search

googlesamples / android-play-safetynet

Samples for the Google SafetyNet Attestation API
Apache License 2.0
285 stars 131 forks source link

Trust Manager checkServerTrusted failed #23

Open Xanvial opened 4 years ago

Xanvial commented 4 years ago

Hi, So I'm currently implementing the OfflineVerify based on Sample provided. But I face an exception on jws.verifySignature() step. After some debugging (copying the verification implementation), the exception become more specific: Domain specific configurations require that hostname aware heckServerTrusted(X509Certificate[], String, String) is used

Based on that it seems the error is related with network-security-config.xml that is used by my app, removing it fixing the error. But I still need to use the config, so any idea what changes on the config to fix this? Here's the one I use (changed the domain name)

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <!-- Trust user added CAs while debuggable only -->
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">google.com</domain>
        <domain includeSubdomains="true">example.com</domain>
    </domain-config>
</network-security-config>

Any help appreciated

paulo-raca commented 3 years ago

Did you ever figure that issue?