Can a WebView or more specifically, PhoneGaps CordovaWebView, use client certificates to authenticate to a server?
I understand the native browser can use client certs but I am trying to get a PhoneGap Android app to talk to a server that requires a client cert to work and can not see how. I have tried various methods I have seen on google, but they are not working on Android version 4.0 or greater. Any suggestions would be greatly appriciated.
It is not possible. The code that is needed to answer back a challenge for a client certificate is not available in the sdk. If you look at the source for WebViewClient in the android sdk you will see this method
/**
* Notify the host application to handle a SSL client certificate
* request (display the request to the user and ask whether to
* proceed with a client certificate or not). The host application
* has to call either handler.cancel() or handler.proceed() as the
* connection is suspended and waiting for the response. The
* default behavior is to cancel, returning no client certificate.
*
* @param view The WebView that is initiating the callback.
* @param handler An ClientCertRequestHandler object that will
* handle the user's response.
* @param host_and_port The host and port of the requesting server.
*
* @hide
*/
public void onReceivedClientCertRequest(WebView view,
ClientCertRequestHandler handler, String host_and_port) {
handler.cancel();
}
Do you see that @hide in the doc section? That means "do not make this available to the general public." We need the ability to override this method and utilize the ClientCertRequestHandler, but we can't. Not sure when google will open this API but it is not available in JellyBean.