Problem of Android 5.x devices with expired certificates - Mobile Platform as a Service

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

Description

The following log is reported on the client.

com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException:  
Could not validate certificate: Certificate expired at Sat No 
v 06 20:00:00 GMT+08:00 2021 (compared to Wed Jan 12 10:12:30 GMT+08:00 2022)\"",

Cause

The problem is due to the operating system of Android 5.x devices. Solve this problem by trusting all certificates.

Solution

Set TinyAppRequestPluginProvider on the client.

// Set provider for packet capture in mini programs.
// H5Utils.setProvider(TinyAppRequestPluginProvider.class.getName() ,
new TinyAppRequestPluginProviderImp() );
public class TinyAppRequestPluginProviderImpl implements TinyAppRequestPluginProvider {
    private static final String TAG = "TinyAppRequestPluginProviderImpl";
    SSLSocketFactoryImp sf;
    public void onAndroidHttpClientCreate(AndroidHttpClient androidHttpClient) {
        setCA(androidHttpClient);
    private void setCA(AndroidHttpClient client) {
        // Trust certificates of Android devices below 5.x.
        if (Build.VERSION.SDK_INT < 23) {
            KeyStore trustStore;
            try {
                trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null ,null);
                // Create SSLSocketFactory and related Socket.
                sf = new SSLSocketFactoryImp(trustStore);
                sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                client.getConnectionManager().getSchemeRegistry()
                        .register(new Scheme("https" ,sf ,443));
            }catch (Exception e){
/* Baseline 21--*/
public class SSLSocketFactoryImp extends SSLSocketFactory {
    final SSLContext sslContext = SSLContext.getInstance("TLS");
    public SSLSocketFactoryImp(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);
        TrustManager tm = new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType)
                    throws java.security.cert.CertificateException {
            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType)
                    throws java.security.cert.CertificateException {
        sslContext.init(null, new TrustManager[] { tm }, null);
    @Override
    public Socket createSocket(Socket socket, String host, int port,
                               boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host,
                port, autoClose);
    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
}

Install a packet capture tool and set a proxy on your computer.
Enable the proxy and install a trusted certificate on your mobile phone.