SSL 错误处理程序 WebView Android [英] SSL Error Handler WebView Android

问题描述

当我尝试发布我的应用时，Google Play 管理中心说我的应用中存在由于 SSL 错误处理程序的漏洞.我遵循了 Google 帮助中心的解决方案 https://support.google.com/faqs/answer/7071387，并尝试再次发布，但没有成功.我联系了 Google Play 支持，他们给了我答复:

When I try to publish my app, the Google Play Console says that I have a vulnerability in my app due to SSL Error Handler. I followed the Google Help Center solution https://support.google.com/faqs/answer/7071387, and tried to publish again, but no success. I got in touch with Google Play Support, and they have answered me:

我查看了您的应用，10 版 PET App 具有以下类，其中包含易受攻击的 SslErrorHandler 版本:

I took a look at your app, and version PET App of 10 has the following class, which contains a vulnerable version of SslErrorHandler:

这是我用来处理 SslError 的代码:

And here is the code I'm using to handle the SslError:

@Override
        public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
            final AlertDialog.Builder builder = new AlertDialog.Builder(SigpetActivity.this);
            String message = "SSL Certificate error.";
            switch (error.getPrimaryError()) {
                case SslError.SSL_UNTRUSTED:
                    message = "The certificate authority is not trusted.";
                    break;
                case SslError.SSL_EXPIRED:
                    message = "The certificate has expired.";
                    break;
                case SslError.SSL_IDMISMATCH:
                    message = "The certificate Hostname mismatch.";
                    break;
                case SslError.SSL_NOTYETVALID:
                    message = "The certificate is not yet valid.";
                    break;
            }
            builder.setMessage(message+" Clique em 'CONTINUAR' para permitir o acesso ao Sigpet");
            builder.setPositiveButton("continuar", new DialogInterface.OnClickListener() {
                @Override
                public void onClick(DialogInterface dialog, int which) {
                    handler.proceed();
                }
            });
            builder.setNegativeButton("cancelar", new DialogInterface.OnClickListener() {
                @Override
                public void onClick(DialogInterface dialog, int which) {
                    handler.cancel();
                    finish();
                }
            });
            final AlertDialog dialog = builder.create();
            dialog.show();
        }

我没有为此使用第三方库，只是使用 android webkit WebClient.

I'm using no third party library for this, just android webkit WebClient.

我该如何修复它才能让他们允许我发布我的应用?

How can I fix it to let them allow me to publish my app?

推荐答案

我的猜测是 Google 不喜欢你异步调用 proceed() 或 cancel()在 onClick 回调中.相反，您应该在 onReceivedSslError() 方法本身中同步进行.

My guess is that Google doesn't like you calling proceed() or cancel() asynchronously in an onClick callback. Instead, you should do it synchronously in the onReceivedSslError() method itself.

这篇关于SSL 错误处理程序 WebView Android的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！