[New] Trust and accept self signed certificate #316

Closed
opened 2020-06-04 01:20:22 +00:00 by opyale · 17 comments
Member

Description - describe the bug / feature / suggestion in brief :

Maybe related to #263

After entering my credentials (username and password) on the LoginActivity and pressing the button "LOGIN" it turns grey and just says "PROCESSING". Nothing is happening afterwards. It just stays grey.

I should probably mention that my gitea server is running on port 3000 without any domain name (only ip adress).

Expected behaviour - describe what should be the expected result :

A successful login.

GitNex version : 2.5.0-dev (Occurs on F-Droid release, too)

Gitea version : 1.11.3

Android version : 7.1.1

Screenshots - if any:

none

Logs - if any :

I/art: Rejecting re-init on previously-failed class java.lang.Class<okhttp3.internal.platform.ConscryptPlatform$configureTrustManager$1>: java.lang.NoClassDefFoundError: Failed resolution of: Lorg/conscrypt/ConscryptHostnameVerifier;
        at okhttp3.internal.platform.android.SocketAdapter okhttp3.internal.platform.android.ConscryptSocketAdapter$Companion.buildIfSupported() (ConscryptSocketAdapter.kt:62)
        at void okhttp3.internal.platform.AndroidPlatform.<init>() (AndroidPlatform.kt:44)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.AndroidPlatform$Companion.buildIfSupported() (AndroidPlatform.kt:212)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.findPlatform() (Platform.kt:212)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.access$findPlatform(okhttp3.internal.platform.Platform$Companion) (Platform.kt:169)
        at void okhttp3.internal.platform.Platform.<clinit>() (Platform.kt:170)
        at void okhttp3.OkHttpClient.<init>(okhttp3.OkHttpClient$Builder) (OkHttpClient.kt:224)
        at okhttp3.OkHttpClient okhttp3.OkHttpClient$Builder.build() (OkHttpClient.kt:1025)
I/art:     at void org.mian.gitnex.clients.RetrofitClient.<init>(java.lang.String, android.content.Context) (RetrofitClient.java:52)
        at org.mian.gitnex.clients.RetrofitClient org.mian.gitnex.clients.RetrofitClient.getInstance(java.lang.String, android.content.Context) (RetrofitClient.java:65)
        at void org.mian.gitnex.activities.LoginActivity.versionCheck(java.lang.String, java.lang.String, java.lang.String, int, java.lang.String, int) (LoginActivity.java:381)
        at void org.mian.gitnex.activities.LoginActivity.login() (LoginActivity.java:301)
        at void org.mian.gitnex.activities.LoginActivity.access$700(org.mian.gitnex.activities.LoginActivity) (LoginActivity.java:47)
        at void org.mian.gitnex.activities.LoginActivity$3.onClick(android.view.View) (LoginActivity.java:175)
        at boolean android.view.View.performClick() (View.java:6312)
        at boolean android.widget.TextView.performClick() (TextView.java:11202)
        at void android.view.View$PerformClick.run() (View.java:23985)
        at void android.os.Handler.handleCallback(android.os.Message) (Handler.java:751)
        at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:95)
        at void android.os.Looper.loop() (Looper.java:154)
        at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6816)
        at java.lang.Object java.lang.reflect.Method.invoke!(java.lang.Object, java.lang.Object[]) (Method.java:-2)
        at void com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run() (ZygoteInit.java:1563)
        at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:1451)
    Caused by: java.lang.ClassNotFoundException: Didn't find class "org.conscrypt.ConscryptHostnameVerifier" on path: DexPathList[[zip file "/data/app/org.mian.gitnex-1/base.apk"],nativeLibraryDirectories=[/data/app/org.mian.gitnex-1/lib/arm, /data/app/org.mian.gitnex-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]
        at java.lang.Class dalvik.system.BaseDexClassLoader.findClass(java.lang.String) (BaseDexClassLoader.java:56)
        at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String, boolean) (ClassLoader.java:380)
        at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) (ClassLoader.java:312)
        at okhttp3.internal.platform.android.SocketAdapter okhttp3.internal.platform.android.ConscryptSocketAdapter$Companion.buildIfSupported() (ConscryptSocketAdapter.kt:62)
