All Products
Search
Document Center

Problem of Android 5.x devices with expired certificates

Last Updated: Feb 07, 2022

Description

The following log is reported on the client.

com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException:  
Could not validate certificate: Certificate expired at Sat No 
v 06 20:00:00 GMT+08:00 2021 (compared to Wed Jan 12 10:12:30 GMT+08:00 2022)\"",

Cause

The problem is due to the operating system of Android 5.x devices. Solve this problem by trusting all certificates.

Solution

  1. Set TinyAppRequestPluginProvider on the client.

    // Set provider for packet capture in mini programs.
    // H5Utils.setProvider(TinyAppRequestPluginProvider.class.getName() ,
    new TinyAppRequestPluginProviderImp() );
    
    public class TinyAppRequestPluginProviderImpl implements TinyAppRequestPluginProvider {
        private static final String TAG = "TinyAppRequestPluginProviderImpl";
        SSLSocketFactoryImp sf;
    
        public void onAndroidHttpClientCreate(AndroidHttpClient androidHttpClient) {
            setCA(androidHttpClient);
        }
    
        private void setCA(AndroidHttpClient client) {
    
            // Trust certificates of Android devices below 5.x.
            if (Build.VERSION.SDK_INT < 23) {
                KeyStore trustStore;
                try {
                    trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    trustStore.load(null ,null);
    
                    // Create SSLSocketFactory and related Socket.
                    sf = new SSLSocketFactoryImp(trustStore);
                    sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                    client.getConnectionManager().getSchemeRegistry()
                            .register(new Scheme("https" ,sf ,443));
                }catch (Exception e){
    
                }
    
            }
        }
    }
    
    
    /* Baseline 21--*/
    public class SSLSocketFactoryImp extends SSLSocketFactory {
        final SSLContext sslContext = SSLContext.getInstance("TLS");
        public SSLSocketFactoryImp(KeyStore truststore)
                throws NoSuchAlgorithmException, KeyManagementException,
                KeyStoreException, UnrecoverableKeyException {
            super(truststore);
            TrustManager tm = new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
                @Override
                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType)
                        throws java.security.cert.CertificateException {
                }
                @Override
                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType)
                        throws java.security.cert.CertificateException {
                }
            };
            sslContext.init(null, new TrustManager[] { tm }, null);
        }
        @Override
        public Socket createSocket(Socket socket, String host, int port,
                                   boolean autoClose) throws IOException, UnknownHostException {
            return sslContext.getSocketFactory().createSocket(socket, host,
                    port, autoClose);
        }
        @Override
        public Socket createSocket() throws IOException {
            return sslContext.getSocketFactory().createSocket();
        }
    }
  2. Install a packet capture tool and set a proxy on your computer.

  3. Enable the proxy and install a trusted certificate on your mobile phone.