i am constantly monitoring my app errors and I see the following error too many times
javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f0fc28: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0xaa48cd5c:0x00000000)-javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f0fc28: Failure in SSL library, usually a protocol error
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (external/openssl/ssl/s23_clnt.c:741 0xaa48cd5c:0x00000000)
You can see the the error is about SSLV3 and my server support only TLSV1.2.
It seems like that on some clients Volley falls back to use SSLV3 (for some reason) and they get an error.
Users that get this error are on Android 4.4.2, 4.4.4 and 4.1.1 and more.
Interestingly enough I also use DefaultHttpClient in the same application, but it does not seem to report the same issue.
I am using the default HurlStack in Volley
I have seen the following...
Disable SSL as a protocol in HttpsURLConnection
and
https://code.google.com/p/android/issues/detail?id=78187
So what are my options?
Is my assumption correct that Volley falls back to SSLV3?
Why does volley fallback to SSLV3? In other words, what was the original failure that caused the fallback and how to resolve it?
i I downloaded Volley recently, but I am not sure it is the latest. How do I find which version I have?.
Any thoughts?
Your server does well not supporting SSLv3 since it has some security issues and should not be used.
When using Android versions prior to Kitkat you must use a socket factory that removes SSLv3 to be used as default configuration:
public class VolleyToolboxExtension extends Volley {
/** Default on-disk cache directory. */
private static final String DEFAULT_CACHE_DIR = "volley";
/**
* Creates a default instance of the worker pool and calls {#link RequestQueue#start()} on it.
*
* #param context A {#link Context} to use for creating the cache dir.
* #param stack An {#link HttpStack} to use for the network, or null for default.
* #return A started {#link RequestQueue} instance.
*/
public static RequestQueue newRequestQueue(Context context, HttpStack stack) {
File cacheDir = new File(context.getCacheDir(), DEFAULT_CACHE_DIR);
String userAgent = "volley/0";
try {
String packageName = context.getPackageName();
PackageInfo info = context.getPackageManager().getPackageInfo(packageName, 0);
userAgent = packageName + "/" + info.versionCode;
} catch (PackageManager.NameNotFoundException e) {
}
if (stack == null) {
if (Build.VERSION.SDK_INT >= 9) {
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
// Use a socket factory that removes sslv3
stack = new HurlStack(null, new NoSSLv3Compat.NoSSLv3Factory());
} else {
stack = new HurlStack();
}
} else {
// Prior to Gingerbread, HttpUrlConnection was unreliable.
// See: http://android-developers.blogspot.com/2011/09/androids-http-clients.html
stack = new HttpClientStack(AndroidHttpClient.newInstance(userAgent));
}
}
Network network = new BasicNetwork(stack);
RequestQueue queue = new RequestQueue(new DiskBasedCache(cacheDir), network);
queue.start();
return queue;
}
/**
* Creates a default instance of the worker pool and calls {#link RequestQueue#start()} on it.
*
* #param context A {#link Context} to use for creating the cache dir.
* #return A started {#link RequestQueue} instance.
*/
public static RequestQueue newRequestQueue(Context context) {
return newRequestQueue(context, null);
}
}
NoSSLv3Compat class can be found here:
https://github.com/Floens/volley/blob/master/src/com/android/volley/compat/NoSSLv3Compat.java
Use this extension to create your request queue:
/**
* #return The Volley Request queue, the queue will be created if it is null
*/
public RequestQueue getRequestQueue() {
// lazy initialize the request queue, the queue instance will be
// created when it is accessed for the first time
if (mRequestQueue == null) {
// Create the request queue
mRequestQueue = VolleyToolboxExtension.newRequestQueue(getApplicationContext());
}
return mRequestQueue;
}
You could also use Retrofit instead of Volley, since Square released the 2.1 version of this library that supports TLS version configuration:
http://square.github.io/retrofit/
Note that both platform are using HttpClient code below. However the native message handler change depending on device : Android using OKhttp1.5 and IOS NSurlSession which is handle from ModernHttpClient library.
My problem is on the android device, a session is always created on the server each time a request is called and it shouldn't.
However, on the IOS the session remain before the session timeout reach out which help performance.
Is there something i need to do on the android version specially to retain the session cookie ?
Thanks!
private static HttpClient _mobileService = null;
public static HttpClient MobileService
{
get
{
if (_mobileService == null)
{
NativeMessageHandler nmh = new NativeMessageHandler();
_mobileService = new HttpClient(nmh);
}
return _mobileService;
}
set
{
_mobileService = value;
}
}
I have to communicate with the following four RESTServices.
