`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31

ygarg465 · 2024-03-25T13:52:08Z

Describe the Issue
I have a Hybrid Application developed using CapacitorJS.
I am using Appium with WebDriverIO.
I am mocking the REST API in test by following the guide in this repo, however, when the request is sent by the app this exception arises in logcat

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    	at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:356)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:896)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:236)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:218)
                                                                                                    	at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
                                                                                                    	at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
                                                                                                    	at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
                                                                                                    	at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
                                                                                                    	at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
                                                                                                    	at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
                                                                                                    	at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
                                                                                                    	at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
                                                                                                    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
                                                                                                    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:131)
                                                                                                    	at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:262)
                                                                                                    	at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:219)
                                                                                                    	at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:30)
                                                                                                    	at com.getcapacitor.plugin.util.CapacitorHttpUrlConnection.writeRequestBody(CapacitorHttpUrlConnection.java:239)
                                                                                                    	at com.getcapacitor.plugin.util.CapacitorHttpUrlConnection.setRequestBody(CapacitorHttpUrlConnection.java:210)
                                                                                                    	at com.getcapacitor.plugin.util.HttpRequestHandler.request(HttpRequestHandler.java:414)
                                                                                                    	at com.getcapacitor.plugin.CapacitorHttp$1.run(CapacitorHttp.java:66)
                                                                                                    	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:487)
                                                                                                    	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                                                                                                    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
                                                                                                    	at java.lang.Thread.run(Thread.java:1012)
                                                                                                    Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:656)
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:505)
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:425)
                                                                                                    	at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
                                                                                                    	at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
                                                                                                    	at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
2024-03-25 19:13:15.169  6592-6756  Capacitor/Plugin                  E  	at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:260)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
                                                                                                    	at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
                                                                                                    	at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
                                                                                                    	at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)

I have also replaced the implementation of fetch and XMLHttpRequest with native implementation using Capacitor HTTP Plugin, still got no success.

How to reproduce ?

Create a Capacitor App.
Replace the fetch and XMLHttpRequest with native implementation using Capacitor HTTP Plugin.
Write a fetch request from JS Code.
follow the guide on this repo to setup appium-interceptor-plugin.
Test the application.

Device Information
OS: Android
Version: API 34 (Android 14)
Device: Pixel 7 Pro

The text was updated successfully, but these errors were encountered:

sudharsan-selvaraj · 2024-03-26T12:06:53Z

Looks like a security issue to me. With the little help of google i came to know that your app needs some additional configuration to trust the certificates installed on the mobile. Also make sure your are using the debug apk build of the application.

Refer - https://stackoverflow.com/questions/48879181/how-to-add-network-security-configuration-to-enable-charles-proxy-ssl-in-nougat

ygarg465 · 2024-03-26T13:50:37Z

Hey @sudharsan-selvaraj, Thanks for replying, however, the above-mentioned solution hits my server not the mocked API.

ygarg465 · 2024-03-28T15:02:34Z

Hi @sudharsan-selvaraj, did you take a look at it? As I am still struggling to achieve the desired behaviour.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31

`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31

ygarg465 commented Mar 25, 2024

sudharsan-selvaraj commented Mar 26, 2024

ygarg465 commented Mar 26, 2024

ygarg465 commented Mar 28, 2024

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. #31

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. #31

Comments

ygarg465 commented Mar 25, 2024

sudharsan-selvaraj commented Mar 26, 2024

ygarg465 commented Mar 26, 2024

ygarg465 commented Mar 28, 2024

`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31

`java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.` #31