All Products
Search

This Product

    Mobile Platform as a Service:Problem of Android 5.x devices with expired certificates

    Document Center

    Mobile Platform as a Service:Problem of Android 5.x devices with expired certificates

    Last Updated:Feb 07, 2022

    Description

    The following log is reported on the client. 

    com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException:  
Could not validate certificate: Certificate expired at Sat No 
v 06 20:00:00 GMT+08:00 2021 (compared to Wed Jan 12 10:12:30 GMT+08:00 2022)\"",

    Cause

    The problem is due to the operating system of Android 5.x devices. Solve this problem by trusting all certificates.

    Solution

    1. Set TinyAppRequestPluginProvider on the client. 

      // Set provider for packet capture in mini programs.
// H5Utils.setProvider(TinyAppRequestPluginProvider.class.getName() ,
new TinyAppRequestPluginProviderImp() );

public class TinyAppRequestPluginProviderImpl implements TinyAppRequestPluginProvider {
    private static final String TAG = "TinyAppRequestPluginProviderImpl";
    SSLSocketFactoryImp sf;

    public void onAndroidHttpClientCreate(AndroidHttpClient androidHttpClient) {
        setCA(androidHttpClient);
    }

    private void setCA(AndroidHttpClient client) {

        // Trust certificates of Android devices below 5.x.
        if (Build.VERSION.SDK_INT < 23) {
            KeyStore trustStore;
            try {
                trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
                trustStore.load(null ,null);

                // Create SSLSocketFactory and related Socket.
                sf = new SSLSocketFactoryImp(trustStore);
                sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                client.getConnectionManager().getSchemeRegistry()
                        .register(new Scheme("https" ,sf ,443));
            }catch (Exception e){

            }

        }
    }
}


/* Baseline 21--*/
public class SSLSocketFactoryImp extends SSLSocketFactory {
    final SSLContext sslContext = SSLContext.getInstance("TLS");
    public SSLSocketFactoryImp(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);
        TrustManager tm = new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType)
                    throws java.security.cert.CertificateException {
            }
            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain,
                    String authType)
                    throws java.security.cert.CertificateException {
            }
        };
        sslContext.init(null, new TrustManager[] { tm }, null);
    }
    @Override
    public Socket createSocket(Socket socket, String host, int port,
                               boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host,
                port, autoClose);
    }
    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

    2. Install a packet capture tool and set a proxy on your computer.

    3. Enable the proxy and install a trusted certificate on your mobile phone.