        at void okhttp3.internal.platform.AndroidPlatform.<init>() (AndroidPlatform.kt:44)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.AndroidPlatform$Companion.buildIfSupported() (AndroidPlatform.kt:212)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.findPlatform() (Platform.kt:212)
        at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.access$findPlatform(okhttp3.internal.platform.Platform$Companion) (Platform.kt:169)
        at void okhttp3.internal.platform.Platform.<clinit>() (Platform.kt:170)
        at void okhttp3.OkHttpClient.<init>(okhttp3.OkHttpClient$Builder) (OkHttpClient.kt:224)
        at okhttp3.OkHttpClient okhttp3.OkHttpClient$Builder.build() (OkHttpClient.kt:1025)
        at void org.mian.gitnex.clients.RetrofitClient.<init>(java.lang.String, android.content.Context) (RetrofitClient.java:52)
        at org.mian.gitnex.clients.RetrofitClient org.mian.gitnex.clients.RetrofitClient.getInstance(java.lang.String, android.content.Context) (RetrofitClient.java:65)
        at void org.mian.gitnex.activities.LoginActivity.versionCheck(java.lang.String, java.lang.String, java.lang.String, int, java.lang.String, int) (LoginActivity.java:381)
        at void org.mian.gitnex.activities.LoginActivity.login() (LoginActivity.java:301)
        at void org.mian.gitnex.activities.LoginActivity.access$700(org.mian.gitnex.activities.LoginActivity) (LoginActivity.java:47)
        at void org.mian.gitnex.activities.LoginActivity$3.onClick(android.view.View) (LoginActivity.java:175)
        at boolean android.view.View.performClick() (View.java:6312)
        at boolean android.widget.TextView.performClick() (TextView.java:11202)
        at void android.view.View$PerformClick.run() (View.java:23985)
        at void android.os.Handler.handleCallback(android.os.Message) (Handler.java:751)
        at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:95)
        at void android.os.Looper.loop() (Looper.java:154)
        at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6816)
        at java.lang.Object java.lang.reflect.Method.invoke!(java.lang.Object, java.lang.Object[]) (Method.java:-2)
        at void com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run() (ZygoteInit.java:1563)
        at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:1451)
#### Description - describe the bug / feature / suggestion in brief : Maybe related to #263 After entering my credentials (username and password) on the LoginActivity and pressing the button "LOGIN" it turns grey and just says "PROCESSING". Nothing is happening afterwards. It just stays grey. I should probably mention that my gitea server is running on port 3000 without any domain name (only ip adress). #### Expected behaviour - describe what should be the expected result : A successful login. #### GitNex version : 2.5.0-dev (Occurs on F-Droid release, too) #### Gitea version : 1.11.3 #### Android version : 7.1.1 #### Screenshots - if any: none #### Logs - if any : ``` I/art: Rejecting re-init on previously-failed class java.lang.Class<okhttp3.internal.platform.ConscryptPlatform$configureTrustManager$1>: java.lang.NoClassDefFoundError: Failed resolution of: Lorg/conscrypt/ConscryptHostnameVerifier; at okhttp3.internal.platform.android.SocketAdapter okhttp3.internal.platform.android.ConscryptSocketAdapter$Companion.buildIfSupported() (ConscryptSocketAdapter.kt:62) at void okhttp3.internal.platform.AndroidPlatform.<init>() (AndroidPlatform.kt:44) at okhttp3.internal.platform.Platform okhttp3.internal.platform.AndroidPlatform$Companion.buildIfSupported() (AndroidPlatform.kt:212) at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.findPlatform() (Platform.kt:212) at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.access$findPlatform(okhttp3.internal.platform.Platform$Companion) (Platform.kt:169) at void okhttp3.internal.platform.Platform.<clinit>() (Platform.kt:170) at void okhttp3.OkHttpClient.<init>(okhttp3.OkHttpClient$Builder) (OkHttpClient.kt:224) at okhttp3.OkHttpClient okhttp3.OkHttpClient$Builder.build() (OkHttpClient.kt:1025) I/art: at void org.mian.gitnex.clients.RetrofitClient.