CODEWITHSUNDEEP
androidsslwebviewssl-certificatewebclient
Ananth
Ananth

Reputation: 125

Not getting callback for onReceivedClientCertRequest in Webview

I need to do Public key /Certificate pinning for Webview. I see there is an api has been introduced in API21 As per Android documentation, http://developer.android.com/reference/android/webkit/WebViewClient.html#onReceivedClientCertRequest(android.webkit.WebView, android.webkit.ClientCertRequest)

onReceivedClientCertRequest() is added in api 21, but I am not getting callback when I load any url. Could anyone please help????

@Override
public void onReceivedClientCertRequest(WebView view, final ClientCertRequest request) {
            Log.e("ClientCertRequest", "===> certificate required!");

            KeyChain.choosePrivateKeyAlias(WebViewActivity.this, new KeyChainAliasCallback(){
                @TargetApi(Build.VERSION_CODES.LOLLIPOP)
                @Override
                public void alias(String alias) {
                    Log.e(getClass().getSimpleName(), "===>Key alias is: " + alias);
                    try {
                        PrivateKey changPrivateKey = KeyChain.getPrivateKey(WebViewActivity.this, alias);
                        X509Certificate[] certificates = KeyChain.getCertificateChain(WebViewActivity.this, alias);
                        Log.v(getClass().getSimpleName(), "===>Getting Private Key Success!" );
                        request.proceed(changPrivateKey, certificates);
                    } catch (KeyChainException e) {
                        Log.e(getClass().getSimpleName(), Util.printException(e));
                    } catch (InterruptedException e) {
                        Log.e(getClass().getSimpleName(), Util.printException(e));
                    }
                }
            },new String[]{"RSA"}, null, null, -1, null);
            super.onReceivedClientCertRequest(view,request);
        }

Upvotes: 1

Views: 1572

Answers (1)

chrisp
chrisp

Reputation: 46

Client Certificate Authentication can fail in a number of ways in Android:

  • Your WebViewClient might not be wired properly: make sure you get other notifications from the WebView such as WebViewClient.onPageStarted()
  • Make sure you're actually using SSL and a https URL
  • SSL might fail before you even get to the client certificate check. This is typical for self signed server certificates. You can work around this problem by calling handler.proceed() in WebViewClient.onReceivedSslError(view, handler, error)
  • SSL client certificate authentication might not be turned on on the server side. When using Apache, set something like SSLVerifyClient require along with the required parameters SSLVerifyDepth and SSLCACertificateFile in the config
  • Use a valid CA certificate (created by you or a third party) on the server and a client certificate that was signed by this CA certificate
  • Make sure the client certificate is installed on the Android device. You typically copy the client certificate to the device's storage as a PKCS 12 file (pfx file extension)

Upvotes: 3

Related Questions