sslretrofitokhttpsslsocketfactorytrustmanager

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.NETWORK


java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.NETWORK

Hi i got this error while i am calling one API service from retrofit , i am searching a lot and found answer like

private static void setupRestClient() {


        RestAdapter restAdapter = new RestAdapter.Builder()
                .setLogLevel(RestAdapter.LogLevel.FULL)
                .setEndpoint(ROOT)
                //.setClient(new OkClient(new com.squareup.okhttp.OkHttpClient()))
                //.setClient(getOkClient())
                .setClient(setSSLFactoryForClient(new com.squareup.okhttp.OkHttpClient()))
                .setRequestInterceptor(new SessionRequestInterceptor())
                .setLogLevel(RestAdapter.LogLevel.FULL)
                .setLog(new AndroidLog(NetworkUtil.APP_TAG))
                .build();


        REST_CLIENT = restAdapter.create(Restapi.class);
    } 

// SET SSL
public static OkClient setSSLFactoryForClient(OkHttpClient client) {
    try {
        // Create a trust manager that does not validate certificate chains
        final TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                }
        };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();


        client.setSslSocketFactory(sslSocketFactory);
        client.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    return new OkClient(client);
}

After using setSSLFactoryForClient method it work fine but i couldn't understand whats going wrong and what this method does i know the problem is related to SSL Certificate Authentication but Can any one explain me this in brief Please


Solution

  • This is disabling the security of SSL. This is ok for local testing but not appropriate for use with real users.

    If you run your local dev server with a self signed cert then this is how you can tell it to connect to it with minimal pain.

    More generally any user agent (Firefox on Windows, Safari on Mac, Android) will have a list of root CAs it trusts to verify a sites certificates. Some newer services like let's encrypt will not be trusted on older platforms so you can add your own certificates that you know ahead of time.

    The hostname verification means that the cert it serves could be for a different site even.

    For real traffic this code means your users are susceptible to man in the middle attacks.