Android error in webview.loadUrl() - Trust anchor

2019-03-10 23:18发布

站内问答 / Android
353 2 4

I have a webview for load url, but not work.

Look at my code:

public class MainActivity extends AppCompatActivity {

  @Override
  protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    WebView wv = (WebView) findViewById(R.id.webView);

    //Log.d("rudyy", "aqui");
    wv.loadUrl("https://tripulanteaims.tam.com.br/wtouch/wtouch.exe/index");
    //Log.d("rudyy", "fim");


  }
}

When execute this code, android return this error :

Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Help-me please.

标签: android ssl
举报
2条回答
ら.Afraid
2楼-- · 2019-03-10 23:59

Create a WebViewClient:

private class WvClient extends WebViewClient 
{
    @Override
    public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError er) {
        handler.proceed(); 
        // Ignore SSL certificate errors
    }
}

And set the initialized WebViewClient ("WvClient") to your WebView ("wv" in that case):

wv.setWebViewClient(new WvClient());

Or in one line:

 wv.setWebViewClient(new WebViewClient() {@Override public void onReceivedSslError(WebView v, SslErrorHandler handler, SslError er){ handler.proceed(); }});
查看更多
0人赞 添加讨论(0) 举报
一夜七次
3楼-- · 2019-03-11 00:17

I was dealing with this and quite frankly allowing MITM attacks is a no-no. Here is a cleaner solution that supports pinning. Save the certificate into your raw resource folder.
NOTE: Sadly, SSLError gives us an SslCertificate when you call getCertificate(). SslCertificate is kind of useless. It's public API doesn't allow you to verify the public key, only the created on, expired date, issued to, issued by. However, if you open up this class you will see an X509Certificate member variable that is un-exposed. IDK why this design decision was taken. But there is an API for getting the Bundle, and that X509 Certificate member variable gets stored in there. So we access it that way, because the Certificate has a lot more useful methods on it.

@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
    SslCertificate sslCertificateServer = error.getCertificate();
    Certificate pinnedCert = getCertificateForRawResource(R.raw.your_cert, mContext);
    Certificate serverCert = convertSSLCertificateToCertificate(sslCertificateServer);

    if(pinnedCert.equals(serverCert)) {
        handler.proceed();
    } else {
        super.onReceivedSslError(view, handler, error);
    }
}

public static Certificate getCertificateForRawResource(int resourceId, Context context) {
    CertificateFactory cf = null;
    Certificate ca = null;
    Resources resources = context.getResources();
    InputStream caInput = resources.openRawResource(resourceId);

    try {
        cf = CertificateFactory.getInstance("X.509");
        ca = cf.generateCertificate(caInput);
    } catch (CertificateException e) {
        Log.e(TAG, "exception", e);
    } finally {
        try {
            caInput.close();
        } catch (IOException e) {
            Log.e(TAG, "exception", e);
        }
    }

    return ca;
}

public static Certificate convertSSLCertificateToCertificate(SslCertificate sslCertificate) {
    CertificateFactory cf = null;
    Certificate certificate = null;
    Bundle bundle = sslCertificate.saveState(sslCertificate);
    byte[] bytes = bundle.getByteArray("x509-certificate");

    if (bytes != null) {
        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
            certificate = cert;
        } catch (CertificateException e) {
            Log.e(TAG, "exception", e);
        }
    }

    return certificate;
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)