上面的 Android 8 中的后台服务应用程序是否会在没有适当证书的情况下限制互联网使用

如何解决上面的 Android 8 中的后台服务应用程序是否会在没有适当证书的情况下限制互联网使用

我的前台应用程序绑定了一个后台服务。此服务用于访问 Web 服务以从该特定 Web 服务获取一些数据。但是当从该后台应用程序访问该 Web 服务时，我收到证书异常。

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:219)
                at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
                at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
                at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
                at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
                at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
                at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
                at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
                at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getoutputStream(HttpURLConnectionImpl.java:258)
                at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getoutputStream(DelegatingHttpsURLConnection.java:218)
                at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getoutputStream(UnkNown Source:0)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.sendDataToWebService(IDT_KIOSK_IV.java:591)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:560)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.processstep(IDTECHRKIUpdateTask.java:53)
                at com.hhpos.inspection.remoteupdate.upgrade.task.StepExecuter.prepareStepListAndExecute(StepExecuter.java:79)
                at com.hhpos.inspection.remoteupdate.upgrade.UpgradeManager.upgradeInstallationCheck(UpgradeManager.java:128)
                at com.hhpos.inspection.remoteupdate.upgradeservice.UpgradeMessengerService.lambda$initUpgradeProcess$5$UpgradeMessengerService(UpgradeMessengerService.java:148)
                at com.hhpos.inspection.remoteupdate.upgradeservice.-$$Lambda$UpgradeMessengerService$scw6CEKaLixMR64VyGJIWmfjCbY.subscribe(UnkNown Source:4)
                at io.reactivex.rxjava3.internal.operators.single.SingleCreate.subscribeActual(SingleCreate.java:40)
                at io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)
                at io.reactivex.rxjava3.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
                at io.reactivex.rxjava3.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:38)
                at io.reactivex.rxjava3.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:26)
                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
                at java.lang.Thread.run(Thread.java:764)
                
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:646)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
                at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
                at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
                at android.security.net.config.RoottrustManager.checkServerTrusted(RoottrustManager.java:88)
                at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:197)
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:399)
                at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
                ... 37 more
                
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.



     

但是，当我在前台应用中使用相同的代码时，我可以在不使用任何证书的情况下访问网络服务。

为了从我的后台应用程序使用网络服务，我必须添加以下代码片段以添加 .bks 证书。只有这样我才能访问网络服务。

  try {
        KeyStore ksTrust = KeyStore.getInstance("BKS");
        InputStream instream = context.getResources().openRawResource(R.raw.mystore);
        ksTrust.load(instream,null);

        // TrustManager decides which certificate authorities to use.
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ksTrust);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null,tmf.getTrustManagers(),null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

    } catch (KeyStoreException | IOException | NoSuchAlgorithmException | KeyManagementException e) {
        logoperation.logInfo(LogInfoEvent.GENERAL_INFO,String.format("Error in doTrustToCertificates::",e.getStackTrace()));
    }

因此，Android 已对后台应用程序进行了一些操作，以限制它们在没有 apt 证书的情况下使用 web api。

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。