https://kotlinlang.org logo
Join Slack
Powered by
Hi. I'm going to use ktor to build an android appl...
# android
c
Hi. I'm going to use ktor to build an android application that serves https server. The problem is that how can I generate(or get) bks keystore that has trustful certificate. When I use self-signed certificate, the browser notifies that certificate is not trustful. But If I'm going to trustful certificate from a bks keystore, then sslConnector crashes app because of null alias.
u
Let me ask why do you want to use HTTPS instead of just HTTP? or, why is an issue if the browser reports your self signed certificate as not trusted?
c
Because HTTPS is safer than HTTP even the the serve is working on only the Android device.
If certificate is not trusted, Browser like Google Chrome shows warning page first. So user should proceed browsing manually
Like this
And in some environments, user can't move to the page even if user tries to proceed manually.
u
I’m aware, my question is not the theory behind the decision, but rather why do you personally want to do it this way? If this is something you are planning on releasing publicly, then it makes a lot of sense to have a trusted CA sign the certificate, but if you are just doing this for personal use (or close friends and family) a self signed certificate is fine.
c
Yes, of course it's not personal
Anyway can you let me know the solution if you know about that?
My question is not also the theory, focus on solution for generating and serving trust certificate in BKS type.
u
c
Great Thanks I will try this way.
u
My asking the questions is because I feel that your question is a case of the XY Problem, you present a proposed solution rather than a question. It makes coming up with an answer very difficult, because it is possible that your proposed solution won’t work (not saying that it won’t, just it is possible that it won’t, we don’t know your thought process that led to the proposed solution).
c
I see. Sorry about that. Will make question more clear. 👍
Hi @undermark5, I tried this. But it occurs the same error.
Whatever I try to use trustful cert from bks keystore, then ktor always shows this error. Even the alias name is correct.
For example, I also tried to import the self-signed cert as trustful cert into a new keystore. But even if the cert works in ktor side when it's self-signed cert in the bks keystore, but it doesn't work in ktor side when I import the cert as trustful cert.
Is it not possible in ktor for Android yet?
u
Could you provide some code snippets of where you are initializing Ktor for HTTPS?
c
Copy code
@OptIn(InternalAPI::class)
private fun <TEngine : ApplicationEngine, TConfiguration : ApplicationEngine.Configuration>
        CoroutineScope.embeddedServer(
    factory: ApplicationEngineFactory<TEngine, TConfiguration>,
    module: Application.() -> Unit
): TEngine {
    val environment = applicationEngineEnvironment {
        this.parentCoroutineContext = coroutineContext + parentCoroutineContext
        this.log = logger
        this.module(module)

        connector {
            port = HTTP_PORT
        }

        sslConnector(
            sslCredentials.getKeyStore(),
            keyAlias = sslCredentials.getKeyAlias(),
            {sslCredentials.getAliasPassword().toCharArray()},
            {sslCredentials.getAliasPassword().toCharArray()}
        ) {
            this.port = HTTPS_PORT
            this.keyStorePath = sslCredentials.getKeyStoreFile()
        }
    }

    return embeddedServer(factory, environment)
}
u
what is the type of 
sslCredentials
c
Copy code
class DemoSslCredentials(private val fileKeyStore: File) : SslCredentials {

    override fun getKeyStoreFile() = fileKeyStore

    @OptIn(InternalAPI::class)
    override fun getKeyStore(): KeyStore {
        return KeyStore.getInstance(KeyStore.getDefaultType()).apply {
            fileKeyStore.inputStream().use {
                load(it, getKeyPassword().toCharArray())
            }
        }
    }

    override fun getKeyAlias(): String {
        return ALIAS
    }

    override fun getKeyPassword(): String {
        return PASSWORD
    }

    override fun getAliasPassword(): String {
        return PASSWORD
    }

    private companion object {
        const val ALIAS = "alias"
        const val PASSWORD = "123456"
    }
}
Just like this
The server works when I use self signed certificate from bks store.
But when I try to use trustful certificate, it always occurs the runtime error related alias name even the alias name is correct and not null
u
So, the error you are getting isn’t because the alias name is null, but because the call 
connector.keyStore.getCertificateChain
returned a null value meaning that it was unable to find the certificate chain in the keystore, what happens if you try to 
getEntry
before giving the keystore to Ktor?
c
connector.keyStore.getCertificateChain
Is this from ktor source code?
That is from internal source code.
u
regardless, try that. I’m not sure if it will make a difference but it will help rule out some things
If you can’t get the raw entry, then there is something configured incorrectly.
c
I can get entry exactly but connector's self operation for start server doesn't find this. Just only the chain cert.
u
And are you able to get it if you make the same call manually? 
getCertificateChain
?
c
No
It says the cert should have chain with the name
u
That makes it sound like you aren’t putting the proper things into your BKS.
Might also want to check out #ktor
👍 1
c
Thank you always @undermark5
9 Views
Open in Slack
PreviousNext
Powered by