORD); } finally { in.close(); } Ssortingng tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(trusted); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); SSLSocketFactory sf = context.getSocketFactory(); return sf; } catch (Exception e) { throw new AssertionError(e); } }

Mon code Node.Js:

 var config = { key: fs.readFileSync('./ssl/newkey.key'), cert: fs.readFileSync('./ssl/newcert.crt') }; var port = 443; var server = https.createServer(config, app).listen(port, function(){ console.log("Express server listening on port " + port); });

Et le débogage openssl renvoyé:

Vérifiez le code retour: 18 (certificate auto-signé)

Vous pouvez essayer l’exemple de code suivant. J’espère que cela t’aides!

 private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) { final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0]; return new TrustManager[]{ new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return originalTrustManager.getAcceptedIssuers(); } public void checkClientTrusted(X509Certificate[] certs, Ssortingng authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkClientTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkClientTrusted", e.toSsortingng()); } } public void checkServerTrusted(X509Certificate[] certs, Ssortingng authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkServerTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkServerTrusted", e.toSsortingng()); } } } }; } private SSLSocketFactory getSSLSocketFactory_Certificate(Ssortingng keyStoreType, int keystoreResId) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(keystoreResId); Certificate ca = cf.generateCertificate(caInput); caInput.close(); if (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); Ssortingng tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null); return sslContext.getSocketFactory(); } private SSLSocketFactory getSSLSocketFactory_KeyStore(Ssortingng keyStoreType, int keystoreResId, Ssortingng keyPassword) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException { InputStream caInput = getResources().openRawResource(keystoreResId); // creating a KeyStore containing trusted CAs if (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(caInput, keyPassword.toCharArray()); // creating a TrustManager that trusts the CAs in the KeyStore Ssortingng tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null); return sslContext.getSocketFactory(); }

Puis appelez l’un des deux:

 SSLSocketFactory sslSocketFactory = getSSLSocketFactory_KeyStore("BKS", R.raw.androidbksv1, "123456789"); SSLSocketFactory sslSocketFactory = getSSLSocketFactory_Certificate("BKS", R.raw.androidbksv1_cert);