Currently I have the following network security config xml file:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!-- default config that does not allow clear test -->
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<!-- trying to get debug override to change this -->
<debug-overrides cleartextTrafficPermitted="true (DOESN'T WORK)">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
All I am trying to do is conditionally enabled global domain clear traffic during development/debug mode.
I thought I had my answer when I discovered the tag <debug-overrides>...</debug-overrides>. But it didn't work.
Unfortunately according to the official documentation, that tag doesn't actually support the desired attribute.
Nevermind. I figured out how to do it using gradle runtime variables instead.
// In your app level gradle file `build.gradle`
android
{
...
buildTypes
{
debug
{
resValue "string", "clear_text_config", "true"
}
release
{
resValue "string", "clear_text_config", "false"
}
}
...
}
// In your network security configuration xml
<base-config cleartextTrafficPermitted="#string/clear_text_config">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
This works because gradle will automatically generate a resource file for you.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">xxx.xxx.xxx</domain>
</domain-config>
</network-security-config>
Use domain config is the better way.We don't usually use http in a formal environment.
Related
I'm trying to make an app to listen to web-radio directly on the phone.
To do this I'm using this link:
https://webradio.divsi.unimi.it/
However, the result I get is not what I expected, because the error logs are as follows:
E/MediaHTTPConnection: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:363)
at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1134)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1089)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:876)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:747)
at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:712)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.processDataFromSocket(ConscryptEngineSocket.java:858)
at com.android.org.conscrypt.ConscryptEngineSocket$SSLInputStream.-$$Nest$mprocessDataFromSocket(Unknown Source:0)
at com.android.org.conscrypt.ConscryptEngineSocket.doHandshake(ConscryptEngineSocket.java:241)
at com.android.org.conscrypt.ConscryptEngineSocket.startHandshake(ConscryptEngineSocket.java:220)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:1450)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:1399)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:1343)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:221)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:144)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:106)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:400)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:333)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponseCode(HttpURLConnectionImpl.java:542)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getResponseCode(DelegatingHttpsURLConnection.java:106)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:30)
at android.media.MediaHTTPConnection.seekTo(MediaHTTPConnection.java:306)
at android.media.MediaHTTPConnection.getMIMEType(MediaHTTPConnection.java:501)
at android.media.IMediaHTTPConnection$Stub.onTransact(IMediaHTTPConnection.java:159)
at android.os.Binder.execTransactInternal(Binder.java:1195)
at android.os.Binder.execTransact(Binder.java:1159)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:654)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:503)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:423)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:351)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:90)
at com.android.org.conscrypt.ConscryptEngineSocket$2.checkServerTrusted(ConscryptEngineSocket.java:163)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:255)
at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1638)
at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:569)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1095)
at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1079)
2023-02-09 11:30:19.191 12154-14835/com.example.radio E/MediaHTTPConnection: ... 25 more
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
... 38 more
I've already read around and tried adding both the network_security_config
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
and:
android:usesCleartextTraffic="true"
But I just can't figure out why I need the certificate to be able to stream this radio. Trying with other web radios everything works correctly, so the problem is reduced to this link.
Is there any way to fix this error?
This is my error on Android Application when i call API hosted on windows server 2022 with .net core 5:
error: "TLS connection could not be established: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found."
status: -2
So this is my startup.cs
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpClient("mycustomer.mydomain.biz").ConfigurePrimaryHttpMessageHandler(() => new HttpClientHandler
{
ClientCertificateOptions = ClientCertificateOption.Manual,
ServerCertificateCustomValidationCallback =
(httpRequestMessage, cert, cetChain, policyErrors) =>
{
return true;
}
});
services.AddCors(); // Make sure you call this previous to AddMvc
services.AddMvc();
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "AppTitle", Version = "v1" });
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseCors(builder => builder
.AllowAnyHeader()
.AllowAnyMethod()
.AllowAnyOrigin()
.WithOrigins(new string[] { "http://localhost", "capacitor://localhost", "ionic://localhost", "http://localhost:8080", "http://localhost:8100" })
.AllowCredentials()
);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "MyApp v1"));
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseCors(builder =>
{
builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
When i try from browser all works, and also with Postman, i can show the SSL certificate correctly received by Postman.
So my code into app android:
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
My config.xml
<?xml version='1.0' encoding='utf-8'?>
<widget version="1.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:cdv="http://cordova.apache.org/ns/1.0">
<access origin="*" />
<feature name="CordovaHttpPlugin">
<param name="android-package" value="com.silkimen.cordovahttp.CordovaHttpPlugin"/>
</feature>
<feature name="File">
<param name="android-package" value="org.apache.cordova.file.FileUtils"/>
<param name="onload" value="true"/>
</feature>
<feature name="FileTransfer">
<param name="android-package" value="org.apache.cordova.filetransfer.FileTransfer"/>
</feature>
<preference name="AndroidBlacklistSecureSocketProtocols" value="SSLv3,TLSv1" />
</widget>
my AndroidManifest.xml
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="io.ionic.starter">
<application
android:usesCleartextTraffic="true"
android:allowBackup="true"
android:icon="#mipmap/ic_launcher"
android:label="#string/app_name"
android:roundIcon="#mipmap/ic_launcher_round"
android:supportsRtl="true"
android:networkSecurityConfig="#xml/network_security_config"
android:theme="#style/AppTheme">
<activity
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|locale|smallestScreenSize|screenLayout|uiMode"
android:name="io.ionic.starter.MainActivity"
android:label="#string/title_activity_main"
android:theme="#style/AppTheme.NoActionBarLaunch"
android:launchMode="singleTask">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.fileprovider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="#xml/file_paths"></meta-data>
</provider>
</application>
<!-- Permissions -->
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
</manifest>
but still not works, maybe i forgot something?
can you help me? I not have any more ideas.