<init>(java.lang.String, android.content.Context) (RetrofitClient.java:52) at org.mian.gitnex.clients.RetrofitClient org.mian.gitnex.clients.RetrofitClient.getInstance(java.lang.String, android.content.Context) (RetrofitClient.java:65) at void org.mian.gitnex.activities.LoginActivity.versionCheck(java.lang.String, java.lang.String, java.lang.String, int, java.lang.String, int) (LoginActivity.java:381) at void org.mian.gitnex.activities.LoginActivity.login() (LoginActivity.java:301) at void org.mian.gitnex.activities.LoginActivity.access$700(org.mian.gitnex.activities.LoginActivity) (LoginActivity.java:47) at void org.mian.gitnex.activities.LoginActivity$3.onClick(android.view.View) (LoginActivity.java:175) at boolean android.view.View.performClick() (View.java:6312) at boolean android.widget.TextView.performClick() (TextView.java:11202) at void android.view.View$PerformClick.run() (View.java:23985) at void android.os.Handler.handleCallback(android.os.Message) (Handler.java:751) at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:95) at void android.os.Looper.loop() (Looper.java:154) at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6816) at java.lang.Object java.lang.reflect.Method.invoke!(java.lang.Object, java.lang.Object[]) (Method.java:-2) at void com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run() (ZygoteInit.java:1563) at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:1451) Caused by: java.lang.ClassNotFoundException: Didn't find class "org.conscrypt.ConscryptHostnameVerifier" on path: DexPathList[[zip file "/data/app/org.mian.gitnex-1/base.apk"],nativeLibraryDirectories=[/data/app/org.mian.gitnex-1/lib/arm, /data/app/org.mian.gitnex-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]] at java.lang.Class dalvik.system.BaseDexClassLoader.findClass(java.lang.String) (BaseDexClassLoader.java:56) at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String, boolean) (ClassLoader.java:380) at java.lang.Class java.lang.ClassLoader.loadClass(java.lang.String) (ClassLoader.java:312) at okhttp3.internal.platform.android.SocketAdapter okhttp3.internal.platform.android.ConscryptSocketAdapter$Companion.buildIfSupported() (ConscryptSocketAdapter.kt:62) at void okhttp3.internal.platform.AndroidPlatform.<init>() (AndroidPlatform.kt:44) at okhttp3.internal.platform.Platform okhttp3.internal.platform.AndroidPlatform$Companion.buildIfSupported() (AndroidPlatform.kt:212) at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.findPlatform() (Platform.kt:212) at okhttp3.internal.platform.Platform okhttp3.internal.platform.Platform$Companion.access$findPlatform(okhttp3.internal.platform.Platform$Companion) (Platform.kt:169) at void okhttp3.internal.platform.Platform.<clinit>() (Platform.kt:170) at void okhttp3.OkHttpClient.<init>(okhttp3.OkHttpClient$Builder) (OkHttpClient.kt:224) at okhttp3.OkHttpClient okhttp3.OkHttpClient$Builder.build() (OkHttpClient.kt:1025) at void org.mian.gitnex.clients.RetrofitClient.<init>(java.lang.String, android.content.Context) (RetrofitClient.java:52) at org.mian.gitnex.clients.RetrofitClient org.mian.gitnex.clients.RetrofitClient.getInstance(java.lang.String, android.content.Context) (RetrofitClient.java:65) at void org.mian.gitnex.activities.LoginActivity.versionCheck(java.lang.String, java.lang.String, java.lang.String, int, java.lang.String, int) (LoginActivity.java:381) at void org.mian.gitnex.activities.LoginActivity.login() (LoginActivity.java:301) at void org.mian.gitnex.activities.LoginActivity.access$700(org.mian.gitnex.activities.LoginActivity) (LoginActivity.java:47) at void org.mian.gitnex.activities.LoginActivity$3.onClick(android.view.View) (LoginActivity.java:175) at boolean android.view.View.performClick() (View.java:6312) at boolean android.widget.TextView.performClick() (TextView.java:11202) at void android.view.View$PerformClick.run() (View.java:23985) at void android.os.Handler.handleCallback(android.os.Message) (Handler.java:751) at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:95) at void android.os.Looper.loop() (Looper.java:154) at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6816) at java.lang.Object java.lang.reflect.Method.invoke!(java.lang.Object, java.lang.Object[]) (Method.java:-2) at void com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run() (ZygoteInit.java:1563) at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:1451) ```
opyale added this to the 2.5.0 milestone 2020-06-04 01:20:22 +00:00
opyale added the
🎉 Feature
label 2020-06-04 01:20:22 +00:00
Author
Member

