I am creating a small demo app to implement ssl certificate pinning in android webview. I have generated the certificates of the host. Can anyone suggest me how to pin the certificates in the application code. I have searched many links but I am still stuck.
Asked
Active
Viewed 2,829 times
4
-
The question is a little old now. Were you able to get through? Or still looking for an answer? – Jeroen Aug 21 '17 at 05:54
1 Answers
-1
WebViews are tricky, not least because there is no perfect way to implement pinning in them except with Android N using Network Security Configuration.
The best you can do is override shouldInterceptRequest and implement the network calls yourself using one of the methods described in Android Security: SSL Pinning, however this only intercepts GET requests so if your WebViews use POST requests then you are out of luck. Android-SSL-Pinning-WebViews shows an example of doing this.
appmattus
- 2,788
- 25
- 16
-
-
How about using onReceivedClientCertRequest and attaching certificates for cert pinning? Example: https://stackoverflow.com/a/35403556/6641282 – DroidDev Aug 03 '20 at 18:04
-
1I believe that is in place for the server to request certificates from the client, so unless your server asks for one `onReceivedClientCertRequest` won’t even be called – appmattus Aug 04 '20 at 22:40