Android 遇到不受信任的证书时的WebViewClient电话onReceivedSslError.但是,SslError我在该调用中收到的对象没有任何公共方式来访问底层X509Certificate以对照现有的验证它TrustStoreManager.查看源代码,我可以这样访问X509Certificate编码的字节:
public void onReceivedSslError(WebView view, SslErrorHandler handler,
SslError error) {
Bundle bundle = SslCertificate.saveState(error.getCertificate());
X509Certificate x509Certificate;
byte[] bytes = bundle.getByteArray("x509-certificate");
if (bytes == null) {
x509Certificate = null;
} else {
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
x509Certificate = (X509Certificate) cert;
} catch (CertificateException e) {
x509Certificate = null;
}
}
// Now I have an X509Certificate I can pass to an …我有一个要在 Android Webview 中打开的网站。该网站使用由COMODO RSA Domain Validation Secure Server CA. 问题是我得到了一个Unkown Certificate Error适用于所有运行版本低于(包括)Android 5 的设备。
我在文档中搜索过,据我所知,问题是 CA 是在 Android 5 发布之前创建的。
我可以做一个handler.proceed();,onReceivedSslError但我想保证应用程序的安全,我认为谷歌无论如何都可以拒绝 Play 商店中的应用程序。
我发现我可以做这样的事情
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// From https://www.washington.edu/itconnect/security/ca/load-der.crt
InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
} …