android-play-safetynet
android-play-safetynet copied to clipboard
Trust Manager checkServerTrusted failed
Hi,
So I'm currently implementing the OfflineVerify based on Sample provided. But I face an exception on jws.verifySignature()
step. After some debugging (copying the verification implementation), the exception become more specific: Domain specific configurations require that hostname aware heckServerTrusted(X509Certificate[], String, String) is used
Based on that it seems the error is related with network-security-config.xml that is used by my app, removing it fixing the error. But I still need to use the config, so any idea what changes on the config to fix this? Here's the one I use (changed the domain name)
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="system" />
<certificates src="user" />
</trust-anchors>
</debug-overrides>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">google.com</domain>
<domain includeSubdomains="true">example.com</domain>
</domain-config>
</network-security-config>
Any help appreciated
Did you ever figure that issue?