I'm trying to make an app to listen to web-radio directly on the phone.
To do this I'm using this link:
https://webradio.divsi.unimi.it/
However, the result I get is not what I expected, because the error logs are as follows:
E/MediaHTTPConnection: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:858)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:241)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:1450)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:1399)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:1343)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:221)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:144)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:106)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:400)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:333)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:542)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:106)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:30)
at android.media.MediaHTTPConnection.seekTo(MediaHTTPConnection.java:306)
at android.media.MediaHTTPConnection.getMIMEType(MediaHTTPConnection.java:501)
at android.media.IMediaHTTPConnection$Stub.onTransact(IMediaHTTPConnection.java:159)
at android.os.Binder.execTransactInternal(Binder.java:1195)
at android.os.Binder.execTransact(Binder.java:1159)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:654)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:503)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:423)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:351)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
2023-02-09 11:30:19.191 12154-14835/com.example.radio E/MediaHTTPConnection: ... 25 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 38 more
I've already read around and tried adding both the network_security_config
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
and:
android:usesCleartextTraffic="true"
But I just can't figure out why I need the certificate to be able to stream this radio. Trying with other web radios everything works correctly, so the problem is reduced to this link.
Is there any way to fix this error?
Related
Currently I have the following network security config xml file:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!-- default config that does not allow clear test -->
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<!-- trying to get debug override to change this -->
<debug-overrides cleartextTrafficPermitted="true (DOESN'T WORK)">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
All I am trying to do is conditionally enabled global domain clear traffic during development/debug mode.
I thought I had my answer when I discovered the tag <debug-overrides>...</debug-overrides>. But it didn't work.
Unfortunately according to the official documentation, that tag doesn't actually support the desired attribute.
Nevermind. I figured out how to do it using gradle runtime variables instead.
// In your app level gradle file `build.gradle`
android
{
...
buildTypes
{
debug
{
resValue "string", "clear_text_config", "true"
}
release
{
resValue "string", "clear_text_config", "false"
}
}
...
}
// In your network security configuration xml
<base-config cleartextTrafficPermitted="#string/clear_text_config">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
This works because gradle will automatically generate a resource file for you.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">xxx.xxx.xxx</domain>
</domain-config>
</network-security-config>
Use domain config is the better way.We don't usually use http in a formal environment.
One of our android app is using MSAL library (com.microsoft.identity.client:msal:0.2.+) to validate the user with Microsoft AD. When we run the app in Android 12 - Google pixel device, I am getting an exception.
E/AdalMigrationAdapter:loadCloudDiscoveryMetadata: [2021-11-28 12:03:12 - thread_name : pool-45-thread-1, correlation_id : UNSET] Failed to load instance discovery metadata Android 31
javax.net.ssl.SSLHandshakeException: Chain validation failed
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:858)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.access$100(ConscryptEngineSocket.java:731)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:241)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:542)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:106)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:30)
at com.google.firebase.perf.network.InstrURLConnectionBase.getInputStream(InstrURLConnectionBase.java:137)
at com.google.firebase.perf.network.InstrHttpsURLConnection.getInputStream(InstrHttpsURLConnection.java:79)
at com.microsoft.identity.common.internal.net.UrlConnectionHttpClient.executeHttpSend(UrlConnectionHttpClient.java:263)
at com.microsoft.identity.common.internal.net.UrlConnectionHttpClient.access$100(UrlConnectionHttpClient.java:73)
at com.microsoft.identity.common.internal.net.UrlConnectionHttpClient$2.call(UrlConnectionHttpClient.java:176)
at com.microsoft.identity.common.internal.net.UrlConnectionHttpClient$2.call(UrlConnectionHttpClient.java:174)
at com.microsoft.identity.common.internal.net.NoRetryPolicy.attempt(NoRetryPolicy.java:42)
at com.microsoft.identity.common.internal.net.NoRetryPolicy.attempt(NoRetryPolicy.java:36)
at com.microsoft.identity.common.internal.net.UrlConnectionHttpClient.method(UrlConnectionHttpClient.java:174)
at com.microsoft.identity.common.internal.net.AbstractHttpClient.get(AbstractHttpClient.java:47)
at com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectory.performCloudDiscovery(AzureActiveDirectory.java:188)
at com.microsoft.identity.common.internal.migration.AdalMigrationAdapter.loadCloudDiscoveryMetadata(AdalMigrationAdapter.java:238)
at com.microsoft.identity.common.internal.migration.AdalMigrationAdapter.adapt(AdalMigrationAdapter.java:119)
at com.microsoft.identity.common.internal.migration.TokenMigrationUtility$1.run(TokenMigrationUtility.java:67)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:920)
Caused by: java.security.cert.CertificateException: Chain validation failed
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:719)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:549)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:570)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:615)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
... 37 more
Caused by: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:222)
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:301)
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:715)
... 52 more
Caused by: java.security.cert.CertPathValidatorException: Response is unreliable: its validity interval is out-of-date
at sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:619)
at sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:709)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:363)
at sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:337)
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 57 more
Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
at sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1092)
Another error is showing is "Unable to perform cloud discovery"
I am facing this issue only in Android 12.
