SSLHandshakeException: ancla de confianza para la ruta de certificación no encontrada. Solo en Android API <19
Tengo problemas con la conexión https a un servidor con un certificado autofirmado en dispositivos <api 19. Seguí esta guía publicada por Android para confiar en los certificados autofirmadosSSL de Android y parece funcionar bien con todos los dispositivos api> 19 que probé. Cómo siempre recibo el error "No se encontró el ancla de confianza para la ruta de certificación" en la versión anterior a 19
He creado el almacén de claves usando keytool y no parece ser el problema porque funciona en algunos dispositivos.
Este es mi código:
URL url_uri = new URL(url);
AssetManager am = context.getAssets();
InputStream caInput = am.open("certs/myCert.bks");
KeyStore keyStore;
try {
keyStore = KeyStore.getInstance("BKS");
char[] pass = "MyPassword".toCharArray();
keyStore.load(caInput, pass);
} finally {
caInput.close();
}
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection urlConnection =
(HttpsURLConnection)url_uri.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuffer sb = new StringBuffer("");
String line = "";
String NL = System.getProperty("line.separator");
while ((line = reader.readLine()) != null){
sb.append(line + NL);
}
in.close();
JSON = sb.toString();
Y aquí está el error logcat:
W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
W/System.err: at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
W/System.err: at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
W/System.err: at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)
W/System.err: at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289)
W/System.err: at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239)
W/System.err: at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:273)
W/System.err: at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:168)
W/System.err: at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271)
W/System.err: at com.splunk.mint.network.http.MonitorableHttpsURLConnection.getInputStream(MonitorableHttpsURLConnection.java:73)
W/System.err: at com.w3is2.webservice.JsonConnect.connectSSL(JsonConnect.java:161)
W/System.err: at com.w3is2.webservice.JsonConnect.getFamilias(JsonConnect.java:482)
W/System.err: at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:137)
W/System.err: at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:124)
W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:287)
W/System.err: at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
W/System.err: at java.lang.Thread.run(Thread.java:856)W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:192)
W/System.err: at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163)
W/System.err: at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:573)
W/System.err: at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
W/System.err: at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
W/System.err: ... 20 more
W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: ... 25 more
W/System.err: org.json.JSONException: End of input at character 0 of
W/System.err: at org.json.JSONTokener.syntaxError(JSONTokener.java:450)
W/System.err: at org.json.JSONTokener.nextValue(JSONTokener.java:97)
W/System.err: at org.json.JSONObject.<init>(JSONObject.java:154)
W/System.err: at org.json.JSONObject.<init>(JSONObject.java:171)
W/System.err: at com.w3is2.webservice.JsonConnect.getFamilias(JsonConnect.java:488)
W/System.err: at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:137)
W/System.err: at com.w3is2.dat.biologia.ListaFamilias$DataLoader.doInBackground(ListaFamilias.java:124)
W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:287)
W/System.err: at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)
W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:137)
W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
W/System.err: at java.lang.Thread.run(Thread.java:856)