Authentication SSL/TLS; Custom CA root certificates for Android #9
Description
Я реализую простое приложение на android и пытаюсь использовать grpc потоковое распознавания. Но возникла проблема при использовании SSL/TLS.
На примерах из официальной документации (https://grpc.io/docs/guides/auth/) я попытался настроит SSLSocketFactory для OkHttpChannelBuilder
private fun getManagedChannel(): ManagedChannel {
val metadata = Metadata()
metadata.put(AUTHORIZATION_HEADER, "Bearer $IAM_TOKEN")
val attachHeadersInterceptor = MetadataUtils.newAttachHeadersInterceptor(metadata)
val builder = OkHttpChannelBuilder.forAddress(BASE_URL, PORT)
.intercept(attachHeadersInterceptor)
try {
builder.sslSocketFactory(
newSslSocketFactoryForCa(
Platform.get().provider,
File("roots.pem")
)
)
} catch (exc: Exception) {
exc.printStackTrace()
}
return builder.build()
}
@Throws(Exception::class)
fun newSslSocketFactoryForCa(provider: Provider, certChainFile: File): SSLSocketFactory {
val ks = KeyStore.getInstance(KeyStore.getDefaultType())
ks.load(null, null)
val cf = CertificateFactory.getInstance("X.509")
val bufferedInputStream = BufferedInputStream(FileInputStream(certChainFile))
try {
val cert = cf.generateCertificate(bufferedInputStream) as X509Certificate
val principal = cert.subjectX500Principal
ks.setCertificateEntry(principal.getName("RFC2253"), cert)
} finally {
bufferedInputStream.close()
}
// Set up trust manager factory to use our key store.
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
trustManagerFactory.init(ks)
val context = SSLContext.getInstance("TLS", provider)
context.init(null, trustManagerFactory.trustManagers, null)
return context.socketFactory
}
Но падает ошибка
2020-11-11 14:36:06.328 17495-17495/ru.android.thread_asr_tinkoff W/System.err: java.security.cert.CertificateException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.329 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:280)
2020-11-11 14:36:06.329 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:366)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.example.asryandex.AsrYandex.newSslSocketFactoryForCa(AsrYandex.kt:84)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.example.asryandex.AsrYandex.getManagedChannel(AsrYandex.kt:66)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.example.asryandex.AsrYandex.<init>(AsrYandex.kt:54)
2020-11-11 14:36:06.330 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at ru.android.thread_asr_tinkoff.VoiceRecognition.<init>(VoiceRecognition.kt:38)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at ru.android.thread_asr_tinkoff.MainActivity.initPhraseDetector(MainActivity.kt:33)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at ru.android.thread_asr_tinkoff.MainActivity.onRequestPermissionsResult(MainActivity.kt:40)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.Activity.dispatchRequestPermissionsResult(Activity.java:7616)
2020-11-11 14:36:06.331 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.Activity.dispatchActivityResult(Activity.java:7466)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.ActivityThread.deliverResults(ActivityThread.java:4354)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.ActivityThread.handleSendResult(ActivityThread.java:4403)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.servertransaction.ActivityResultItem.execute(ActivityResultItem.java:49)
2020-11-11 14:36:06.332 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:108)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:68)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1809)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.os.Handler.dispatchMessage(Handler.java:106)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.os.Looper.loop(Looper.java:193)
2020-11-11 14:36:06.333 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at android.app.ActivityThread.main(ActivityThread.java:6680)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at java.lang.reflect.Method.invoke(Native Method)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
2020-11-11 14:36:06.334 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:121)
2020-11-11 14:36:06.335 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:278)
2020-11-11 14:36:06.336 17495-17495/ru.android.thread_asr_tinkoff W/System.err: ... 21 more
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: com.android.org.conscrypt.OpenSSLX509CertificateFactory$ParsingException: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509Certificate.fromX509DerInputStream(OpenSSLX509Certificate.java:103)
2020-11-11 14:36:06.337 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509DerInputStream(OpenSSLX509CertificateFactory.java:232)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509DerInputStream(OpenSSLX509CertificateFactory.java:222)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:112)
2020-11-11 14:36:06.338 17495-17495/ru.android.thread_asr_tinkoff W/System.err: ... 22 more
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: Caused by: java.lang.RuntimeException: error:0c0000be:ASN.1 encoding routines:OPENSSL_internal:WRONG_TAG
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.NativeCrypto.d2i_X509_bio(Native Method)
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: at com.android.org.conscrypt.OpenSSLX509Certificate.fromX509DerInputStream(OpenSSLX509Certificate.java:97)
2020-11-11 14:36:06.339 17495-17495/ru.android.thread_asr_tinkoff W/System.err: ... 25 more
Может вы сможете мне помочь или направить в какую сторону мне копать по использованию grpc потокового распознавания в Android?
Примеры в вашей документации реализованы на node.js и python, причем в примере на python файл roots.pem не используется. Пример на node.js у меня завелся.