Android Error In Webview.loadurl() - Trust Anchor For Certification Path Not Found
Solution 1:
Create a WebViewClient:
privateclassWvClientextendsWebViewClient
{
@OverridepublicvoidonReceivedSslError(WebView view, SslErrorHandler handler, SslError er) {
handler.proceed();
// Ignore SSL certificate errors
}
}
And set the initialized WebViewClient ("WvClient") to your WebView ("wv" in that case):
wv.setWebViewClient(newWvClient());
Or in one line:
wv.setWebViewClient(newWebViewClient() {@OverridepublicvoidonReceivedSslError(WebView v, SslErrorHandler handler, SslError er){ handler.proceed(); }});
Solution 2:
I was dealing with this and quite frankly allowing MITM attacks is a no-no. Here is a cleaner solution that supports pinning. Save the certificate into your raw resource folder. NOTE: Sadly, SSLError gives us an SslCertificate when you call getCertificate(). SslCertificate is kind of useless. It's public API doesn't allow you to verify the public key, only the created on, expired date, issued to, issued by. However, if you open up this class you will see an X509Certificate member variable that is un-exposed. IDK why this design decision was taken. But there is an API for getting the Bundle, and that X509 Certificate member variable gets stored in there. So we access it that way, because the Certificate has a lot more useful methods on it.
@OverridepublicvoidonReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
SslCertificatesslCertificateServer= error.getCertificate();
CertificatepinnedCert= getCertificateForRawResource(R.raw.your_cert, mContext);
CertificateserverCert= convertSSLCertificateToCertificate(sslCertificateServer);
if(pinnedCert.equals(serverCert)) {
handler.proceed();
} else {
super.onReceivedSslError(view, handler, error);
}
}
publicstatic Certificate getCertificateForRawResource(int resourceId, Context context) {
CertificateFactorycf=null;
Certificateca=null;
Resourcesresources= context.getResources();
InputStreamcaInput= resources.openRawResource(resourceId);
try {
cf = CertificateFactory.getInstance("X.509");
ca = cf.generateCertificate(caInput);
} catch (CertificateException e) {
Log.e(TAG, "exception", e);
} finally {
try {
caInput.close();
} catch (IOException e) {
Log.e(TAG, "exception", e);
}
}
return ca;
}
publicstatic Certificate convertSSLCertificateToCertificate(SslCertificate sslCertificate) {
CertificateFactorycf=null;
Certificatecertificate=null;
Bundlebundle= sslCertificate.saveState(sslCertificate);
byte[] bytes = bundle.getByteArray("x509-certificate");
if (bytes != null) {
try {
CertificateFactorycertFactory= CertificateFactory.getInstance("X.509");
Certificatecert= certFactory.generateCertificate(newByteArrayInputStream(bytes));
certificate = cert;
} catch (CertificateException e) {
Log.e(TAG, "exception", e);
}
}
return certificate;
}
Solution 3:
This is the proper solution and google will approve your app by implementing below code:
@OverridepublicvoidonReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
// for SSLErrorHandlerfinal AlertDialog.Builderbuilder=newAlertDialog.Builder(context);
builder.setMessage(R.string.notification_error_ssl_cert_invalid);
builder.setPositiveButton("continue", newDialogInterface.OnClickListener() {
@OverridepublicvoidonClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("cancel", newDialogInterface.OnClickListener() {
@OverridepublicvoidonClick(DialogInterface dialog, int which) {
handler.cancel();
}
});
finalAlertDialogdialog= builder.create();
dialog.show();
}
If you use below code then at the time of debug it'll work but google will reject your app:
privateclassWvClientextendsWebViewClient
{
@OverridepublicvoidonReceivedSslError(WebView view, SslErrorHandler handler, SslError er) {
handler.proceed();
// Ignore SSL certificate errors
}
}
Post a Comment for "Android Error In Webview.loadurl() - Trust Anchor For Certification Path Not Found"