Re: [rabbitmq-users] Android app create TLS connection with RabbitMQ error

[Michael Klishin]

Please post full exception traces and server logs, we won't be able to suggest anything

specific with the amount of information provided.

There is a TLS troubleshooting guide that uses openssl CLI tools to help you narrow down the problem:

http://www.rabbitmq.com/troubleshooting-ssl.html

On Fri, Jun 9, 2017 at 12:10 PM, QQ <d980...@gmail.com> wrote:

The following is my source code ,
The error message is SSL handshake aborted, I/O error during system
connection is reset by peer...
Can Anybody tell me what's going on?

/***************begin*********************/
package com.example.rabbitmqtls;

import android.support.v7.app.ActionBarActivity;
import android.support.v7.app.ActionBar;
import android.support.v4.app.Fragment;
import android.os.Bundle;
import android.util.Log;
import android.view.LayoutInflater;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.view.ViewGroup;
import android.os.Build;
import java.io.*;
import java.net.InetSocketAddress;
import java.security.*;
import java.security.cert.CertificateException;
import java.util.Properties;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.*;
import com.rabbitmq.client.*;

public class MainActivity extends ActionBarActivity {

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    if (savedInstanceState == null) {
        getSupportFragmentManager().beginTransaction()
                .add(R.id.container, new 
 PlaceholderFragment()).commit();
    }
    Thread thread =  new Thread()
    {
        @Override
            public void run(){
            char[] keyPassphrase = "MySecretPassword".toCharArray();
            KeyStore ks = null;
            try {
            ks = KeyStore.getInstance("PKCS12");
            ks.load(new FileInputStream("/sdcard2/keycert.p12"), keyPassphrase);

            KeyManagerFactory kmf =  KeyManagerFactory.getInstance("X509");
            kmf.init(ks, keyPassphrase);

            char[] trustPassphrase = "MySecretPassword".toCharArray();              
            KeyStore tks =  KeyStore.getInstance("BKS");
            tks.load(new FileInputStream("/sdcard2/clienttruststore.bks"), trustPassphrase);
            TrustManagerFactory tmf =  TrustManagerFactory.getInstance("X509");
            tmf.init(tks);

            SSLContext c = SSLContext.getInstance("TLS");
            c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

            ConnectionFactory factory = new ConnectionFactory();
            factory.setHost("192.168.10.1");
            factory.setPort(5671);        
            factory.setVirtualHost("/");
            factory.setUsername("admin");
            factory.setPassword("123456");
            factory.useSslProtocol(c);
            Connection conn = factory.newConnection();
            Channel channel = conn.createChannel();
         channel.queueDeclare("rabbitmq-java-test", false, true, true, null);

            channel.basicPublish("", "rabbitmq-java-test", null, "Hello, World".getBytes());


            GetResponse chResponse = null;
                chResponse = channel.basicGet("rabbitmq-java-test", false);

            if(chResponse == null) {
                System.out.println("No message retrieved");
            } else {
                byte[] body = chResponse.getBody();
                System.out.println("Recieved: " + new String(body));
            }
            System.out.println("message 8");
            System.out.println("## message retrieved");
            System.out.println("## message retrieved");
            }catch(IOException e){
                e.printStackTrace();
                //e.getCause().getMessage();
                Log.i("test","IO error message");
            } catch (NoSuchAlgorithmException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();Log.i("test","message4");
            } catch (KeyStoreException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();Log.i("test","message5");
            } catch (CertificateException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();Log.i("test","message6");
            } catch (UnrecoverableKeyException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();Log.i("test","message7");
            } catch (KeyManagementException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();Log.i("test","message8");
            } catch (TimeoutException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }

        }             
    };    
    thread.start();     
}

@Override
public boolean onCreateOptionsMenu(Menu menu) {

    // Inflate the menu; this adds items to the action bar if it is present.
    getMenuInflater().inflate(R.menu.main, menu);
    return true;
}

@Override
public boolean onOptionsItemSelected(MenuItem item) {
    // Handle action bar item clicks here. The action bar will
    // automatically handle clicks on the Home/Up button, so long
    // as you specify a parent activity in AndroidManifest.xml.
    int id = item.getItemId();
    if (id == R.id.action_settings) {
        return true;
    }
    return super.onOptionsItemSelected(item);
}

/**
 * A placeholder fragment containing a simple view.
 */
public static class PlaceholderFragment extends Fragment {

    public PlaceholderFragment() {
    }

    @Override
    public View onCreateView(LayoutInflater inflater, ViewGroup container,
            Bundle savedInstanceState) {
        View rootView = inflater.inflate(R.layout.fragment_main, container,
                false);
        return rootView;
    }
}
} //********************End*******************//
I create the certificate according to RabbitMQ intro. It works in pure Java version. However, Android cannot read .JKS file, I reconstruct a .BKS truststore. Really need your help.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

[Michael Klishin]

"Connection reset by peer" means the server closed TCP connection. See server

logs and logs/settings of any intermediaries (proxies, load balancers) that may be involved.

Android seems to base its TLS implementation on OpenSSL, which is not the case

for JDK but 90% of TLS issues reported on this list come down to certificates not being trusted or bundled

correctly, not TLS implementation incompatibilities.

On Sun, Jun 11, 2017 at 4:17 PM, 文彬 <d980...@gmail.com> wrote:

Dear Michael,

  The full error message is as the attached.

   I can't find the answer in the link.

  I have validated the certificates, they 

  can build ask connection successfully.

  I have stocked in this question for a few days.

  I have no idea what's difference in Java and Android.

  (The past experiences in Sslsocket is cert format...I also try it)

To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

MK

Staff Software Engineer, Pivotal/RabbitMQ

--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/sRtx8PdZVTs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Klishin]

This list is not about Android development and most members of this list

don't practice Android development.

If you can post a set of keys that reproduces the problem with tls-gen [1], a Wireshark traffic capture

and/or server logs, possibly we can help you narrow down the problem.

1. http://github.com/michaelklishin/tls-gen

On Sun, Jun 11, 2017 at 5:14 PM, 文彬 <d980...@gmail.com> wrote:

Dear  MK,

          I really appreciate your immediate reply.

          I thought the problems of certificates for many days.

          Besides, I try to convert truststore from JKS to BKS and so on.

          Everything learned from Sslsocket  in Android, I have tried.    

          However, I can't conquer it.

          I also try a Java app and Android apk at the same time.

          The Java app will work, thus I exclude the question in the server side.

          

          I attached my Android source project and certificates (created according to this link https://www.rabbitmq.com/ssl.html) (pls modified . to  .zip, and password is 123456)

         I know it's impolite. But... could you taught me how to resolve it?

         Could you tell me how to build a TLS connection between Android and RabbitMQ.

         If it's the problem of certificates, please tell me what's wrong in my steps.

         I will really appreciate your help.

Sincerely yours.