o2oa打包后,访问http服务器端正常,将服务器端web加上数字证书并实现https访问后,无法正常下载文件,经过跟踪程序发现,在下载文件时,报错信息为: java.security.cert.CertPathValidatorException:Trust anchor for certification path not found
想了一下,可能是数字证书由于某种原因找不到(我使用的是openssl创建的自签名证书),找不到就想办法绕过SSL验证。
在网上找到一篇文章,修改 xxxx\o2_auth_sdk\src\main\java\net\zoneland\x\bpm\mobile\v1\zoneXBPM\utils\HttpsTrustManager.kt中的createSSLSocketFactory()函数的代码为如下代码:
companion object {
fun createSSLSocketFactory(): SSLSocketFactory? {
return try {
//val sc = SSLContext.getInstance("TLS")
//sc.init(null, arrayOf(HttpsTrustManager()), SecureRandom())
//sc.socketFactory
var sc = SSLContext.getInstance("TLS")
val trustAllCerts: Array<TrustManager> = arrayOf(object : X509TrustManager {
@Throws(CertificateException::class)
override fun checkClientTrusted(
chain: Array<java.security.cert.X509Certificate>, authType: String) {
}
@Throws(CertificateException::class)
override fun checkServerTrusted(chain: Array<java.security.cert.X509Certificate>, authType: String) {
}
override fun getAcceptedIssuers(): Array<X509Certificate?> {
return arrayOfNulls(0)
}
})
sc!!.init(null, trustAllCerts, java.security.SecureRandom())
// Create all-trusting host name verifier
val allHostsValid = HostnameVerifier { _, _ -> true }
/***
* 如果 hostname in certificate didn't match的话就给一个默认的主机验证
*/
setDefaultSSLSocketFactory(sc.getSocketFactory());
setDefaultHostnameVerifier(allHostsValid);
return sc.socketFactory;
} catch ( e:Exception) {
null
}
}
}
修改后,文件可以正常下载了。但不知道是否会存在安全性问题。
解决该问题参考了:kotlin 绕过SSL验证 - 简书
