fix: OTA 下载加 TLS 1.2 兼容(Android 8.1 SSL 握手失败)
Android 8.1 默认 SSL 不兼容阿里云 OSS 导致 SSLHandshakeException。 显式配置 TLSv1.2 + 现代密码套件。同时读超时 60→120s 适配大 APK。 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
dongliang
@@ -12,12 +12,18 @@ import com.xiaoqu.watch.network.safeApiCall
|
|||||||
import dagger.hilt.android.qualifiers.ApplicationContext
|
import dagger.hilt.android.qualifiers.ApplicationContext
|
||||||
import kotlinx.coroutines.Dispatchers
|
import kotlinx.coroutines.Dispatchers
|
||||||
import kotlinx.coroutines.withContext
|
import kotlinx.coroutines.withContext
|
||||||
|
import okhttp3.ConnectionSpec
|
||||||
import okhttp3.OkHttpClient
|
import okhttp3.OkHttpClient
|
||||||
import okhttp3.Request
|
import okhttp3.Request
|
||||||
|
import okhttp3.TlsVersion
|
||||||
import timber.log.Timber
|
import timber.log.Timber
|
||||||
import java.io.File
|
import java.io.File
|
||||||
import java.io.IOException
|
import java.io.IOException
|
||||||
|
import java.security.KeyStore
|
||||||
import java.util.concurrent.TimeUnit
|
import java.util.concurrent.TimeUnit
|
||||||
|
import javax.net.ssl.SSLContext
|
||||||
|
import javax.net.ssl.TrustManagerFactory
|
||||||
|
import javax.net.ssl.X509TrustManager
|
||||||
import javax.inject.Inject
|
import javax.inject.Inject
|
||||||
import javax.inject.Singleton
|
import javax.inject.Singleton
|
||||||
|
|
||||||
@@ -52,11 +58,35 @@ class UpdateManager @Inject constructor(
|
|||||||
var isUpdating = false
|
var isUpdating = false
|
||||||
|
|
||||||
/** 独立的下载用 OkHttpClient(不复用业务 API 的 client,避免签名拦截器干扰) */
|
/** 独立的下载用 OkHttpClient(不复用业务 API 的 client,避免签名拦截器干扰) */
|
||||||
private val downloadClient = OkHttpClient.Builder()
|
private val downloadClient: OkHttpClient by lazy {
|
||||||
.connectTimeout(30, TimeUnit.SECONDS)
|
// Android 8.1 的默认 SSL 可能不兼容某些服务器(如阿里云 OSS)
|
||||||
.readTimeout(60, TimeUnit.SECONDS)
|
// 显式启用 TLS 1.2 + 兼容的连接规格
|
||||||
.writeTimeout(10, TimeUnit.SECONDS)
|
val builder = OkHttpClient.Builder()
|
||||||
.build()
|
.connectTimeout(30, TimeUnit.SECONDS)
|
||||||
|
.readTimeout(120, TimeUnit.SECONDS) // APK 较大,放宽读超时
|
||||||
|
.writeTimeout(10, TimeUnit.SECONDS)
|
||||||
|
|
||||||
|
try {
|
||||||
|
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
|
||||||
|
trustManagerFactory.init(null as KeyStore?)
|
||||||
|
val trustManager = trustManagerFactory.trustManagers[0] as X509TrustManager
|
||||||
|
|
||||||
|
val sslContext = SSLContext.getInstance("TLSv1.2")
|
||||||
|
sslContext.init(null, arrayOf(trustManager), null)
|
||||||
|
|
||||||
|
// 兼容的连接规格:支持 TLS 1.2 和现代密码套件
|
||||||
|
val connectionSpec = ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
|
||||||
|
.tlsVersions(TlsVersion.TLS_1_2)
|
||||||
|
.build()
|
||||||
|
|
||||||
|
builder.sslSocketFactory(sslContext.socketFactory, trustManager)
|
||||||
|
.connectionSpecs(listOf(connectionSpec, ConnectionSpec.CLEARTEXT))
|
||||||
|
} catch (e: Exception) {
|
||||||
|
Timber.w(e, "OTA: TLS 配置失败,使用默认配置")
|
||||||
|
}
|
||||||
|
|
||||||
|
builder.build()
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 检查版本更新(5 分钟最小间隔)
|
* 检查版本更新(5 分钟最小间隔)
|
||||||
|
|||||||
Reference in New Issue
Block a user