SSLHandshakeException: Trust anchor for certification path not found. Only on Android API < 19
Asked Answered
M

0

7

I'm having issues with the https connection to a server with a self signed certificate on devices < api 19. I followed this guide published by android for trusting self-signed certifcates Android SSL and it seems to work fine with all the api>19 devices i tested. How ever i keep getting the "Trust anchor for certification path not found" error on pre 19.

I've created the keystore using keytool and doesn't seem to be the problem because is working on some devices.

This is my code:

        URL url_uri = new URL(url);
        AssetManager am = context.getAssets();
        InputStream caInput = am.open("certs/myCert.bks");
        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance("BKS");
            char[] pass = "MyPassword".toCharArray();
            keyStore.load(caInput, pass);
        } finally {
            caInput.close();
        }

        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        HttpsURLConnection urlConnection =
                (HttpsURLConnection)url_uri.openConnection();
        urlConnection.setSSLSocketFactory(context.getSocketFactory());

        InputStream in = urlConnection.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
        StringBuffer sb = new StringBuffer("");
        String line = "";

        String NL = System.getProperty("line.separator");
        while ((line = reader.readLine()) != null){
            sb.append(line + NL);
        }
        in.close();
        JSON = sb.toString();

And here is the logcat error:

W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
W/System.err:     at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
W/System.err:     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
W/System.err:     at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289)
W/System.err:     at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239)
W/System.err:     at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:273)
W/System.err:     at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:168)
W/System.err:     at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271)
W/System.err:     at com.splunk.mint.network.http.MonitorableHttpsURLConnection.getInputStream(MonitorableHttpsURLConnection.java:73)
W/System.err:     at com.w3is2.webservice.JsonConnect.connectSSL(JsonConnect.java:161)
W/System.err:     at com.w3is2.webservice.JsonConnect.getFamilias(JsonConnect.java:482)
W/System.err:     at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:137)
W/System.err:     at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:124)
W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:287)
W/System.err:     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
W/System.err:     at java.lang.Thread.run(Thread.java:856)W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err:     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:192)
W/System.err:     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163)
W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:573)
W/System.err:     at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err:     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
W/System.err:   ... 20 more
W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err:   ... 25 more
W/System.err: org.json.JSONException: End of input at character 0 of 
W/System.err:     at org.json.JSONTokener.syntaxError(JSONTokener.java:450)
W/System.err:     at org.json.JSONTokener.nextValue(JSONTokener.java:97)
W/System.err:     at org.json.JSONObject.<init>(JSONObject.java:154)
W/System.err:     at org.json.JSONObject.<init>(JSONObject.java:171)
W/System.err:     at com.w3is2.webservice.JsonConnect.getFamilias(JsonConnect.java:488)
W/System.err:     at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:137)
W/System.err:     at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:124)
W/System.err:     at android.os.AsyncTask$2.call(AsyncTask.java:287)
W/System.err:     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err:     at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
W/System.err:     at java.lang.Thread.run(Thread.java:856)
Murmuration answered 7/4, 2016 at 9:47 Comment(1)
Did you ever find a solution to this other than opening up and allowing all TrustManager certs?Kuban

© 2022 - 2024 — McMap. All rights reserved.