6

I am using Crosswalk XWalkView as my application's webview, now I am loading some website that has valid certificate and works fine in Android versions < 7.

But with Android 7.0 and greater I get this toast message REQUEST WAS DENIED FOR SECURITY

and this log

06-12 17:46:46.024 22518-22731/? I/X509Util: Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I read some similar questions like this, but the solution being posted is in Cordova (see this). I am using native android and I would like to know if how can I do this on my end (native).

quote from the link

I solved this by adding the last 3 lines of the following snippet to config.xml:

<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />
<allow-navigation href="data:*" />

Thanks!

Basically what I want to do is to have some whitelist like Cordova does, but I don't know if how can I achieve this using Native Android and Crosswalk. First, I don't know if there's a config.xml in native android (in cordova there is), now I really need to know on how can I implement this in my project.

Aaron
  • 2,591
  • 4
  • 27
  • 45
  • Can you give more detail on what you mean by "using native android". Do you mean you are using JNI C++ (the usual meaning) or some other native framework. Calling "Java" native on Android I always found a bit silly. What your getting is an X509Certificate error, which can be fixed in Webview. Xwalkview I will have to check. – Jon Goodwin Aug 05 '17 at 20:46
  • Sorry, perhaps I'll change the description, I'm using java. What I want to do is to have a config.xml like what cordova does. – Aaron Aug 07 '17 at 07:34
  • @JonGoodwin yes it can be fixed if I used the WebView, however, I'm using the XWalkView and it seems like it's an open issue in a dead project: https://crosswalk-project.org/jira/browse/XWALK-7375. https://stackoverflow.com/questions/40035794/crosswalk-error-about-request-was-denied-for-security#40974821 says they were able to resolve it by adding some lines in config.xml, I want to do have that, but I am not using Cordova. – Aaron Aug 07 '17 at 07:36

1 Answers1

2

I was able to solve this by by following the steps from android network security config I trusted additional an certificate.

Basically, the first time I tried it I was providing the wrong SSL certificate (I assumed that it was the website itself, but the one causing the error is a host for a Javascript file being loaded in the website) in my network_security_config.xml.

website_ca is the SSL certificate file

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="@raw/website_ca"/>
            <certificates src="system"/>
        </trust-anchors>
    </base-config>
</network-security-config>

It works fine now.

Aaron
  • 2,591
  • 4
  • 27
  • 45