Cross-Posted on Stackoverflow: http://stackoverflow.com/q/20228800/9636
Android's WebViewClient calls onReceivedSslError when it encounters an
untrusted cert. However, the SslError object I receive in that call doesn't
have any way public way to get to the underlying X509Certificate to
validate it against an existing TrustStoreManager. Looking at the source, I
can access the X509Certificate's encoded bytes thusly:
public void onReceivedSslError(WebView view, SslErrorHandler handler,
SslError error) {
Bundle bundle = SslCertificate.saveState(error.getCertificate());
X509Certificate x509Certificate;
byte[] bytes = bundle.getByteArray("x509-certificate");
if (bytes == null) {
x509Certificate = null;
} else {
try {
CertificateFactory certFactory =
CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(new
ByteArrayInputStream(bytes));
x509Certificate = (X509Certificate) cert;
} catch (CertificateException e) {
x509Certificate = null;
}
}
// Now I have an X509Certificate I can pass to an X509TrustManager for
validation.}
Obviously, this is private API and is fragile, though I assume it is fairly
reliable since they can't change the bundle format. Is there a better way?
In the source, I see that SslCertificate has the X509Certificate as a
member variable. Could you just make that public with a getter?
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
