Add support for client certificates

[stephanritscher]

This adds support for providing client certificates (which can be picked from system certificate store or from file system) and for accepting self-signed single server certificates without storing them in system certificate store.
This is realized via two libraries which have minimal impact on the application code and thus are easy to maintain. MemorizingTrustManager only has been forked by me due to a build issue with current gradle version (we should switch back to the original project after my pull request has been merged), InteractiveKeyManager has been developed by me inspired by MemorizingTrustManager.

[dominiczedler]

Sorry for the delay, I will look into it as soon as I have time after my bachelor thesis. Thanks for your pull request.

[patzly]

Is it possible to keep minSdk 21? Else this would be a rather drastic change, I think a few people are running Grocy Android on old tablets e. g. in the kitchen, these devices often have early Android versions.

[stephanritscher]

Hi, this is due to InteractiveKeyManager which is my own project and not too big, so I could give it a try if you are interested in integrating the PR.

[patzly]

I see, this would be cool! Maybe you could just surround the methods that don't exist on API <23 with if/else in your library? So that the client certificats feature is maybe only working on devices with API 23+ and we would be able to keep minSdk 21?

[stephanritscher]

I think I got it - only one place to change in the end.

[stephanritscher]

Any objections so far? It's working flawlessly on my side and I just noticed a minor conflict which came up in the PR - I hope to resolve it later today.

[koostamas]

@patzly and @dominiczedler Can you review this PR? I would like to see the feature implemented.

[patzly]

@stephanritscher Hi, I implemented the files directly into the project (was important for translation management and design choices) and cleaned them up a bit. You can find the current implementation in the features/client_certificates branch. However, for me (on the simple demo instance) there always appears the toast at startup that the keystore cannot be found, from here:

grocy-android/app/src/main/java/xyz/zedler/patrick/grocy/ssl/mtm/MemorizingTrustManager.java

Line 207 in a4c5fe1

Toast.makeText(context, R.string.mtm_error_keystore, Toast.LENGTH_SHORT).show();

or the finally body. Without any client keystore config at all (and without any knowledge) there shouldn't be any errors or warnings I think. How can this prevented? Or did I messed up something? Could you please check if the current master branch works for you regarding client certificates?

[stephanritscher]

Hi, thanks for your efforts!
It seems you added the toasts in places which previously were logged silently.
By current design, the keystore file is only written in keyStoreUpdated referenced by storeCert and deleteCertificate. So only if the feature is used, the file will be created. Anyway, a missing keystore file no error but will occur at least after first app start.
I suggest to check for existence of the keyStoreFile and only load its content (lines 204-205) if it exists, if you want to keep the toast.
I will update you later about my test with the master branch.

[stephanritscher]

My first try was to upgrade the instance I was running with the code from my PR. Connectivity is broken, with the stacktrace:
10-05 21:45:35.174 22117 22263 E Volley : [150] NetworkUtility.shouldRetryException: Unexpected response code 400 for https://xxx.xxx/grocy/api/system/db-changed-time
10-05 21:45:35.176 22117 22117 E ShoppingListViewModel: onError: VolleyError: com.android.volley.ClientError
10-05 21:45:35.177 22117 22117 W System.err: com.android.volley.ClientError
10-05 21:45:35.177 22117 22117 W System.err: at com.android.volley.toolbox.NetworkUtility.shouldRetryException(NetworkUtility.java:193)
10-05 21:45:35.177 22117 22117 W System.err: at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:145)
10-05 21:45:35.177 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:132)
10-05 21:45:35.178 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:111)
10-05 21:45:35.178 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:90)
10-05 21:45:35.178 22117 22117 W System.err: com.android.volley.ClientError
10-05 21:45:35.178 22117 22117 W System.err: at com.android.volley.toolbox.NetworkUtility.shouldRetryException(NetworkUtility.java:193)
10-05 21:45:35.178 22117 22117 W System.err: at com.android.volley.toolbox.BasicNetwork.performRequest(BasicNetwork.java:145)
10-05 21:45:35.178 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:132)
10-05 21:45:35.179 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.processRequest(NetworkDispatcher.java:111)
10-05 21:45:35.179 22117 22117 W System.err: at com.android.volley.NetworkDispatcher.run(NetworkDispatcher.java:90)

Error code 400 indicates, that the request didn't contain the client certificate.
Was there something you changed when you integrated the files that could break my current setup?

