Added a feature request: https://code.google.com/p/android/issues/detail?id=62883&thanks=62883&ts=1385503421
On Tuesday, November 26, 2013 3:59:41 PM UTC-6, Heath Borders wrote: > > Cross-Posted on Stackoverflow: http://stackoverflow.com/q/20228800/9636 > > Android's WebViewClient calls onReceivedSslError when it encounters an > untrusted cert. However, the SslError object I receive in that call doesn't > have any way public way to get to the underlying X509Certificate to > validate it against an existing TrustStoreManager. Looking at the source, I > can access the X509Certificate's encoded bytes thusly: > > public void onReceivedSslError(WebView view, SslErrorHandler handler, > SslError error) { > Bundle bundle = SslCertificate.saveState(error.getCertificate()); > X509Certificate x509Certificate; > byte[] bytes = bundle.getByteArray("x509-certificate"); > if (bytes == null) { > x509Certificate = null; > } else { > try { > CertificateFactory certFactory = > CertificateFactory.getInstance("X.509"); > Certificate cert = certFactory.generateCertificate(new > ByteArrayInputStream(bytes)); > x509Certificate = (X509Certificate) cert; > } catch (CertificateException e) { > x509Certificate = null; > } > } > > // Now I have an X509Certificate I can pass to an X509TrustManager for > validation.} > > Obviously, this is private API and is fragile, though I assume it is > fairly reliable since they can't change the bundle format. Is there a > better way? > > In the source, I see that SslCertificate has the X509Certificate as a > member variable. Could you just make that public with a getter? > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en --- You received this message because you are subscribed to the Google Groups "Android Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
