On Feb 14, 2013, at 3:20 PM, Nikola <[email protected]> wrote:
> This is not what I want to achieve. What am I trying to do here is, I
> believe, "officially" called Mutual SSL authentication.
...
> I am pretty sure you are already familiar with how the SSL handshake works
> :), I just want to be absolutely positive we are on the same page here.
This is very helpful context. Thank you. :-)
I'm not nearly as familiar with SSL as would be handy at times like this...
> With that in mind, I'll try to rephrase the problem again. To complete the
> SSL handshake, it is necessary to encypt some random piece of data with
> client's private key. The private key used for the encryption is normally
> stored in X509Certificate2.PrivateKey property - when using such
> X509Certificate2 with HttpWebRequest, the SSL handshake completes
> successfully and everything is great.
>
> On Android, my app uses the KeyChain to get its hands on the certificate and
> private key.
Obvious question: Why do you need to use the KeyChain API? Why not just include
your client certificate in your app and then use it?
That aside...
> Now, to be able to use .NET HTTP stack and Mutual SSL authentication, I have
> to create an X509Certificate2 instance and set it up with a private key from
> the KeyChain. To do that, I have to convert that key to raw bytes, which is
> no longer possible with Android 4.1 (my original post).
I believe that this behavior isn't a Mono for Android bug, but an Android
change (as per your description, behavior is dependent upon the Android
version). Which is known; the question thus becomes how to workaround Android's
breakage.
Related: We DID have a bug in KeyStore.Load() handling (no bug number), in
which a NullReferenceException would be thrown when calling KeyStore.Load(null,
null). This should be fixed in 4.4.x (not sure exact fix date). However, I
don't think you're hitting this, as the stack trace you provided doesn't match
the one in the commit message...
Related 2: your earlier reported exception that smells like a bug, but I can't
repro it (and thus would love one):
> {System.NullReferenceException: Object reference not set to an instance of
> an object
> at Android.Runtime.JNIEnv.CallObjectMethod (IntPtr jobject,
> IntPtrjmethod)
> at Java.Net.URLConnection.get_InputStream ()
> ...
By any chance is your code using multiple threads?
> It is not that simple to provide you with a complete sample - generally
> spekaing, to reproduce this, there needs to be a complete environment with
> HTTPS server requiring client certificates as a part of SSL handshake and any
> Android 4.1 device with the proper client certificate installed.
<groan>
> If you think it would help to resolve this, I can prepare such an environment
> relatively quickly.
Unfortunately it looks like it's not possible to reproduce the problem without
the corresponding environment. With reference to an earlier message about using
JNIEnv to invoke the private Android methods, I could provide you that code,
but I'd have no way to test it to see that it actually works.
I'll provide that code in a bit; if that doesn't help you, let's see about
getting a full repro...
Thanks,
- Jon
_______________________________________________
Monodroid mailing list
[email protected]
UNSUBSCRIBE INFORMATION:
http://lists.ximian.com/mailman/listinfo/monodroid
