信頼されていないサーバー証明書エラーをなんとか修正しましたが、1日おきに戻ってきます。サードパーティのサーバーから XML をリクエストしています。SSLcertDownloader で証明書をダウンロードし、キーストアにインポートしました。
keytool -importcert -v -trustcacerts -file "downloadedcertificate.cer" -alias IntermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storepass PassWord`
それは機能しますが、1日かそこら後に同じエラーが発生します。何度かやり直しましたが、アプリが稼働中は使えません。返されるエラーの理由は何ですか?
エラーログ:
07-25 19:04:42.257: W/System.err(25342): javax.net.ssl.SSLException: Not trusted server certificate
07-25 19:04:42.261: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:174)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
07-25 19:04:42.261: W/System.err(25342): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getXmlFromUrl(VoIP_AccountManager.java:85)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.VoIP_AccountManager.getBalance(VoIP_AccountManager.java:330)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1269)
07-25 19:04:42.265: W/System.err(25342): at com.appiclife.ezcallcallingcardvoiptool.EZ_Call_Activity$getBalance.doInBackground(EZ_Call_Activity.java:1)
07-25 19:04:42.265: W/System.err(25342): at android.os.AsyncTask$2.call(AsyncTask.java:185)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.FutureTask.run(FutureTask.java:137)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1068)
07-25 19:04:42.265: W/System.err(25342): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:561)
07-25 19:04:42.265: W/System.err(25342): at java.lang.Thread.run(Thread.java:1096)
07-25 19:04:42.265: W/System.err(25342): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
07-25 19:04:42.265: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
07-25 19:04:42.269: W/System.err(25342): ... 19 more
07-25 19:04:42.269: W/System.err(25342): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-25 19:04:42.269: W/System.err(25342): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
07-25 19:04:42.269: W/System.err(25342): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
07-25 19:04:42.269: W/System.err(25342): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
編集 - POST メソッドを追加:
public String getXmlFromUrl(String url) {
String xml = null;
try {
// defaultHttpClient
DefaultHttpClient httpClient = new MyHttpClient(myContext.getApplicationContext());
HttpPost httpPost = new HttpPost(url);
HttpResponse httpResponse = httpClient.execute(httpPost);
HttpEntity httpEntity = httpResponse.getEntity();
xml = EntityUtils.toString(httpEntity);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return xml;
}
MYHTTP クライアント:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(R.raw.alkeystore);
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
trusted.load(in, "PassWord".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}