o2oa打包后,访问http服务器端正常,将服务器端web加上数字证书并实现https访问后,无法正常下载文件,经过跟踪程序发现,在下载文件时,报错信息为: java.security.cert.CertPathValidatorException:Trust anchor for certification path not found
想了一下,可能是数字证书由于某种原因找不到(我使用的是openssl创建的自签名证书),找不到就想办法绕过SSL验证。
在网上找到一篇文章,修改 xxxx\o2_auth_sdk\src\main\java\net\zoneland\x\bpm\mobile\v1\zoneXBPM\utils\HttpsTrustManager.kt中的createSSLSocketFactory()函数的代码为如下代码:
companion object { fun createSSLSocketFactory(): SSLSocketFactory? { return try { //val sc = SSLContext.getInstance("TLS") //sc.init(null, arrayOf(HttpsTrustManager()), SecureRandom()) //sc.socketFactory var sc = SSLContext.getInstance("TLS") val trustAllCerts: Array<TrustManager> = arrayOf(object : X509TrustManager { @Throws(CertificateException::class) override fun checkClientTrusted( chain: Array<java.security.cert.X509Certificate>, authType: String) { } @Throws(CertificateException::class) override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) { } override fun getAcceptedIssuers(): Array<X509Certificate?> { return arrayOfNulls(0) } }) sc!!.init(null, trustAllCerts, java.security.SecureRandom()) // Create all-trusting host name verifier val allHostsValid = HostnameVerifier { _, _ -> true } /*** * 如果 hostname in certificate didn't match的话就给一个默认的主机验证 */ setDefaultSSLSocketFactory(sc.getSocketFactory()); setDefaultHostnameVerifier(allHostsValid); return sc.socketFactory; } catch ( e:Exception) { null } } }
修改后,文件可以正常下载了。但不知道是否会存在安全性问题。
解决该问题参考了:kotlin 绕过SSL验证 - 简书