Android webview ssl 相互认证握手问题

Question

I am trying to test ssl mutual certification of android webview. I setup an environment as below and tested via PC web browser, everything is OK. But I met the signature related issue during android webview test. Can anybody help analyze which part of my test could be the cause?

The test environment:

1. Android SDK 5.1 (since client certificate event callback API is opened since 5.0)
2. tomcat 8.0 https server, the type of server keystore is jks.
3. client keystore type is PKCS12, Both client private key and ca trust certificate(self-signed) are save in it.

I customize WebviewClient which code is shown below.

    public class SSLWebViewClient extends WebViewClient {
        private X509Certificate[] certificatesChain;  
        private PrivateKey clientCertPrivateKey;

        private InputStream certfile_p12;
        private String certfile_password = "";
        private Context context;

        public SSLWebViewClient(Context context) throws Exception {
            super();
            this.context = context;
            initPrivateKeyAndX509Certificate();
        }  

        private void initPrivateKeyAndX509Certificate() throws Exception {  
            KeyStore keyStore;

            certfile_password = "123456";
            certfile_p12 = context.getResources().getAssets().open("client.p12");
            keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(certfile_p12, certfile_password.toCharArray());
            clientCertPrivateKey = (PrivateKey) keyStore.getKey("client", certfile_password.toCharArray());
            certificatesChain = new X509Certificate[1];
            certificatesChain[0] = (X509Certificate)keyStore.getCertificate("server");
        }

        @Override
        public void onReceivedClientCertRequest(WebView view, ClientCertRequest handler) {
            if((null != clientCertPrivateKey) && ((null!=certificatesChain) && (certificatesChain.length !=0))){  
                handler.proceed(this.clientCertPrivateKey, this.certificatesChain);   
            }else{  
                handler.cancel();  
            }         
        }


        @Override
        public boolean shouldOverrideUrlLoading(WebView view, String url) {
            view.loadUrl(url);
            return true;
        }

        @Override  
        public void onReceivedSslError(final WebView view, SslErrorHandler handler,  
                SslError error) {         
            handler.proceed();    
        }

    }

The handshake procedure I captured by ssldump is as follows.

2 1  0.0094 (0.0094)  C>S  Handshake      ClientHello
2 2  0.0369 (0.0274)  S>C  Handshake      ServerHello
    Certificate
    ServerKeyExchange
    CertificateRequest
Not enough data. Found 266 bytes (expecting 32767)
    ServerHelloDone
2    0.1244 (0.0874)  C>S  TCP FIN
2    0.1247 (0.0003)  S>C  TCP FIN
New TCP connection #3: 222.130.170.32(17617) <-> worknode(8443)
3 1  0.0074 (0.0074)  C>S  Handshake      ClientHello
3 2  0.0373 (0.0299)  S>C  Handshake      ServerHello
    Certificate
    ServerKeyExchange
    CertificateRequest
Not enough data. Found 266 bytes (expecting 32767)
    ServerHelloDone
3 3  0.1089 (0.0715)  C>S  Handshake      Certificate
3 4  0.1089 (0.0000)  C>S  Handshake      ClientKeyExchange
3 5  0.1089 (0.0000)  C>S  Handshake      CertificateVerify
Not enough data. Found 258 bytes (expecting 16384)
3 6  0.1089 (0.0000)  C>S  ChangeCipherSpec
3 7  0.1089 (0.0000)  C>S  Handshake
3 8  0.1514 (0.0424)  S>C  Alert          fatal          bad_certificate
3    0.1514 (0.0000)  S>C  TCP FIN
3    0.3448 (0.1933)  C>S  TCP FIN

I notice that there are twice of ClientHello exists. From the tomcat log, I find the first round of handshake is ended at

*** ServerHelloDone
http-nio-8443-exec-2, WRITE: TLSv1.2 Handshake, length = 1683
http-nio-8443-exec-4, called closeOutbound()
http-nio-8443-exec-4, closeOutboundInternal()
http-nio-8443-exec-4, SEND TLSv1.2 ALERT:  warning, description = close_notify
http-nio-8443-exec-4, WRITE: TLSv1.2 Alert, length = 2

The second round handshake is ended at

*** CertificateVerify
Signature Algorithm SHA512withRSA
http-nio-8443-exec-6, fatal error: 42: certificate verify message signature error
javax.net.ssl.SSLHandshakeException: certificate verify message signature error
%% Invalidated:  [Session-29, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
http-nio-8443-exec-6, SEND TLSv1.2 ALERT:  fatal, description = bad_certificate
http-nio-8443-exec-6, WRITE: TLSv1.2 Alert, length = 2
http-nio-8443-exec-6, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: certificate verify message signature error

The detailed log of tomcat is posted on the link below. https://raw.githubusercontent.com/watanuoli/ssllog/master/README.md

Answer 1

Well its about 5 years old but I had the same issue.

This line is important:

%% Invalidated:  [Session-29, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]

Whereat TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA is a ciphre !

This line means that the cipher has been invalidated by an server internal decision!

So the request is incomming from the browser to the server, the certificates are shared and the server decide - no matter if the certificate is valid, no matter if the chain-of-trust is valid no matter if access is granted or not, to reject the connection because the cipher has been invalidated by the server's internal configuration.

In order to allow this chiphre to be valid for data-transfer, add this chiphre to the allowed ciphers in the server's configuration.

For Apache Tomcat you have to edit the server.xml . The xml-node Server->Service->Connector(usually port 443)->SSLHostConfig has a xml-attribute called ciphers , add your invalidated cipher to this xml-attribute (,-seperated).

I guess you have to restart the server then.