Android KSOAP2 SSL java.security.cert.CertPathValidatorException

2.5k views Asked by At

I tried connect to my JAX-WS service over SSL. Without SSL all works.

Method in AsyncTask:

     HttpsTransportSE  androidHttpTransport = new HttpsTransportSE("10.0.2.2", 8181, "/Server/?wsdl", 10000);
             ((HttpsServiceConnectionSE) androidHttpTransport.getServiceConnection()).setSSLSocketFactory(trustAllHosts()
.getSocketFactory());

             //androidHttpTransport.debug=true;

             androidHttpTransport.call(getSoapAction(method), envelope);

Get SSLContext

public SSLContext allowAllSSL() {
            SSLContext context = null; 
            TrustManager[] trustManagers = null;
            try{
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

             KeyStore keyStore = KeyStore.getInstance("pkcs12");
             InputStream in = cntx.getResources().openRawResource(R.raw.client_keystore);
             try {
             keyStore.load(in, "password".toCharArray());
             } catch (CertificateException e) {
             // TODO Auto-generated catch block
             e.printStackTrace();
             } finally {
             in.close();
             }
             tmf.init(keyStore);


                if (trustManagers == null) { 
                        trustManagers = new TrustManager[] { new FakeX509TrustManager() }; 
                } 

                try { 
                        context = SSLContext.getInstance("SSL"); 
                        context.init(null, tmf.getTrustManagers(), new SecureRandom()); 
                } catch (NoSuchAlgorithmException e) { 
                        e.printStackTrace(); 
                } catch (KeyManagementException e) { 
                        e.printStackTrace(); 
                } 

           HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
           HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
               public boolean verify(String hostname, SSLSession session) {
                    return true;
                  }
                });
            }catch(Exception ex)
            {
                Log.e(TAG,"allowAllSSL failed: "+ex.toString());
            }
           return context;
        } 

I get this error log:

12-18 07:51:42.161: E/Example:LogOnAsync(3161): doInBackground failed: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
12-18 07:51:42.161: W/System.err(3161): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
12-18 07:51:42.169: W/System.err(3161):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:401)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
1

There are 1 answers

0
user1755546 On BEST ANSWER

I'm found ask on my question: In MainAsync:

 HttpsTransportSE  androidHttpTransport = new HttpsTransportSE(10.0.2.2, 8181, "/server/?wsdl", 10000);
             ((HttpsServiceConnectionSE) androidHttpTransport.getServiceConnection()).setSSLSocketFactory(trustAllHosts().getSocketFactory());


protected  SSLContext trustAllHosts()
{   
    return allowAllSSL();
}

 public SSLContext allowAllSSL() {
        SSLContext context = null; 
        TrustManager[] trustManagers = null;
        KeyManagerFactory mgrFact;
        try{
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        mgrFact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

         KeyStore keyStore = KeyStore.getInstance("pkcs12");
         InputStream in = cntx.getResources().openRawResource(R.raw.keystore);
         try {
         keyStore.load(in, "password".toCharArray());
         mgrFact.init(keyStore, "password".toCharArray());
         } catch (CertificateException e) {
         // TODO Auto-generated catch block
         e.printStackTrace();
         } finally {
         in.close();
         }
         tmf.init(keyStore);


            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() 
            {    
                    @Override 
                    public boolean verify(String hostname, SSLSession session) { 

                            return true; 
                    } 

            }); 


            if (trustManagers == null) { 
                    trustManagers = new TrustManager[] { new FakeX509TrustManager() }; 
            }

            final TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    System.out.println("getAcceptedIssuers");
                     return null;
                }
                public void checkServerTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    System.out.println("Сведения о сертификате : " +       chain[0].getIssuerX500Principal().getName() + "\n Тип авторизации : " + authType);
                }
                public void checkClientTrusted(X509Certificate[] chain, String authType)
                        throws CertificateException {
                    System.out.println("checkClientTrusted : " + authType);
                }
            } };
            //tmf.getTrustManagers()
            try { 
                    context = SSLContext.getInstance("TLS"); 
                    context.init(mgrFact.getKeyManagers(), trustAllCerts, new SecureRandom()); 
            } catch (NoSuchAlgorithmException e) { 
                    e.printStackTrace(); 
            } catch (KeyManagementException e) { 
                    e.printStackTrace(); 
            } 

       HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
       HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
           public boolean verify(String hostname, SSLSession session) {
                return true;
              }
            });
        }catch(Exception ex)
        {
            Log.e(TAG,"allowAllSSL failed: "+ex.toString());
        }
       return context;
    }