Android 以上安卓8中的后台服务应用程序是否在没有适当证书的情况下限制互联网使用

我的前台应用程序绑定了后台服务。此服务用于命中web服务以从该特定web服务获取一些数据。但当从那个后台应用程序访问那个web服务时，我得到了一个证书异常

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:219)
                at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
                at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
                at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
                at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
                at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
                at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
                at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
                at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:258)
                at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
                at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(Unknown Source:0)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.sendDataToWebService(IDT_KIOSK_IV.java:591)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:560)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.onReceiveMsgRKIFailed(IDTECHRKIUpdateTask.java:201)
                at com.hhpos.inspection.remoteupdate.upgrade.reader.IDT_KIOSK_IV.startRemoteKeyInjection(IDT_KIOSK_IV.java:562)
                at com.hhpos.inspection.remoteupdate.upgrade.task.IDTECHRKIUpdateTask.processStep(IDTECHRKIUpdateTask.java:53)
                at com.hhpos.inspection.remoteupdate.upgrade.task.StepExecuter.prepareStepListAndExecute(StepExecuter.java:79)
                at com.hhpos.inspection.remoteupdate.upgrade.UpgradeManager.upgradeInstallationCheck(UpgradeManager.java:128)
                at com.hhpos.inspection.remoteupdate.upgradeservice.UpgradeMessengerService.lambda$initUpgradeProcess$5$UpgradeMessengerService(UpgradeMessengerService.java:148)
                at com.hhpos.inspection.remoteupdate.upgradeservice.-$$Lambda$UpgradeMessengerService$scw6CEKaLixMR64VyGJIWmfjCbY.subscribe(Unknown Source:4)
                at io.reactivex.rxjava3.internal.operators.single.SingleCreate.subscribeActual(SingleCreate.java:40)
                at io.reactivex.rxjava3.core.Single.subscribe(Single.java:4813)
                at io.reactivex.rxjava3.internal.operators.single.SingleSubscribeOn$SubscribeOnObserver.run(SingleSubscribeOn.java:89)
                at io.reactivex.rxjava3.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:38)
                at io.reactivex.rxjava3.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:26)
                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
                at java.lang.Thread.run(Thread.java:764)
                
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:646)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
                at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
                at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
                at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
                at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
                at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:197)
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:399)
                at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
                at com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
                at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
                ... 37 more
                
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.



     

但是，当我使用前台应用程序中的相同代码时，我可以不使用任何证书访问web服务

为了从我的后台应用程序中使用web服务，我必须添加下面的代码段以添加.bks证书。只有这样，我才能访问web服务

  try {
        KeyStore ksTrust = KeyStore.getInstance("BKS");
        InputStream instream = context.getResources().openRawResource(R.raw.mystore);
        ksTrust.load(instream, null);

        // TrustManager decides which certificate authorities to use.
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ksTrust);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());

    } catch (KeyStoreException | IOException | NoSuchAlgorithmException | KeyManagementException e) {
        logOperation.logInfo(LogInfoEvent.GENERAL_INFO, String.format("Error in doTrustToCertificates::", e.getStackTrace()));
    }

---

因此，Android已经在后台应用程序中做了一些事情，限制他们在没有apt证书的情况下使用web api。

您使用的是OkHttp+。我假设他们使用自己的SSLContext，而忽略您创建的默认SSLContext，这就是

HttpsURLConnection.setDefaultSSLSocketFactory

的设计工作方式。您最好正确初始化OkHttp：但如果forground应用程序中运行相同的代码，则我不需要通过

HttpsURLConnection.setDefaultSSLSocketFactory

前台应用程序在不需要任何证书的情况下访问web服务。只有在后台应用程序中调用web服务时，我才收到CertificatePathValidation异常，需要通过

HttpsURLConnection.setDefaultSSLSocketFactory

访问web服务。您在哪里调用

setDefaultSSLSocketFactory

？后台服务可能只是在另一个进程中运行，因此默认套接字工厂从未在那里初始化过？确保在所有程序入口点正确初始化它。