Problem definition
For more information about the principles of offline package signature verification, see Introduction to offline packages. A verification failure does not make an H5 application unavailable. Instead, it prevents the H5 container from retrieving resources from the local device. All traffic then falls back to online resources, which affects user experience and performance.
Common symptoms
The offline package application opens when the network is active, but fails to open when the network is disconnected.
The H5 application loads slowly.
Basic troubleshooting steps
Confirm that signature verification is enabled in the console and that a private key for signing has been uploaded. Confirm that the signature verification feature is enabled in the client H5 container. The following are common configuration combinations and their results:
Console enabled & Client enabled: Verification might fail. The failure may be caused by a key mismatch.
Console enabled & Client disabled: The problem is likely unrelated to signature verification.
Console disabled & Client enabled: Verification will always fail.
Console disabled & Client disabled: The problem is likely unrelated to signature verification.
ImportantA common mistake is overlooking whether the client's signature verification configuration is active.
Capture data packets using Charles or Fiddler. Look for an amr download action to determine whether fallback traffic exists.
If you find an amr download action for the offline package and fallback traffic exists, the signature verification may have failed.
If you do not find an amr download action but fallback traffic still exists, you cannot rule out other causes, such as a failed offline package pre-installation or download.
Check the client logs to determine the verification result.
In the Android client logs, search for
signature verify result. Use the surrounding log entries to determine whether a signature verification failure occurred.
Solutions
Carefully check the offline package signature verification configuration. Confirm that the private key uploaded to the console matches the public key configured on the client.
If you re-upload the private key used to sign offline packages in the console, you must also re-upload all offline packages to regenerate the amr/h5_json files.