Germany (Default): http://url.com/suggest?query=
Austria http://url.com:82/suggest?query=
Swiss: http://url.com:83/suggest?query=
Spain: http://url.com:84/suggest?query=
Basically I have to call the same RESTService on different TCP-Ports for each Country. When I create a Retrofit-RestAdapter, I have to provide a Endpoint (base-url):
RestAdapter.Builder builder = new RestAdapter.Builder();
ObjectMapper mapper = new ObjectMapper();
builder.setEndpoint("http://url.com");
If I want to access those four RESTServices mentioned above, do I have to create a RestAdapter for each of them? Or is it possible to use only one RestAdapter-instance?
I tried to solve the problem by adding the TCP-Port as part of the RestInterface-annotation, but this does not work:
public interface AutoSuggestRemote {
#GET (":{port}/suggest")
public Response getSuggestions(#Path ("port") Integer httpPort, #Query ("query") String query);
}
I get the following exception in Logcat:
java.lang.IllegalArgumentException: AutoSuggestRemote.getSuggestions: URL path ":{port}/suggest" must start with '/'.
at retrofit.RestMethodInfo.methodError(RestMethodInfo.java:123)
at retrofit.RestMethodInfo.parsePath(RestMethodInfo.java:212)
at retrofit.RestMethodInfo.parseMethodAnnotations(RestMethodInfo.java:165)
at retrofit.RestMethodInfo.init(RestMethodInfo.java:133)
at retrofit.RestAdapter$RestHandler.invokeRequest(RestAdapter.java:294)
at retrofit.RestAdapter$RestHandler.invoke(RestAdapter.java:240)
at $Proxy3.getSuggestions(Native Method)
Therefore my question, if I have to create a RestAdapter-instance for each RESTService, or is there a way to communicat with all four services by using the same RestAdapter-instance.
Retrofit consults the EndPoint class each times it does a request. As previously answered by #JakeWharton in the question Dynamic Paths in Retrofit you could extend the EndPoint class with your own implementation and dynamically set the appropriate port as desired.
Here's the code provided by #JakeWharton modified for your specific purpose.
public final class FooEndpoint implements Endpoint {
private static final String BASE = "http://192.168.1.64:";
private String url;
public void setPort(String port) {
url = BASE + port;
}
#Override public String getName() {
return "default";
}
#Override public String getUrl() {
if (url == null) throw new IllegalStateException("port not set.");
return url;
}
}
You can then use the reference to this FooEndPoint instance to change the port dynamically or once when you initialise.
If you choose to set the port once when initialized then you would simply do this.
FooEndPoint endPoint = new FooEndPoint();
endPoint.setPort(loadPortFromSomeWhere());
RestAdapter.Builder builder = new RestAdapter.Builder();
builder.setEndpoint(endPoint);
This will allow you to use a single RestAdapter with multiple ports.
I got several UIDs like this:
10022, 10011, 1000
Actually I know the user names of them are u0_a22, u0_a11, system.
But the question is, how can I get the user name using UIDs? There is no /etc/passwd file at all.
I wrote a utility class to get the UID/GID name by hardcoding values from android_filesystem_config.h.
Usage:
String uid = AndroidFilesystemConfig.getNameForId(1000);
AndroidFilesystemConfig.java
import android.os.Build;
import android.util.SparseArray;
import java.util.Locale;
/**
* <p>System Users and Groups for the Android platform as specified in
* android_filesystem_config.h.</p>
*
* <p>Last updated: April 20th, 2016</p>
*
* <p><b>Note:</b> Some OEMs may have specific UIDs for other system users not in this class.</p>
*/
public class AndroidFilesystemConfig {
/* first app user */
private static final int AID_APP = 10000;
/* offset for uid ranges for each user */
private static final int AID_USER = 100000;
/* start of gids for apps in each user to share */
private static final int AID_SHARED_GID_START = 50000;
/* end of gids for apps in each user to share */
private static final int AID_SHARED_GID_END = 59999;
private static final SparseArray<String> SYSTEM_IDS = new SparseArray<>();
static {
putSystemId(0, "root"); /* traditional unix root user */
putSystemId(1000, "system"); /* system server */
putSystemId(1001, "radio"); /* telephony subsystem, RIL */
putSystemId(1002, "bluetooth"); /* bluetooth subsystem */
putSystemId(1003, "graphics"); /* graphics devices */
putSystemId(1004, "input"); /* input devices */
putSystemId(1005, "audio"); /* audio devices */
putSystemId(1006, "camera"); /* camera devices */
putSystemId(1007, "log"); /* log devices */
putSystemId(1008, "compass"); /* compass device */
putSystemId(1009, "mount"); /* mountd socket */
putSystemId(1010, "wifi"); /* wifi subsystem */
putSystemId(1011, "adb"); /* android debug bridge (adbd) */
putSystemId(1012, "install"); /* group for installing packages */
putSystemId(1013, "media"); /* mediaserver process */
putSystemId(1014, "dhcp"); /* dhcp client */
putSystemId(1015, "sdcard_rw"); /* external storage write access */
putSystemId(1016, "vpn"); /* vpn system */
putSystemId(1017, "keystore"); /* keystore subsystem */
putSystemId(1018, "usb"); /* USB devices */
putSystemId(1019, "drm"); /* DRM server */
putSystemId(1020, "mdnsr"); /* MulticastDNSResponder (service discovery) */
putSystemId(1021, "gps"); /* GPS daemon */
// 1022 is deprecated and not used.
