I try to implement pin certificate in Android project using the documentation. I generated SHA-256 pin from some web-site. I set up configuration file:
<network-security-config>
<domain-config>
<domain includeSubdomains="true">livejournal.com</domain>
<pin-set>
<pin digest="SHA-256">QNT9njQO9Lij9JNvWyLRP6cjCJ2bJiPV+t7D9U9aa1Q=</pin>
</pin-set>
</domain-config>
</network-security-config>
In the AndroidManifest.xml I've added it using:
android:networkSecurityConfig="@xml/network_security_config"
I added simple request to the server using HttpsURLConnection
fun connect() {
try {
val mURL = URL("https://www.livejournal.com/")
with(mURL.openConnection() as HttpsURLConnection) {
requestMethod = "GET"
println("Response Code: ${this.responseCode}")
}
} catch (e: Throwable) {
println(e)
}
}
I configured mitmproxy and in the Android phone I set up proxy server. In the result, I see all https request from my browser.
In the mobile app, when I execute first request, I got the error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
But when I execute the same request second time and more I get success result.
Response Code: 200
At the same time, when I disconnect and connect to the network with proxy, I'm again getting error first time, but the next time I'm getting success result.
Why is it happened? What is wrong and how does it work in the Android?