Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Customize KeyStore for HandshakeCertificates

See original GitHub issue

Hello,

I am trying to establish a connection with my server by using two way SSL. For that, I’m using HandshakeCertificates as follow:

val deviceCertificate = keyStore.getCertificate(CERTIFICATE_ALIAS) as X509Certificate
val publicKey = deviceCertificate.publicKey
val privateKey = getKeyStore().getKey(KEY_ALIAS, null) as PrivateKey
val keyPair = KeyPair(publicKey, privateKey)
val heldCertificate = HeldCertificate(keyPair, deviceCertificate)

handshakeBuilder.heldCertificate(heldCertificate)

Which I then set on my OkHttpClient with:

val handshake = handshakeBuilder.build()

clientBuilder.sslSocketFactory(handshake.sslSocketFactory(), handshake.trustManager)

But when I run my app, it crashes with:

java.security.KeyStoreException: java.lang.NullPointerException: Attempt to invoke virtual method 'int java.lang.String.length()' on a null object reference
        at com.android.org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi.engineSetKeyEntry(BcKeyStoreSpi.java:689)
        at java.security.KeyStore.setKeyEntry(KeyStore.java:1179)
        at okhttp3.tls.internal.TlsUtil.newKeyManager(TlsUtil.kt:95)
        at okhttp3.tls.HandshakeCertificates$Builder.build(HandshakeCertificates.kt:175)
        at com.myapp.common.security.data.CommonSecurityProvider$Companion.getSslSocketFactoryConfig(CommonSecurityProvider.kt:112)
        at com.myapp.common.network.di.CommonNetworkModuleKt$commonNetworkModule$1$7.invoke(CommonNetworkModule.kt:64)
        at com.myapp.common.network.di.CommonNetworkModuleKt$commonNetworkModule$1$7.invoke(Unknown Source:4)
        at org.koin.core.instance.InstanceFactory.create(InstanceFactory.kt:50)
        	... 139 more

From my investigation, it could be because OkHttp is using its own KeyStore when building the HandshakeCertificates, while my app is using AndroidKeyStore. Is there a way to customize this? Or am I doing something wrong?

https://github.com/square/okhttp/blob/4c595553fbcbfc316d24a74197aa753dbc05da9f/okhttp-tls/src/main/kotlin/okhttp3/tls/HandshakeCertificates.kt#L175-L176

Issue Analytics

State:
Created 3 years ago
Comments:11 (2 by maintainers)

Top GitHub Comments

2reactions

yschimkecommented, Dec 9, 2020

@MGaetan89 I think I finally understand this enough to attempt a proper fix

This is the terrible workaround I’ve tested with https://gist.github.com/yschimke/4a1eda31c584a64549c790d887f275e0

1reaction

MGaetan89commented, Aug 31, 2020

I’ve just check again with OkHttp 4.8.1, and I still have the same issue.

Top Results From Across the Web

Generating a KeyStore and TrustStore

This section explains how to create a KeyStore using the JKS format as the database format for both the private key, and the...

Adding a custom certificate to an OkHttp Client - Stack Overflow

I am trying to make Android app, where I can get and parse HTML (from site which doesnt have API). I am using...

Creating a keystore configuration for a preexisting keystore file

Alternative Method: To create a keystore by using the wsadmin tool, use the createKeyStore command of the AdminTask object. For more information, see...

Create Keystore Files for CAICCI Secured Connection with TLS

Administrators create keystore files to encrypt the communication between CAICCI and Web Viewer with Transport Layer Security (TLS).

Creating a Custom Keystore with Self-Signed Certificates

Create a new keystore with a self-signed certificate. a. Run the following command, and provide the keystore password (for example, manage) ...