0
I am trying to replicate an implementation, which is in another language (Golang). In it it is possible to do the following:
client := http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}}
resp, err := client.Get("https://untrusted-root.badssl.com")
if err != nil {
panic(err)
}
for _, c := range resp.TLS.PeerCertificates {
if !c.IsCA {
continue
}
h := sha256.Sum256(c.RawSubjectPublicKeyInfo)
fmt.Println(base64.StdEncoding.EncodeToString(h[:]))
}
Which results in, for example:
sr2tjak7H6QRi8o0fyIXGWdPiU32rDsczcIEAqA+s4g=
What is most important of the code is access to all the certificates, the PeerCertificates is a Slice/array of []X509.Certificate and c.IsCA checks whether it is CA (regardless of whether it is valid or not, in this case).
I tried to do the following:
@Override public void onReceivedSslError(WebView v, final SslErrorHandler sslHandler, SslError err){
byte[] pk = err.getCertificate().getX509Certificate().getPublicKey().getEncoded();
try {
MessageDigest h = MessageDigest.getInstance("SHA-256");
h.update(pk);
Log.i("PK:", Base64.getEncoder().encodeToString(h.digest()));
} catch (Exception e) {
}
But the result is:
9SLklscvzMYj8f+52lp5ze/hY0CFHyLSPQzSpYYIBm8=
This key is last, this is the key of the site itself and not CA.
The SslError seems only to expose a single method of getCertificate(), as provided in https://developer.android.com/reference/android/net/http/SslError#getCertificate(). So how do I get the CA key/certificate?
How do I get the public key (the Subject Public Key Info) of all certificates, or at least only the CA key?