Reference library certificates from Android Network Security Configuration?

Question

Starting from Android API level 24 it is possible to define a Network Security Configuration and reference it from the Android Manifest:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
   <application android:networkSecurityConfig="@xml/network_security_config"
                   ... >
      ...
  </application>
</manifest>

Source: https://developer.android.com/training/articles/security-config.html#manifest (accessed 2021-08-10)

I have a use case where a number of CA certificates are included in an Android library that I am using. I would like to restrict my security configuration to these certificates using trust-anchors.

The network security configuration allows this:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config>
        <domain includeSubdomains="true">example.com</domain>
        <trust-anchors>
            <certificates src="@raw/my_ca"/>
        </trust-anchors>
    </domain-config>
</network-security-config>

Source: https://developer.android.com/training/articles/security-config.html#ConfigCustom (accessed 2021-08-10)

But the certificates are located in my Android library and I don't want to duplicate the files. How can I reference the library CA certificates from my apps network security configuration?

Answer 1

CA certificates should be put in the res/raw folder, not in the assets folder, in the library project. This way it is possible to reference the certificates from the app using the library through the network security configuration.

At least everything compiles now. Although, I have not yet verified a fully working setup due to a different issue, see: Combine Network Security Configuration with OkHttp and custom CAs