[stephanritscher]

I just found your commit disabling the client certificate code - next try with that commit reverted ;-)

[stephanritscher]

Now it crashes:

10-05 22:07:51.636 31080 31080 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: loadAppKeyStore: exception loading file key store: /data/user/0/xyz.zedler.patrick.g
rocy.debug/app_KeyStore/KeyStore.bks
10-05 22:07:51.636 31080 31080 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: java.io.FileNotFoundException: /data/user/0/xyz.zedler.patrick.grocy.debug/app_KeySt
ore/KeyStore.bks: open failed: ENOENT (No such file or directory)
...
10-05 22:07:51.638 1805 8332 W PackageConfigPersister: App-specific configuration not found for packageName: xyz.zedler.patrick.grocy.debug and userId: 0
...
--------- beginning of crash
10-05 22:07:51.746 31080 31137 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 31137 (Thread-10), pid 31080 (ick.grocy.debug)

The key store is also not found running the code from my branch since my server uses a certificate recognized by my phone. However, on my branch it doesn't crash.

And I don't see any clue what causes the crash.

[patzly]

I just found your commit disabling the client certificate code - next try with that commit reverted ;-)

Ah sorry I moved the test to the feature branch I mentioned in my message, on the master branch I disabled it for the release :)

[patzly]

Now I see that maybe Dominic added the toasts and that they weren't there in your code, thanks! The crash is really weird... Could you please post the whole crash log again? It seems that the lines where the real crash happens are missing, because the error prints are the ones from the 'Log.e' in catch which should catch the exception and the crash.

[stephanritscher]

There wasn't anything relevant in the log, I fear

[stephanritscher]