putSystemId(1023, "media_rw"); /* internal media storage write access */
putSystemId(1024, "mtp"); /* MTP USB driver access */
// 1025 is deprecated and not used.
putSystemId(1026, "drmrpc"); /* group for drm rpc */
putSystemId(1027, "nfc"); /* nfc subsystem */
putSystemId(1028, "sdcard_r"); /* external storage read access */
putSystemId(1029, "clat"); /* clat part of nat464 */
putSystemId(1030, "loop_radio"); /* loop radio devices */
putSystemId(1031, "mediadrm"); /* MediaDrm plugins */
putSystemId(1032, "package_info"); /* access to installed package details */
putSystemId(1033, "sdcard_pics"); /* external storage photos access */
putSystemId(1034, "sdcard_av"); /* external storage audio/video access */
putSystemId(1035, "sdcard_all"); /* access all users external storage */
putSystemId(1036, "logd"); /* log daemon */
putSystemId(1037, "shared_relro"); /* creator of shared GNU RELRO files */
putSystemId(1038, "dbus"); /* dbus-daemon IPC broker process */
putSystemId(1039, "tlsdate"); /* tlsdate unprivileged user */
putSystemId(1040, "mediaex"); /* mediaextractor process */
putSystemId(1041, "audioserver"); /* audioserver process */
putSystemId(1042, "metrics_coll"); /* metrics_collector process */
putSystemId(1043, "metricsd"); /* metricsd process */
putSystemId(1044, "webserv"); /* webservd process */
putSystemId(1045, "debuggerd"); /* debuggerd unprivileged user */
putSystemId(1046, "mediacodec"); /* mediacodec process */
putSystemId(1047, "cameraserver"); /* cameraserver process */
putSystemId(1048, "firewall"); /* firewalld process */
putSystemId(1049, "trunks"); /* trunksd process (TPM daemon) */
putSystemId(1050, "nvram"); /* Access-controlled NVRAM */
putSystemId(1051, "dns"); /* DNS resolution daemon (system: netd) */
putSystemId(1052, "dns_tether"); /* DNS resolution daemon (tether: dnsmasq) */
putSystemId(1053, "webview_zygote"); /* WebView zygote process */
putSystemId(1054, "vehicle_network"); /* Vehicle network service */
putSystemId(1055, "media_audio"); /* GID for audio files on internal media storage */
putSystemId(1056, "media_video"); /* GID for video files on internal media storage */
putSystemId(1057, "media_image"); /* GID for image files on internal media storage */
putSystemId(2000, "shell"); /* adb and debug shell user */
putSystemId(2001, "cache"); /* cache access */
putSystemId(2002, "diag"); /* access to diagnostic resources */
/* The range 2900-2999 is reserved for OEMs */
// The 3000 series are intended for use as supplemental group id's only. They indicate
// special Android capabilities that the kernel is aware of.
putSystemId(3001, "net_bt_admin"); /* bluetooth: get any socket */
putSystemId(3002, "net_bt"); /* bluetooth: get sco, rfcomm or l2cap sockets */
putSystemId(3003, "inet"); /* can get AF_INET and AF_INET6 sockets */
putSystemId(3004, "net_raw"); /* can get raw INET sockets */
putSystemId(3005, "net_admin"); /* can configure interfaces and routing tables. */
putSystemId(3006, "net_bw_stats"); /* read bandwidth statistics */
putSystemId(3007, "net_bw_acct"); /* change bandwidth statistics accounting */
putSystemId(3008, "net_bt_stack"); /* bluetooth: access config files */
putSystemId(3009, "readproc"); /* Allow /proc read access */
putSystemId(3010, "wakelock"); /* Allow system wakelock read/write access */
/* The range 5000-5999 is also reserved for OEMs. */
putSystemId(9997, "everybody"); /* shared between all apps in the same profile */
putSystemId(9998, "misc"); /* access to misc storage */
putSystemId(9999, "nobody");
}
private static void putSystemId(int id, String name) {
// Check if the uid exists before adding it so we don't add unsupported ids.
if (android.os.Process.getUidForName(name) != id) {
// Not valid on this system. Most likely due to a lower API.
return;
}
SYSTEM_IDS.put(id, name);
}
/**
* #return An array of system UIDs
*/
public static SparseArray<String> getSystemIds() {
return SYSTEM_IDS;
}
/**
* Returns the UID/GID name assigned to a particular id, or {#code null} if there is none.
