如何使用android.net.http.SslCertificate验证X509TrustManager？

Question

安卓的WebViewClient在遇到不可信的证书时会调用onReceivedSslError。但是，我在那个调用中接收到的SslError对象没有任何公开的方法可以到达底层的X509Certificate来根据现有的TrustStoreManager来验证它。查看源代码，我可以这样访问X509Certificate的编码字节：

public void onReceivedSslError(WebView view, SslErrorHandler handler,
        SslError error) {
    Bundle bundle = SslCertificate.saveState(error.getCertificate());
    X509Certificate x509Certificate;
    byte[] bytes = bundle.getByteArray("x509-certificate");
    if (bytes == null) {
        x509Certificate = null;
    } else {
        try {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
            Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
            x509Certificate = (X509Certificate) cert;
        } catch (CertificateException e) {
            x509Certificate = null;
        }
    }

    // Now I have an X509Certificate I can pass to an X509TrustManager for validation.
}

显然，这是私有API，并且是脆弱的，尽管我认为它相当可靠，因为它们不能更改包格式。有更好的办法吗？

Answer 1

经过长时间的等待，似乎有一个名为getX509Certificate(): java.security.cert.X509Certificate的方法在我的功能请求作为第36984840期之后添加到了SslCertificate中。