I am trying to call an api in ionic. i get following error in my console.
Access to XMLHttpRequest at
'https://apiresource.com/appservices/get_services' from origin
'http://localhost:8100' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested
resource.
Below is my code for API call
services.page.ts
import { Component, OnInit } from '#angular/core';
import {HttpClient, HttpClientModule} from '#angular/common/http';
import {NavController} from '#ionic/angular';
#Component({
selector: 'app-services',
templateUrl: './services.page.html',
styleUrls: ['./services.page.scss'],
})
export class ServicesPage implements OnInit {
services: any;
constructor(private http: HttpClient, private navctrl: NavController) {
}
ngOnInit() {
this.http.get('https://apiresource.com/appservices/get_services').subscribe(data => {
console.log('my data: ', data);
alert(JSON.stringify(data));
});
}
}
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">apiresource.com</domain>
</domain-config>
</network-security-config>
Config.xml
<platform name="android">
<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android">
<application android:usesCleartextTraffic="true" />
<application android:networkSecurityConfig="#xml/network_security_config" />
</edit-config>
....................
I have tried on different solutions found from Google and above is all that i have in my code .
Please help
I'm creating an Android app in React-Native, and I have a problem with a fetch with an API for the signup. So, I tried creating a file in android/app/src/main/assets/xml
react_native_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="false">localhost</domain>
<domain includeSubdomains="false">10.0.2.2</domain>
<domain includeSubdomains="false">10.0.3.2</domain>
<domain includeSubdomains="false">MyDomain</domain>
</domain-config>
</network-security-config>
And I add it in AndroidManifest.xml
<application
android:name=".MainApplication"
android:label="#string/app_name"
android:icon="#mipmap/ic_launcher"
android:roundIcon="#mipmap/ic_launcher_round"
android:allowBackup="false"
android:theme="#style/AppTheme"
android:networkSecurityConfig="#xml/react_native_config"> // THERE
<activity
android:name=".MainActivity"
android:label="#string/app_name"
android:configChanges="keyboard|keyboardHidden|orientation|screenSize"
android:windowSoftInputMode="adjustResize">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity android:name="com.facebook.react.devsupport.DevSettingsActivity" />
</application>
But when I compile the app I receive this error:
android/app/build/intermediates/merged_manifests/debug/AndroidManifest.xml:24: AAPT: error: resource xml/react_native_config not found
Do you know How can I solve?
To use fetch API in react native you don't need to add XML file.Just Enable Internet permission like this
<manifest>
...
<uses-permission android:name="android.permission.INTERNET" />
<application ...
</manifest>
and use fetch API as-
GET-
function getMoviesFromApiAsync() {
return fetch(url)
.then((response) => response.json())
.then((responseJson) => {
return responseJson;
})
.catch((error) => {
console.error(error);
});
}
POST-
fetch(url, {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
firstParam: 'yourValue',
secondParam: 'yourOtherValue',
}),
}).then((response) => response.json())
.then((responseJson) => {
return responseJson;
})
.catch((error) => {
console.error(error);
});
I am trying to build a dictionary app . and dictionary api provide me the url for the mp3 file. I am using this code to play the mp3 .
This works in all the versions of android except the API 28.
What happens in API 28 is
- It lake more than 2 minute to hit the setOnPreparedListener (not every time)
- then goes to setOnCompletionListener with out any sound.
Any suggestions about what went wrong is highly appreciated.
mediaPlayer?.apply {
if(isPlaying){
return
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
var builder = AudioAttributes.Builder()
builder.setContentType(AudioAttributes.CONTENT_TYPE_MUSIC)
builder.setLegacyStreamType(AudioManager.STREAM_MUSIC)
setAudioAttributes(builder.build())
}
setOnBufferingUpdateListener(this#WordHomeVM)
setOnCompletionListener(this#WordHomeVM)
setDataSource(urlString)
setOnPreparedListener { mPlayer ->
if (!isPlaying) {
start()
}
}
prepareAsync()
}
and Here is the only relevant log I get.
2018-12-04 13:22:58.241 5772-5911/ E/MediaPlayerNative: error (1, -2147483648)
2018-12-04 13:22:58.247 5772-5772/E/MediaPlayer: Error (1,-2147483648)
You may meet media player error when playing http live streaming on Android 9 (API 28)
2019-05-14 19:05:31.671 9198-9214/com.xxx.sample E/MediaPlayerNative: error (1, -2147483648)
2019-05-14 19:05:31.672 9198-9198/com.xxx.sample E/MediaPlayer: Error (1,-2147483648)
https://developer.android.com/training/articles/security-config?hl=en-us
The default configuration for apps targeting Android 9 (API level 28) and higher is as follows:
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
The default configuration for apps targeting Android 7.0 (API level 24) to Android 8.1 (API level 27) is as follows:
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
The default configuration for apps targeting Android 6.0 (API level 23) and lower is as follows:
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</base-config>
So if you want to play http live straming on API 28, you should change your network configuration.
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
</base-config>
</network-security-config>
<application
android:label="#string/app_name"
android:usesCleartextTraffic="true"
android:networkSecurityConfig="#xml/network_security_config">
</application>
Ahh.. I found out the reason after spending quite a bit of time.
The problem was, starting with Android 9.0 (API level 28), cleartext http traffic support is disabled by default.
and this code lab helped.