I retried with a fresh installation of feature/client_certificate. It crashed on startup. Output of adb logcat ':W':
10-28 22:13:19.375 1341 1341 E audit : type=1400 audit(1730149999.371:8147): avc: denied { ioctl } for pid=10938 comm="WM.task-1" path="/data/data/xyz.zedler.patrick.grocy.debug/no_backup/androidx.work.workdb" dev="dm-52" ino=354766 ioctlcmd=0xf522 scontext=u:r:untrusted_app:s0:c14,c257,c512,c768 tcontext=u:object_r:app_data_file:s0:c14,c257,c512,c768 tclass=file permissive=0 SEPF_SM-G990B2_12_0001 audit_filtered
10-28 22:13:19.375 1341 1341 E audit : type=1300 audit(1730149999.371:8147): arch=c00000b7 syscall=29 success=no exit=-13 a0=59 a1=f522 a2=73313f4878 a3=b40000729b4284c0 items=0 ppid=1376 pid=10938 auid=4294967295 uid=10270 gid=10270 euid=10270 suid=10270 fsuid=10270 egid=10270 sgid=10270 fsgid=10270 tty=(none) ses=4294967295 comm="WM.task-1" exe="/system/bin/app_process64" subj=u:r:untrusted_app:s0:c14,c257,c512,c768 key=(null)
10-28 22:13:19.375 1341 1341 E audit : type=1327 audit(1730149999.371:8147): proctitle="xyz.zedler.patrick.grocy.debug"
10-28 22:13:19.381 1793 4498 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.bindService:2059 android.content.ContextWrapper.bindService:878 com.samsung.android.mcf.McfContext.a:2 com.samsung.android.mcf.McfAdapter.bindService:1 com.samsung.android.mcf.McfAdapter.bindService:2
10-28 22:13:19.382 1341 1341 E audit : type=1400 audit(1730149999.375:8148): avc: denied { ioctl } for pid=10938 comm="WM.task-1" path="/data/data/xyz.zedler.patrick.grocy.debug/no_backup/androidx.work.workdb" dev="dm-52" ino=354766 ioctlcmd=0xf522 scontext=u:r:untrusted_app:s0:c14,c257,c512,c768 tcontext=u:object_r:app_data_file:s0:c14,c257,c512,c768 tclass=file permissive=0 SEPF_SM-G990B2_12_0001 audit_filtered
10-28 22:13:19.513 4082 4788 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_START, appName: com.samsung.android.mcfserver, scannerId: 9, reportDelayMillis=0
10-28 22:13:19.561 1793 1811 W System : A resource failed to call release.
10-28 22:13:19.561 1793 1811 W System : A resource failed to call close.
10-28 22:13:19.562 1793 1811 W System : A resource failed to call close.
10-28 22:13:19.570 4167 4167 W FrameTracker: Missed App frame:UNKNOWN: 264, 3214686, 8979551, CUJ=J<LAUNCHER_APP_LAUNCH_FROM_ICON>
10-28 22:13:19.570 4167 4167 W FrameTracker: Missed App frame:UNKNOWN: 264, 3215127, 8950812, CUJ=J<LAUNCHER_APP_LAUNCH_FROM_ICON>
10-28 22:13:19.741 10938 10938 W ick.grocy.debug: Accessing hidden method Ljava/security/spec/ECParameterSpec;->getCurveName()Ljava/lang/String; (unsupported, reflection, allowed)
10-28 22:13:19.758 10938 10938 W ick.grocy.debug: Accessing hidden field Landroid/database/CursorWindow;->sCursorWindowSize:I (unsupported, reflection, allowed)
10-28 22:13:19.759 1793 8034 W PackageConfigPersister: App-specific configuration not found for packageName: xyz.zedler.patrick.grocy.debug and userId: 0
10-28 22:13:19.816 10938 10938 W ick.grocy.debug: Accessing hidden method Landroid/view/ViewGroup;->makeOptionalFitsSystemWindows()V (unsupported, reflection, allowed)
10-28 22:13:19.918 1793 3774 W ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:1281 com.android.server.notification.sec.DisplayToast.sendIntentForToastDumpLog:156 com.android.server.notification.sec.DisplayToast.outFile:106 com.android.server.notification.sec.DisplayToast.out:62 com.android.server.notification.NotificationManagerService$15.enqueueToastForDex:5125
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: loadAppKeyStore: exception loading file key store: /data/user/0/xyz.zedler.patrick.grocy.debug/app_KeyStore/KeyStore.bks
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: java.io.FileNotFoundException: /data/user/0/xyz.zedler.patrick.grocy.debug/app_KeyStore/KeyStore.bks: open failed: ENOENT (No such file or directory)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.IoBridge.open(IoBridge.java:574)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at java.io.FileInputStream.(FileInputStream.java:179)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager.loadAppKeyStore(MemorizingTrustManager.java:204)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager.init(MemorizingTrustManager.java:153)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager.(MemorizingTrustManager.java:112)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.web.RequestQueueSingleton$TLSSocketFactory.(RequestQueueSingleton.java:107)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.web.RequestQueueSingleton.newRequestQueue(RequestQueueSingleton.java:87)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.web.RequestQueueSingleton.getRequestQueue(RequestQueueSingleton.java:68)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.web.RequestQueueSingleton.(RequestQueueSingleton.java:56)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.web.RequestQueueSingleton.getInstance(RequestQueueSingleton.java:61)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.helper.DownloadHelper.(DownloadHelper.java:126)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.helper.DownloadHelper.