My Server is using Self-Signed certificate. I am using Okhttp + Retrofit for api calls. I have got crt file and public key [SHA-256] from the server. Following this and this links from Google docs, I have created a network_security_config file in xml folder and added my crt file in raw folder and added it in manifest file as
android:networkSecurityConfig="#xml/network_security_config"
Here is my network config file as per Google docs:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">2.48.3.66:</domain>
<pin-set>
<pin digest="SHA-256">ofJqMSD8j9q3w5myKalxjJO5OklHyBqgkwgHjqcOhds=</pin>
</pin-set>
<trust-anchors>
<certificates src="#raw/ssl_certificate"/>
</trust-anchors>
</domain-config>
</network-security-config>
I get following exception when calling an api
Response Failure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:231)
W/System.err: at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:367)
W/System.err: at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:325)
W/System.err: at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:197)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:249)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:108)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:76)
W/System.err: at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:245)
W/System.err: at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
W/System.err: at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:96)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
W/System.err: at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
W/System.err: at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
W/System.err: at okhttp3.logging.HttpLoggingInterceptor.intercept(HttpLoggingInterceptor.kt:219)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:100)
W/System.err: at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:197)
W/System.err: at okhttp3.internal.connection.RealCall$AsyncCall.run(RealCall.kt:502)
W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
W/System.err: at java.lang.Thread.run(Thread.java:919)
So following are my queries:
Is this the right way to implement Self-Signed certificate pinning?
Because google clearly mentions in their docs that "Fortunately, you can teach your application to trust custom CAs by configuring your application's Network Security Config, without needing to modify the code inside your application."
If network_security_config is correct then how to check if there is any issue with server configurations (crt file + public key)
Do i manually need to load crt file and then use keystore + sslfactory to configure ssl pinning as mentioned in this link
Note: For now just to run the apis, I am using a trust manager that does not validate certificate chains as follow:
try {
val trustAllCerts: Array<TrustManager> = arrayOf(object : X509TrustManager {
override fun checkClientTrusted(chain: Array<out java.security.cert.X509Certificate>?, authType: String?) {
}
override fun checkServerTrusted(chain: Array<out java.security.cert.X509Certificate>?, authType: String?) {
}
override fun getAcceptedIssuers(): Array<out java.security.cert.X509Certificate>? = arrayOf()
})
// Install the all-trusting trust manager
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, SecureRandom())
// Create an ssl socket factory with our all-trusting manager
val sslSocketFactory = sslContext.socketFactory
if (trustAllCerts.isNotEmpty() && trustAllCerts.first() is X509TrustManager) {
builder.sslSocketFactory(sslSocketFactory, trustAllCerts.first() as X509TrustManager)
builder.hostnameVerifier { hostname, session -> true }
}
} catch (e: Exception) {
}
I am following the quick start guide and I am getting an error for
private void parseServerTest(){
ParseObject testObject = new ParseObject("TestObject");
testObject.put("foo","bar");
testObject.saveInBackground(new SaveCallback() {
#Override
public void done(ParseException e) {
if(null != e){
e.printStackTrace();
}else{
Log.d(TAG,"no parse error.")
