CertPathValidatorException:未找到证书路径的信任锚

Question

我将HTTPPinning添加到OKHTTPClient,示例代码是:

OkHttpClient client = new OkHttpClient();
client.setSslSocketFactory(getPinnedCertSslSocketFactory(context));


private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream incontext.getResources().openRawResource(R.raw.prod_keystore);
        trusted.load(in, "venkat@123".toCharArray());
        SSLContext sslContext = SSLContext.getInstance("TLS");
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trusted);
        sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
        return sslContext.getSocketFactory();
    } catch (Exception e) {
        Log.e("MyApp", e.getMessage(), e);
    }
    return null;
}

我将应用程序上传到了Playstore,从过去的1年开始,它就运行良好.但从最近1周开始,它给出了以下问题,我使用的是版本com.squareup.okhttp的OkHttp:okhttp:2.7.4

java.security.cert.CertPathValidatorException: Trust anchor for 
          certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
                  at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
                  at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
                  at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
                  at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
                  at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
                  at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
                  at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
                  at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
                  at com.squareup.okhttp.Call.getResponse(Call.java:286)
                  at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
                  at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205)
                  at com.squareup.okhttp.Call.execute(Call.java:80)
                  at com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:492)
                  at com.venkat.good.http.MyHTTPThread.run(MyHTTPThread.java:76)
                  at java.lang.Thread.run(Thread.java:818)

通过使用OKHTTP3我解决了这个问题.

String hostname = "yourdomain.com";
  CertificatePinner certificatePinner = new CertificatePinner.Builder()
 .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
 .build();
   OkHttpClient client = OkHttpClient.Builder()
 .certificatePinner(certificatePinner)
 .build();

  Request request = new Request.Builder()
 .url("https://" + hostname)
 .build();
 client.newCall(request).execute();

但是我想知道为什么以前的OkHttp2版本可以工作几天,之后会引发这个问题呢？

Answer 1

迟到总比不到好

很高兴您解决了您的问题OkHttp3。

让我回答你提出的子问题：

这是构建系统配置问题，而不是OkHttp. 每个人都惊讶地看到这样的行为，因为它应该解决OkHttp3使用所需的更高版本。如果您正在使用maven或retrofit修复已合并到较新的版本中（OkHttp3为提到的库实现了它）。