androidsslglassfishksoap

Android KSOAP2 SSL java.security.cert.CertPathValidatorException


I tried connect to my JAX-WS service over SSL. Without SSL all works.

Method in AsyncTask:

     HttpsTransportSE  androidHttpTransport = new HttpsTransportSE("10.0.2.2", 8181, "/Server/?wsdl", 10000);
             ((HttpsServiceConnectionSE) androidHttpTransport.getServiceConnection()).setSSLSocketFactory(trustAllHosts()
.getSocketFactory());

             //androidHttpTransport.debug=true;

             androidHttpTransport.call(getSoapAction(method), envelope);

Get SSLContext

public SSLContext allowAllSSL() {
            SSLContext context = null; 
            TrustManager[] trustManagers = null;
            try{
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

             KeyStore keyStore = KeyStore.getInstance("pkcs12");
             InputStream in = cntx.getResources().openRawResource(R.raw.client_keystore);
             try {
             keyStore.load(in, "password".toCharArray());
             } catch (CertificateException e) {
             // TODO Auto-generated catch block
             e.printStackTrace();
             } finally {
             in.close();
             }
             tmf.init(keyStore);


                if (trustManagers == null) { 
                        trustManagers = new TrustManager[] { new FakeX509TrustManager() }; 
                } 

                try { 
                        context = SSLContext.getInstance("SSL"); 
                        context.init(null, tmf.getTrustManagers(), new SecureRandom()); 
                } catch (NoSuchAlgorithmException e) { 
                        e.printStackTrace(); 
                } catch (KeyManagementException e) { 
                        e.printStackTrace(); 
                } 

           HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
           HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
               public boolean verify(String hostname, SSLSession session) {
                    return true;
                  }
                });
            }catch(Exception ex)
            {
                Log.e(TAG,"allowAllSSL failed: "+ex.toString());
            }
           return context;
        } 

I get this error log:

12-18 07:51:42.161: E/Example:LogOnAsync(3161): doInBackground failed: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
12-18 07:51:42.161: W/System.err(3161): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
12-18 07:51:42.169: W/System.err(3161):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:401)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478)
12-18 07:51:42.169: W/System.err(3161):     at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433)

Solution

  • I'm found ask on my question: In MainAsync:

     HttpsTransportSE  androidHttpTransport = new HttpsTransportSE(10.0.2.2, 8181, "/server/?wsdl", 10000);
                 ((HttpsServiceConnectionSE) androidHttpTransport.getServiceConnection()).setSSLSocketFactory(trustAllHosts().getSocketFactory());
    
    
    protected  SSLContext trustAllHosts()
    {   
        return allowAllSSL();
    }
    
     public SSLContext allowAllSSL() {
            SSLContext context = null; 
            TrustManager[] trustManagers = null;
            KeyManagerFactory mgrFact;
            try{
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            mgrFact = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    
             KeyStore keyStore = KeyStore.getInstance("pkcs12");
             InputStream in = cntx.getResources().openRawResource(R.raw.keystore);
             try {
             keyStore.load(in, "password".toCharArray());
             mgrFact.init(keyStore, "password".toCharArray());
             } catch (CertificateException e) {
             // TODO Auto-generated catch block
             e.printStackTrace();
             } finally {
             in.close();
             }
             tmf.init(keyStore);
    
    
                HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() 
                {    
                        @Override 
                        public boolean verify(String hostname, SSLSession session) { 
    
                                return true; 
                        } 
    
                }); 
    
    
                if (trustManagers == null) { 
                        trustManagers = new TrustManager[] { new FakeX509TrustManager() }; 
                }
    
                final TrustManager[] trustAllCerts = new TrustManager[] {new X509TrustManager() {
                    public X509Certificate[] getAcceptedIssuers() {
                        System.out.println("getAcceptedIssuers");
                         return null;
                    }
                    public void checkServerTrusted(X509Certificate[] chain, String authType)
                            throws CertificateException {
                        System.out.println("Сведения о сертификате : " +       chain[0].getIssuerX500Principal().getName() + "\n Тип авторизации : " + authType);
                    }
                    public void checkClientTrusted(X509Certificate[] chain, String authType)
                            throws CertificateException {
                        System.out.println("checkClientTrusted : " + authType);
                    }
                } };
                //tmf.getTrustManagers()
                try { 
                        context = SSLContext.getInstance("TLS"); 
                        context.init(mgrFact.getKeyManagers(), trustAllCerts, new SecureRandom()); 
                } catch (NoSuchAlgorithmException e) { 
                        e.printStackTrace(); 
                } catch (KeyManagementException e) { 
                        e.printStackTrace(); 
                } 
    
           HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
           HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
               public boolean verify(String hostname, SSLSession session) {
                    return true;
                  }
                });
            }catch(Exception ex)
            {
                Log.e(TAG,"allowAllSSL failed: "+ex.toString());
            }
           return context;
        }