cloudapi icon indicating copy to clipboard operation
cloudapi copied to clipboard

Published 20 hours ago verified publisher icon yandex-cloud

Authentication SSL/TLS; Custom CA root certificates for Android

Open Elshad1 opened this issue 4 years ago • 0 comments

Я реализую простое приложение на android и пытаюсь использовать grpc потоковое распознавания. Но возникла проблема при использовании SSL/TLS. На примерах из официальной документации (https://grpc.io/docs/guides/auth/) я попытался настроит SSLSocketFactory для OkHttpChannelBuilder

private fun getManagedChannel(): ManagedChannel {
    val metadata = Metadata()
    metadata.put(AUTHORIZATION_HEADER, "Bearer $IAM_TOKEN")
    val attachHeadersInterceptor = MetadataUtils.newAttachHeadersInterceptor(metadata)

    val builder = OkHttpChannelBuilder.forAddress(BASE_URL, PORT)
        .intercept(attachHeadersInterceptor)
    try {
        builder.sslSocketFactory(
            newSslSocketFactoryForCa(
                Platform.get().provider,
                File("roots.pem")
            )
        )
    } catch (exc: Exception) {
        exc.printStackTrace()
    }
    return builder.build()
}

@Throws(Exception::class)
fun newSslSocketFactoryForCa(provider: Provider, certChainFile: File): SSLSocketFactory {
    val ks = KeyStore.getInstance(KeyStore.getDefaultType())
    ks.load(null, null)
    val cf = CertificateFactory.getInstance("X.509")
    val bufferedInputStream = BufferedInputStream(FileInputStream(certChainFile))
    try {
        val cert = cf.generateCertificate(bufferedInputStream) as X509Certificate
        val principal = cert.subjectX500Principal
        ks.setCertificateEntry(principal.getName("RFC2253"), cert)
    } finally {
        bufferedInputStream.close()
    }

    // Set up trust manager factory to use our key store.
    val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
    trustManagerFactory.init(ks)
    val context = SSLContext.getInstance("TLS", provider)
    context.init(null, trustManagerFactory.trustManagers, null)
    return context.socketFactory
}

Но падает ошибка

2020-11-11 14:36:06.328 17495-17495/ru.android.thread_asr_tinkoff W/System.err: java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.329 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:280)
2020-11-11 14:36:06.329 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:366)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.example.asryandex.AsrYandex.newSslSocketFactoryForCa(AsrYandex.kt:84)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.example.asryandex.AsrYandex.getManagedChannel(AsrYandex.kt:66)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.example.asryandex.AsrYandex.<init>(AsrYandex.kt:54)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at ru.android.thread_asr_tinkoff.VoiceRecognition.<init>(VoiceRecognition.kt:38)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at ru.android.thread_asr_tinkoff.MainActivity.initPhraseDetector(MainActivity.kt:33)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at ru.android.thread_asr_tinkoff.MainActivity.onRequestPermissionsResult(MainActivity.kt:40)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.Activity.dispatchRequestPermissionsResult(Activity.java:7616)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.Activity.dispatchActivityResult(Activity.java:7466)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.ActivityThread.deliverResults(ActivityThread.java:4354)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.ActivityThread.handleSendResult(ActivityThread.java:4403)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:49)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1809)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:106)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.os.Looper.loop(Looper.java:193)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:6680)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:121)
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:278)
2020-11-11 14:36:06.336 17495-17495/ru.android.thread_asr_tinkoff W/System.err: 	... 21 more
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509Certificate.fromX509DerInputStream(OpenSSLX509Certificate.java:103)
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509DerInputStream(OpenSSLX509CertificateFactory.java:232)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509DerInputStream(OpenSSLX509CertificateFactory.java:222)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:112)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err: 	... 22 more
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.NativeCrypto.d2i_X509_bio(Native Method)
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err:     at com.android.org.conscrypt.OpenSSLX509Certificate.fromX509DerInputStream(OpenSSLX509Certificate.java:97)
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: 	... 25 more

Может вы сможете мне помочь или направить в какую сторону мне копать по использованию grpc потокового распознавания в Android? Примеры в вашей документации реализованы на node.js и python, причем в примере на python файл roots.pem не используется. Пример на node.js у меня завелся.

Elshad1 avatar Nov 11 '20 09:11 Elshad1