机器人的WebView与客户端证书 [英] android webview with client certificate
问题描述
我想了好几天使用内嵌在应用程序中的客户端证书的Web视图,但在我看来,Android SDK中没有提供任何办法做到这一点,有一个回调拦截发送的挑战服务器?有没有办法使用的WebView与客户端证书,并HTTPS请求?
I tried for days to use a web view with a client certificate embedded in the application, but it seems to me that the android sdk does not provide any way to do it, is there a callback to intercept the challenge sent by the server? is there a way to use webview with a client certificate and make https request?
推荐答案
由于我感兴趣的是你的问题还有,我检查的WebView和WebViewClient文档,冲浪四周,确实看起来,你不能验证的WebView会话使用客户端证书,因为所需的方法(ClientCertRequestHandler)不是公共API。
Since I'm interested in your problem as well, I checked the documentation for WebView and WebViewClient, surfed around and indeed it looks that you can't authenticate a webview session using a client certificate, as the required method (ClientCertRequestHandler) is not a public API.
<一个href="http://stackoverflow.com/questions/12807742/using-a-android-webview-to-connect-to-secure-server-with-client-certificate">Using一款Android的WebView连接到安全服务器,客户端证书
在Android的安全讨论中搜索确认该呼叫确实是不可用:
A search in the Android Security Discussions confirms that the call is indeed not available:
的https://groups.google.com/forum/#!msg/android-security-discuss/0hzTGaA9swQ/1Oqc8UpGLH8J
和即使
而Android 4.0的发布确实包括在浏览器客户端证书身份验证的支持。
The Android 4.0 release does include support for client certificate authentication in the browser.
(参考: https://开头code .google.com / P /安卓/问题/详细信息?ID = 8196 )
没有提到WebViews由:(
no mention about WebViews is made :(
尽管也有一些新的API来加载在钥匙串证书:
Even though there are some new API to load certificates in a Keychain:
http://developer.android.com/reference/android/security/ KeyChain.html http://nelenkov.blogspot.it/2011/11/using -ics,钥匙链api.html
目前还不清楚web视图是否会使用它们。所以我想你应该尝试钥匙串类,看看你是否能正确验证(我有没有简单的方法来测试这一点,所以你对你自己的)
it is not clear whether the WebView is gonna use them... So I guess you should try the KeyChain class and see if you can correctly authenticate (I have no simple way to test this, so you are on your own).
如果钥匙串没有与WebViews 的工作,我想这一切归结为几个远非完美的解决方法:
If KeyChain doesn't work with WebViews, I guess it all boils down to a couple of far from perfect workarounds:
解决方案1:
使用ClientCertRequestHandler无论如何(这是标记为隐藏,但显然仍然可用):
use ClientCertRequestHandler anyway (It's marked as hidden, but apparently still usable):
HTTPS://$c$c.google。 COM / P /安卓/问题/详细信息?ID = 53491
然而,即使假设你把它的Android开发人员。团队可以修改/恕不另行通知删除的方法和你的应用程序可能会停止工作的SO的未来版本。
However even assuming that you make it, the Android Dev. Team might modify/remove the method without notice and your app might stop working on future releases of the SO.
解决方案2:
如果你可以限制你的目标至Android 4.0或更高版本,一个大胆的(和不可能...)的解决方案就是尽量使用文件计划从本地存储加载web视图证书:
If you can limit your target to Android 4.0 or newer, a bold (and unlikely...) solution is to try to load the certificate in the webview from your local storage using a file scheme:
但我强烈怀疑的WebView将表现为浏览器不会...
but i strongly doubt that the webview will behave as the browser does...
解决方案3:(这应该工作,但需要投入大量的精力)
Solution 3: (which should work but requires a lot of effort)
使用了HTTPClient或HttpURLConnection的处理在后台每个HTTPS连接,然后将数据传递到web视图:
Handle every https connection in background using HTTPClient or HttpURLConnection and then pass the data to the WebView:
http://chariotsolutions.com/blog/post/https -with-客户证书上/
您有我的同情。
这篇关于机器人的WebView与客户端证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
