SSLHandshakeException: Handshake failed using PKCS12 .p12 certificate

Question

SSLHandshakeException: Handshake failed using PKCS12 .p12 certificate

I've been trying to get a response from an https site that requires a certificate to access.

I have been given a .p12 file that I can access with the browser. I put that certificate in res/raw as p12_cert.p12

I am not that familiar with android networking, so I also set my network_security_config like this:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
</network-security-config>

This is the code to build the OkHttpClient.


this.context = context;
TrustManager[] trustManagerArrary;
KeyManager[] keyManagerArray;
SSLSocketFactory sslSocketFactory;

try {
    SSLContext sslContext = SSLContext.getInstance("TLS");
    trustManagerArrary = createAndInitTrustManagerFactory();
    keyManagerArray = createAndInitKeyManagerFactory();
    sslContext.init(keyManagerArray, trustManagerArrary, new SecureRandom());
    sslSocketFactory = sslContext.getSocketFactory();
}
catch (Exception e) {
    throw new RuntimeException(e);
}

// Tried all Enabled Ciper Suites and TLS Versions.
ConnectionSpec connectionSpec = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
                .allEnabledCipherSuites()
                .allEnabledTlsVersions()
                .build();

client = new OkHttpClient.Builder()
                .sslSocketFactory(sslSocketFactory, (X509TrustManager) trustManagerArrary[0])
                .connectTimeout(30, TimeUnit.SECONDS)
                .readTimeout(30, TimeUnit.SECONDS)
                .writeTimeout(30, TimeUnit.SECONDS)
                .protocols(Arrays.asList(Protocol.HTTP_1_1))
                .connectionSpecs(Arrays.asList(connectionSpec))
                .build();

Here are the functions for KeyManager + TrustManager

private KeyManager[] createAndInitKeyManagerFactory() throws Exception {
    char [] pw = "password".toCharArray();
    KeyStore ks = KeyStore.getInstance("PKCS12");
    InputStream is = context.getResources().openRawResource(R.raw.p12_cert);
    ks.load(is, pw);
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
    kmf.init(ks, pw);
    KeyManager[] km = kmf.getKeyManagers();
    return km;
}

private TrustManager[] createAndInitTrustManagerFactory() throws Exception {
    char [] pw = "password".toCharArray();
    KeyStore ks = KeyStore.getInstance("PKCS12");
    InputStream is = context.getResources().openRawResource(R.raw.p12_cert);
    ks.load(is, pw);
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
    tmf.init(ks);
    TrustManager[] tm = tmf.getTrustManagers();
    return tm;
}

I get this error that I can't really understand, because I cant figure out what I'm supposed to try next.

javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:288) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:351) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:310) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:178) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:236) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:109) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:77) at okhttp3.internal.connection.Transmitter.newExchange$okhttp(Transmitter.kt:162) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:35) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:82) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:84) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:71) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.kt:184) at okhttp3.RealCall$AsyncCall.run(RealCall.kt:136) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) at java.lang.Thread.run(Thread.java:919) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xebb7bff8: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/tls_record.cc:587 0xc7a75e88:0x00000001) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387) at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226) ... 23 more

java

android

ssl

certificate

asked on Stack Overflow Oct 16, 2019 by

stacks

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0