Reputation: 142
No System TLS on Android after using Bouncy Castle
I'm using Bouncy Castle Security Provider for encryption/decryption. I also make sure to remove the BC provider after every Bouncy castle call. Here's the BC code:
public static boolean pubVerifySign(
String pKey, String sSignature, String sChallenge) throws UnsupportedEncodingException{
BouncyCastleProvider bcp = initSecuritySubsystem();
boolean bOutput = false;
try{
ECPublicKey ecPublicKey =
getPublicKeyForBytes(Hex.decode(pKey));
bOutput =
pubVerifySign(ecPublicKey,
sSignature, sChallenge);
}finally{
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
return bOutput;
}
However, right after the code. However, whenever I try to use URL.openConnection or any other Http library, I get the following error: No System TLS:
cz.msebera.android.httpclient.ssl.SSLInitializationException: java.security.KeyStoreException: java.security.NoSuchAlgorithmException: KeyStore BKS implementation not found
at cz.msebera.android.httpclient.ssl.SSLContexts.createDefault(SSLContexts.java:57)
at cz.msebera.android.httpclient.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:978)
at cz.msebera.android.httpclient.impl.client.HttpClients.createDefault(HttpClients.java:56)
at org.nebucoin.user.utils.URLUtils.getHttp(URLUtils.java:63)Caused by: java.security.KeyManagementException: java.security.KeyStoreException: java.security.NoSuchAlgorithmException: KeyStore BKS implementation not found
at org.conscrypt.SSLParametersImpl.createDefaultX509KeyManager(SSLParametersImpl.java:534)
at org.conscrypt.SSLParametersImpl.getDefaultX509KeyManager(SSLParametersImpl.java:515)
at org.conscrypt.SSLParametersImpl.<init>(SSLParametersImpl.java:126)
at org.conscrypt.OpenSSLContextImpl.engineInit(OpenSSLContextImpl.java:104)
at javax.net.ssl.SSLContext.init(SSLContext.java:349)
at cz.msebera.android.httpclient.ssl.SSLContexts.createDefault(SSLContexts.java:52)
I've tried countless other Http Android Libraries (OkHTTP, Apache HTTP Client, etc), still getting the same error. I even added conscypt official Android Library to the project, and setting Conscrypt as the 1st Provider like this:
Security.insertProviderAt(Conscrypt.newProvider(), 1);
without any luck.
Any idea would be welcome!
NB: When I use URL.openConnection before BC/based pubVerifySign, everything goes just fine!
Upvotes: 1
Views: 1164
Answers (1)
Reputation: 13458
BouncyCastle has two providers, you likely need to remove both.
Security.insertProviderAt(BouncyCastleProvider(), 1)
Security.insertProviderAt(BouncyCastleJsseProvider(), 2)
If the JSSE provider remains then it will fail when it doesn't find the keystore it expects.
Upvotes: 1
Related Questions
- How Do You Configure BouncyCastle For Mac OSX Maverick
- Runtime configuration of SSL/TLS http client on Android with client authentication
- TLS version 1.2 Java1.6 BouncyCastle Internal TLS error
- Android - SSL/TLS and ECC (Elliptic curve cryptography)
- SSL on Android (via BouncyCastle)
- Android to server communication using SSL with Bouncy Castle
- Sporadicall errors with SSL pinning
- Unable to generate certificate request on android through bouncycastle library
- BouncyCastle version and SSL certificate acceptance
- "Not trusted Server Certificate" in Android 2.2 but not 3.0