java如何使用HttpsURLConnection连接到https URL
我试图将一些数据发布到https URL,所以我使用了在http://developer.安卓.com/reference/javax/net/ssl/HttpsURLConnection.html中找到的代码:
KeyStore keyStore = ...;
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf =TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
// Open a HTTP connection to the URL
conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(context.getSocketFactory());
问题是,我遇到了这个例外:
Exception : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
额外信息1: 我可以成功地发布到https:地址,而无需从笔记本电脑的终端执行任何额外操作,这是连接详细信息的打印输出:
== Info: Connected to cloud.someserver.com (127.0.0.1) port 443 (#0)
== Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
== Info: Server certificate: cloud.someserver.com
== Info: Server certificate: StartCom Class 1 Primary Intermediate Server CA
== Info: Server certificate: StartCom Certification Authority
额外信息2:这是我在执行“openssl s_客户端-connect cloud.myserver.com:80”时从控制台获得的打印输出:
已连接(00000003) 77152:错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议:/BuildRoot/Library/Caches/com。苹果xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt。c:618: Joshs MacBook Pro:~JoshDBS$openssl s_客户端-连接云。我的服务器。通讯:8080 连接:连接被拒绝 连接:errno=61 Joshs MacBook Pro:~JoshDBS$openssl s_客户端-连接云。我的服务器。com:81 连接:连接被拒绝 连接:errno=61 Joshs MacBook Pro:~JoshDBS$openssl s_客户端-连接云。我的服务器。com:80
CONNECTED(00000003)
77155:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618:
Joshs-MacBook-Pro:~ JoshDBS$ openssl s_client -connect cloud.myserver.com:443
CONNECTED(00000003)
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgIHBcg1dAivUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
(Lots of alphanumeric characters here)
-----END CERTIFICATE-----
subject=/C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 2304 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: B67EED30382BE22A81F86884646480E967662A1559CA791B1B4DA8F06EDC
Session-ID-ctx:
Master-Key: DE439EC4BEA0AA6E9B15836AD33DB46105D1A27544E0570E8EFF50D3BEF8F0725FC1A34343495D5ADAE192DD09838
Key-Arg : None
Start Time: 1450886131
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
closed
我需要为密钥库分配什么值,而不是这三个点(…)我从哪里得到的
如何使用HttpsURLConnection发布数据?(我已经可以发布到简单的http:url)
# 1 楼答案
尝试禁用SSL证书验证as explained here。 建议仅用于开发目的,而不是在生产环境中。在生产环境中,必须安装方便的证书
# 2 楼答案
尝试以下方法:
另外,你想访问哪个URL?它可能不在Android的可信证书数据存储中,这意味着您需要自己做更多的工作才能将证书添加到数据存储中
如果您仍然卡住,请告诉我,我们将进一步调试您的问题