Tuesday, November 26, 2013

[android-developers] Re: How do I validate an android.net.http.SslCertificate with an X509TrustManager?

Added a feature request: https://code.google.com/p/android/issues/detail?id=62883&thanks=62883&ts=1385503421

On Tuesday, November 26, 2013 3:59:41 PM UTC-6, Heath Borders wrote:
Cross-Posted on Stackoverflow: http://stackoverflow.com/q/20228800/9636

Android's WebViewClient calls onReceivedSslError when it encounters an untrusted cert. However, the SslError object I receive in that call doesn't have any way public way to get to the underlying X509Certificate to validate it against an existing TrustStoreManager. Looking at the source, I can access the X509Certificate's encoded bytes thusly:

public void onReceivedSslError(WebView view, SslErrorHandler handler,          SslError error) {      Bundle bundle = SslCertificate.saveState(error.getCertificate());      X509Certificate x509Certificate;      byte[] bytes = bundle.getByteArray("x509-certificate");      if (bytes == null) {          x509Certificate = null;      } else {          try {              CertificateFactory certFactory = CertificateFactory.getInstance("X.509");              Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));              x509Certificate = (X509Certificate) cert;          } catch (CertificateException e) {              x509Certificate = null;          }      }        // Now I have an X509Certificate I can pass to an X509TrustManager for validation.  }

Obviously, this is private API and is fragile, though I assume it is fairly reliable since they can't change the bundle format. Is there a better way?

In the source, I see that SslCertificate has the X509Certificate as a member variable. Could you just make that public with a getter?

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
---
You received this message because you are subscribed to the Google Groups "Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-developers+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

posted by twitter @ 2:04 PM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate