抱歉我的英文。我需要加载网址https,我有一些问题。当我尝试加载页面时,webView给我错误
primary error: 3 certificate: Issued to: CN=my-site.com;
Issued by: CN=GeoTrust DV SSL CA - G3,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US;
on URL: https://my-site.com/tutorial.php
如果我创建自定义WebView客户端并重新定义方法onReceivedSslError
,如下所示:
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
handler.proceed();
}
然后当我将这个应用程序加载到市场时,谷歌的人会说我:
Your APK has been rejected for containing security vulnerabilities, which violates the Malicious Behavior policy
我可以解决这个问题,做这样的事情:
final AlertDialog.Builder builder = new AlertDialog.Builder(WebViewTutorials.this);
String message = "SSL Certificate error.";
switch (error.getPrimaryError()) {
case SslError.SSL_UNTRUSTED:
message = "The certificate authority is not trusted.";
break;
case SslError.SSL_EXPIRED:
message = "The certificate has expired.";
break;
case SslError.SSL_IDMISMATCH:
message = "The certificate Hostname mismatch.";
break;
case SslError.SSL_NOTYETVALID:
message = "The certificate is not yet valid.";
break;
}
message += " Do you want to continue anyway?";
builder.setTitle("SSL Certificate Error");
builder.setMessage(message);
builder.setPositiveButton("continue", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
//handler.cancel();
finish();
}
});
final AlertDialog dialog = builder.create();
dialog.show();
但是对于这个应用程序显示用户popUp窗口是不可接受的 来自后端的人告诉我"它是客户端的问题"。我不知道我做了什么,需要显示用户webView页面但不显示popUp窗口警告
答案 0 :(得分:0)
您的第一个问题是SSL证书,WebView不会生成HTTPS连接。无论如何,另一个问题是您重写了onReceivedSslError方法并使用handler.proceed();。不告知用户您使用不安全的连接是android的安全漏洞,因此Play商店不允许您发布apk。
最好的方法是更正证书问题,因为该应用程序可以通过https连接与服务器通信。
无论如何,您可以通过这种方式来更改方法的实现,例如,以避免发布问题:
@Override
public void onReceivedSslError(WebView view, final SslErrorHandler handler, SslError error) {
final AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage(R.string.notification_error_ssl_cert_invalid);
builder.setPositiveButton("Continue", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.proceed();
}
});
builder.setNegativeButton("Cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
handler.cancel();
}
});
final AlertDialog dialog = builder.create();
dialog.show();
}
您可以检查android开发人员的安全性部分,以获取有关此漏洞和更正的更多信息。