*
* #param id
* The UID/GID of a process or file
* #return the name of the UID/GID or {#code null} if the id is unrecognized.
*/
public static String getNameForId(int id) {
String name = SYSTEM_IDS.get(id);
if (name == null) {
if (id >= AID_SHARED_GID_START && id <= AID_SHARED_GID_END) {
name = String.format(Locale.ENGLISH, "all_a%d", id - AID_SHARED_GID_START);
} else {
int appId = id - AID_APP;
int userId = 0;
// loop until we get the correct user id.
// 100000 is the offset for each user.
while (appId > AID_USER) {
appId -= AID_USER;
userId++;
}
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
// u{user_id}_a{app_id} is used on API 17+ for multiple user account support.
name = String.format(Locale.ENGLISH, "u%d_a%d", userId, appId);
} else {
// app_{app_id} is used below API 17.
name = String.format(Locale.ENGLISH, "app_%d", appId);
}
}
}
return name;
}
private AndroidFilesystemConfig() {
throw new AssertionError("no instances");
}
}
Using Reflection:
Inspired by odexide's answer, here is some really ugly reflection I wouldn't advise using that will get the UID/GID name from getpwuid(uid_t):
public static String getNameForUid(int id) {
try {
Class<?> clazz = Class.forName("libcore.io.Libcore");
Field field = clazz.getDeclaredField("os");
if (!field.isAccessible()) {
field.setAccessible(true);
}
Object os = field.get(null);
if (os != null) {
Method getpwuid = os.getClass().getMethod("getpwuid", int.class);
if (getpwuid != null) {
if (!getpwuid.isAccessible()) {
getpwuid.setAccessible(true);
}
Object passwd = getpwuid.invoke(os, id);
if (passwd != null) {
Field pw_name = passwd.getClass().getDeclaredField("pw_name");
if (!pw_name.isAccessible()) {
pw_name.setAccessible(true);
}
return (String) pw_name.get(passwd);
}
}
}
} catch (Exception ignored) {
}
return null;
}
The UIDs are hardcoded for the android implemention of libc (bionic) and also are provided in ranges for apps. android_filesystem_config.h explains the mapping.
You should be able to use the bionic stubs (c++) for getpwuid(uid_t).
For more info on the stubs, see this AOSP documentation.
I've been attempting to develop an android application that can pull information from a CIFS / SMB protocol. I've tried JCIFS and keep getting errors with my eclipse application not being able to read the package (even after I've Javadoc'd it), and my last resort was to get help. Therefore, can anyone offer incite / information on how to do this?
I've tried this : Copy all files from server to Android Device
I've tried this : http://jcifs.samba.org/
I've tried this: http://learn-it-stuff.blogspot.com/2012/01/adding-jcifs-api-to-our-android-java.html
Maybe there is a couple things I'm not understanding at the moment that could be fleshed out.
My snippet of the code I'm using (copy and pasted directly from the third link for the most part) :
public void login(String address2, String username2, String password2)
throws Exception {
setDomain(UniAddress.getByName(address2));
setAuthentication(new NtlmPasswordAuthentication(address2, username2,
password2));
SmbSession.logon(getDomain(), authentication);
}
public UniAddress getDomain() {
return domain;
}
/**
* #param domain
* the domain to set
*/
public void setDomain(UniAddress domain) {
this.domain = domain;
}
/**
* #return the authentication
*/
public NtlmPasswordAuthentication getAuthentication() {
return authentication;
}
/**
* #param authentication
* the authentication to set
*/
public void setAuthentication(NtlmPasswordAuthentication authentication) {
this.authentication = authentication;
}
and then from here I'm calling the login(); with a address, username, and password. When I do this the application crashes and gives me an error of "NoClassDefFoundError" at the line: setDomain(UniAddress....), specifically from the UniAddress class.
Could anyone help me with this?
Noticing that you have followed the procedure from:
http://learn-it-stuff.blogspot.com/2012/01/adding-jcifs-api-to-our-android-java.html
in importing jcifs.jar for UniAddress and other jcifs apis,
but for it to work :
jcifs.jar must be present in <Project Name>/libs folder