}
}
});
}
Unless the instructions is missing something, I think I have done everything to the letter
In case it matters, my app is in development, and does not exist on the playstore yet: not even as a draft
Here is the error trace:
com.parse.ParseRequest$ParseRequestException: i/o failure
at com.parse.ParseRequest.newTemporaryException(ParseRequest.java:368)
at com.parse.ParseRequest$2.then(ParseRequest.java:206)
at com.parse.ParseRequest$2.then(ParseRequest.java:198)
at bolts.Task$14.run(Task.java:796)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:818)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324)
at android.net.SSLCertificateSocketFactory.verifyHostname(SSLCertificateSocketFactory.java:235)
at android.net.SSLCertificateSocketFactory.createSocket(SSLCertificateSocketFactory.java:486)
at com.android.okhttp.Connection.upgradeToTls(Connection.java:1259)
at com.android.okhttp.Connection.connect(Connection.java:1197)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:392)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:295)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:373)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:106)
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:208)
at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
at com.android.okhttp.internal.http.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:25)
at com.parse.ParseURLConnectionHttpClient.executeInternal(ParseURLConnectionHttpClient.java:42)
at com.parse.ParseHttpClient$ParseNetworkInterceptorChain.proceed(ParseHttpClient.java:155)
at com.parse.ParsePlugins$1.intercept(ParsePlugins.java:111)
at com.parse.ParseHttpClient$ParseNetworkInterceptorChain.proceed(ParseHttpClient.java:144)
at com.parse.ParseHttpClient.execute(ParseHttpClient.java:119)
at com.parse.ParseRequest$3.then(ParseRequest.java:195)
at com.parse.ParseRequest$3.then(ParseRequest.java:192)
at bolts.Task$14.run(Task.java:796)
at bolts.BoltsExecutors$ImmediateExecutor.execute(BoltsExecutors.java:105)
at bolts.Task.completeAfterTask(Task.java:787)
at bolts.Task.continueWithTask(Task.java:599)
at bolts.Task.continueWithTask(Task.java:610)
at bolts.Task$12.then(Task.java:702)
at bolts.Task$12.then(Task.java:690)
... 4 more
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:113)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:574)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:320)
... 29 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 35 more
There seems to be a time delay. I moved on to something else. And now four hours later, I run the very sam code and it works. I changed nothing. So there must be some sort of time delay for newly opened parse accounts.
By following all the steps mentioned in this POST; I am able to send emails programmatically from my android device using gmail credentials. But as soon as I switch to a third party SMTP provider (provided by my ISP), the program starts to throw the following exception:
javax.mail.MessagingException: Could not connect to SMTP host: cp-10.webhostbox.net, port: 465;
nested exception is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1391)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:412)
at javax.mail.Service.connect(Service.java:310)
at javax.mail.Service.connect(Service.java:169)
at javax.mail.Service.connect(Service.java:118)
at javax.mail.Transport.send0(Transport.java:188)
at javax.mail.Transport.send(Transport.java:118)
at com.**.oms.utils.GMailSender.sendMail(GMailSender.java:66)
at com.**.oms.NewUserSignUp$1.run(NewUserSignUp.java:58)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:409)
at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:661)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:632)
at com.sun.mail.smtp.SMTPTransport.initStreams(SMTPTransport.java:1449)
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1366)
... 12 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:282)
at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:202)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:611)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:405)
... 16 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 21 more
Below mentioned is the set of properties that I am setting (including the one to accept all the certificates):
Properties props = new Properties();
props.setProperty("mail.transport.protocol", "smtp");
props.setProperty("mail.host", mailhost);
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.debug", "true");
props.put("mail.smtp.port", "465");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.ssl.checkserveridentity", false);
props.setProperty("mail.smtp.ssl.trust", "*");
props.put("mail.smtp.starttls.enable", true);
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
props.setProperty("mail.smtp.quitwait", "false");
As you can see I am already accepting all the certificates, still am getting this certificate error. Can someone please explain this behavior and the solution to the same.
First, get rid of all the socket factory stuff.
What version of JavaMail are you using? What does the JavaMail debug output show? If you're using an old version of JavaMail, it doesn't support the properties you're setting and you might need to use this approach.