ArcGIS maps doesn't display when I use the network-security-confing in manifest

cesarcercadillo · ‎04-21-2021

Hello,

I'm developing and Android app that use arcgis runtime api for Android for displaying a map, as indicated here:

https://developers.arcgis.com/android/maps-2d/tutorials/display-a-map/

The map is displaying with no problems until y I have changed the network security configuration for the project. Since the app need to access and endpoint (not relationed with arcgis,) I need to set the following configuration in the network-security-config file:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <domain-config>
        <domain includeSubdomains="true">devsmart.devsa-ibl-inetum.services</domain>
        <domain includeSubdomains="true">pre-arwa-fe-01.sma.conselldemallorca.net</domain>
         <domain includeSubdomains="true">prvwww.mallorca.es</domain>
        <trust-anchors>
            <certificates src="@raw/devsmart_devsa_ibl_inetum"/>
            <certificates src="@raw/prvwww_mallorca_es"/>
             <certificates src="system"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

The thing is that If i use this file (the network configuration), then the arcgis map doesn't display. It appears like a white screen. There ins't any log error in logcat. If I remove the network configuration, the maps displays ok.

How can I get arcgis map to work, having a network security file in the project? Is necessary include a domain for argcis in this file?

Thanks

XuemingWu · ‎04-28-2021

Hello,

Thank you for bringing this to our notice. It is a known issue in our SDK when the network security config contains one or more domain-config elements, the platform certificate verification fails with CertificateException and causes the map fails to load. We will address this issue.

At the meantime, if you remove the domain-config elements from the network security config, the map loads. If your intention of using the domain-config elements is to trust self-signed certificates you can use this API AuthenticationManager.setSelfSignedCertificateListener instead of the domain-config elements. The following code snippet shows an example.

            AuthenticationManager.setSelfSignedCertificateListener(SelfSignedCertificateListener { chains, s ->
            try {
                chains[0].checkValidity()
                if (chains[0].issuerDN.name == "xxx") {
                    return@SelfSignedCertificateListener SelfSignedResponse(true, true)
                }
            } catch (cee: CertificateExpiredException) {
            } catch (cnyve: CertificateNotYetValidException) {
            }
            null
        })

YoussefMAHERZI · ‎03-17-2023

Hello,

We're facing here the same problem but our configuration doesn't need ssl verification instead allowing http traffic on specific addresses :

<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain>192.168.24.1</domain>      
        <domain>127.0.0.1</domain>
    </domain-config>
</network-security-config>

How can we achieve this and use Arcgis map without allowing http traffic for everything ?

Thank you,