This exception does not occur, when adding implementation 'org.conscrypt:conscrypt-android:2.2.1' to gradle.

But now it comes up with another exception:

2020-03-30 14:27:22.187 10949-10949/org.mian.gitnex D/NetworkSecurityConfig: Using Network Security Config from resource network_security_config debugBuild: true
2020-03-30 14:15:57.308 8928-8928/org.mian.gitnex E/onFailure-version: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
This exception does not occur, when adding `implementation 'org.conscrypt:conscrypt-android:2.2.1'` to gradle. But now it comes up with another exception: ``` 2020-03-30 14:27:22.187 10949-10949/org.mian.gitnex D/NetworkSecurityConfig: Using Network Security Config from resource network_security_config debugBuild: true 2020-03-30 14:15:57.308 8928-8928/org.mian.gitnex E/onFailure-version: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. ```
Author
Member

I think the last exception has something to do with my ssl certificate.
Are you able to implement a solution, where the user can manually trust certificates?

I think the last exception has something to do with my ssl certificate. Are you able to implement a solution, where the user can manually trust certificates?
Author
Member

I would suggest using an AlertDialog with the following options:

AlertDialog.Builder builder = new AlertDialog.Builder(this);
builder.setMessage("The current certificate is not secure. Do you want to trust it anyway?");
builder.setNegativeButton("DON'T TRUST", new DialogInterface.OnClickListener() {
    @Override
    public void onClick(DialogInterface dialog, int which) {
        // don't continue; clear all input forms and set button to "login"
    }
})
.setNeutralButton("CANCEL", new DialogInterface.OnClickListener() {
    @Override
    public void onClick(DialogInterface dialog, int which) {
        // don't continue; clear all input forms and set button to "login"
    }
})
.setPositiveButton("TRUST", new DialogInterface.OnClickListener() {
    @Override
    public void onClick(DialogInterface dialog, int which) {

    }
});

builder.show();
I would suggest using an AlertDialog with the following options: ``` AlertDialog.Builder builder = new AlertDialog.Builder(this); builder.setMessage("The current certificate is not secure. Do you want to trust it anyway?"); builder.setNegativeButton("DON'T TRUST", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { // don't continue; clear all input forms and set button to "login" } }) .setNeutralButton("CANCEL", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { // don't continue; clear all input forms and set button to "login" } }) .setPositiveButton("TRUST", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { } }); builder.show(); ```
Member

@anonTree1417 GitNex dont work with self created certificates at the moment ...

... as you already guess :/

@anonTree1417 GitNex dont work with self created certificates at the moment ... ... as you already guess :/
Member

I would say: at first detect and catch this error and show a usefull information to the user would be helpfull ...

and as a feature acepting souch certs ...

I would say: at first detect and catch this error and show a usefull information to the user would be helpfull ... and as a feature acepting souch certs ...
Author
Member

I would love to create a pull request to solve these issues, but unfortunately I am not really familiar with OkHttp and Retrofit.

I would love to create a pull request to solve these issues, but unfortunately I am not really familiar with OkHttp and Retrofit.
Member

If you have time why not try it 👍 :)

If you have time why not try it :+1: :)
Author
Member

I could try to make some changes in a new branch, but i cant promise to get it fully functional.

I could try to make some changes in a new branch, but i cant promise to get it fully functional.
Owner

Thanks @anonTree1417 for opening this issue.

As you guessed already and mentioned by @6543 that it is self signed cert issue. GitNex at current time does not support self signed certs.

We do welcome PRs and you can give it a try.

I am also going to update the issue title and labels.

Thanks @anonTree1417 for opening this issue. As you guessed already and mentioned by @6543 that it is self signed cert issue. GitNex at current time does not support self signed certs. We do welcome PRs and you can give it a try. I am also going to update the issue title and labels.
Author
Member

I will give it a try, but that can take some time.

I will give it a try, but that can take some time.
Owner

No rush, take your time.

No rush, take your time.
Author
Member

@mmarif It's working now. The last thing to do is cleaning everything up.

@mmarif It's working now. The last thing to do is cleaning everything up.
Owner

@anonTree1417 Great work. Hope to see the PR soon. :)

@anonTree1417 Great work. Hope to see the PR soon. :)
Author
Member

@mmarif How do i create a new branch? I dont have any permissions.

@mmarif How do i create a new branch? I dont have any permissions.
Member

@anonTree1417 to create a pull request:

  1. first fork this repo
  2. set this repo as your remote upstream (or add it)
  3. create a branch on your fork with your changes
  4. create a pull
@anonTree1417 to create a pull request: 1. first fork this repo 2. set this repo as your remote upstream (or add it) 3. create a branch on your fork with your changes 4. create a pull
Author
Member

Ok, thank you.

Ok, thank you.
Member

@anonTree1417 if you need more help: https://discord.gg/qphrQ3k you can chat with us on discord

@anonTree1417 if you need more help: https://discord.gg/qphrQ3k you can chat with us on discord
Sign in to join this conversation.
No Milestone
No project
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: gitnex/GitNex#316
No description provided.