(DownloadHelper.java:169)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.activity.MainActivity.onCreate(MainActivity.java:252)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at xyz.zedler.patrick.grocy.activity.SplashActivity.onCreate(SplashActivity.java:61)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.Activity.performCreate(Activity.java:8975)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.Activity.performCreate(Activity.java:8944)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1456)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:4146)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:4322)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:103)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:139)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:96)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2685)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.os.Handler.dispatchMessage(Handler.java:106)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.os.Looper.loopOnce(Looper.java:230)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.os.Looper.loop(Looper.java:319)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.ActivityThread.main(ActivityThread.java:8919)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at java.lang.reflect.Method.invoke(Native Method)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:578)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1103)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.Linux.open(Native Method)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.ForwardingOs.open(ForwardingOs.java:563)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.BlockGuardOs.open(BlockGuardOs.java:274)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.ForwardingOs.open(ForwardingOs.java:563)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:8782)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: at libcore.io.IoBridge.open(IoBridge.java:560)
10-28 22:13:19.921 10938 10938 E xyz.zedler.patrick.grocy.ssl.mtm.MemorizingTrustManager: ... 29 more
10-28 22:13:19.923 1793 3773 W PackageConfigPersister: App-specific configuration not found for packageName: xyz.zedler.patrick.grocy.debug and userId: 0
--------- beginning of crash
10-28 22:13:20.027 10938 10985 F libc : Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 10985 (Thread-5), pid 10938 (ick.grocy.debug)
10-28 22:13:20.100 1793 3773 W PackageConfigPersister: App-specific configuration not found for packageName: xyz.zedler.patrick.grocy.debug and userId: 0
10-28 22:13:20.101 1793 3773 W PackageConfigPersister: App-specific configuration not found for packageName: xyz.zedler.patrick.grocy.debug and userId: 0
10-28 22:13:20.272 11010 11010 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-28 22:13:20.272 11010 11010 F DEBUG : Build fingerprint: 'samsung/r9q2xeea/r9q:14/UP1A.231005.007/G990B2XXS9GXJ1:user/release-keys'
10-28 22:13:20.272 11010 11010 F DEBUG : Revision: '14'
10-28 22:13:20.272 11010 11010 F DEBUG : ABI: 'arm64'
10-28 22:13:20.272 11010 11010 F DEBUG : Processor: '0'
10-28 22:13:20.272 11010 11010 F DEBUG : Timestamp: 2024-10-28 22:13:20.088433507+0100
10-28 22:13:20.272 11010 11010 F DEBUG : Process uptime: 2s
10-28 22:13:20.272 11010 11010 F DEBUG : Cmdline: xyz.zedler.patrick.grocy.debug
10-28 22:13:20.272 11010 11010 F DEBUG : pid: 10938, tid: 10985, name: Thread-5 >>> xyz.zedler.patrick.grocy.debug <<<
10-28 22:13:20.272 11010 11010 F DEBUG : uid: 10270
10-28 22:13:20.272 11010 11010 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
10-28 22:13:20.272 11010 11010 F DEBUG : x0 0000000000000000 x1 0000000000002ae9 x2 0000000000000006 x3 00000070131f1e90
10-28 22:13:20.272 11010 11010 F DEBUG : x4 000000000000002c x5 000000000000002c x6 000000000000002c x7 b40000713b481220
10-28 22:13:20.272 11010 11010 F DEBUG : x8 00000000000000f0 x9 000000733be611e0 x10 0000000000000001 x11 000000733bea99c8
10-28 22:13:20.272 11010 11010 F DEBUG : x12 00000000000000fc x13 0000000000000002 x14 0000000000000001 x15 00000000ebad6a89
10-28 22:13:20.272 11010 11010 F DEBUG : x16 000000733bf11d18 x17 000000733beed4e0 x18 0000007010f34000 x19 0000000000002aba
10-28 22:13:20.272 11010 11010 F DEBUG : x20 0000000000002ae9 x21 00000000ffffffff x22 000000000000000a x23 b40000711b44beb4
10-28 22:13:20.272 11010 11010 F DEBUG : x24 00000000ffffffff x25 b40000711b44beb2 x26 0000007012ff9466 x27 000000733be28620
10-28 22:13:20.272 11010 11010 F DEBUG : x28 00000070131f2050 x29 00000070131f1f10
10-28 22:13:20.272 11010 11010 F DEBUG : lr 000000733be9a6c4 sp 00000070131f1e70 pc 000000733be9a6f0 pst 0000000000001000
10-28 22:13:20.272 11010 11010 F DEBUG : 14 total frames
10-28 22:13:20.272 11010 11010 F DEBUG : backtrace:
10-28 22:13:20.272 11010 11010 F DEBUG : #00 pc 000000000005b6f0 /apex/com.android.runtime/lib64/bionic/libc.so (abort+168) (BuildId: 915f3092e188c08142d3ac57b655fbd7)
10-28 22:13:20.272 11010 11010 F DEBUG : #1 pc 0000000000140fbc /data/app/~~E153U5xC4MH7yWHDY8_L0w==/xyz.zedler.patrick.grocy.debug-DGPcCkxyGJEVipop61eL_Q==/lib/arm64/libconscrypt_jni.so (X509_NAME_print+344) (BuildId: f1446306c60470b344a50f938f9632ca54d8b4e4)
10-28 22:13:20.272 11010 11010 F DEBUG : #2 pc 000000000014027c /data/app/~~E153U5xC4MH7yWHDY8_L0w==/xyz.zedler.patrick.grocy.debug-DGPcCkxyGJEVipop61eL_Q==/lib/arm64/libconscrypt_jni.so (X509_print_ex+664) (BuildId: f1446306c60470b344a50f938f9632ca54d8b4e4)
10-28 22:13:20.272 11010 11010 F DEBUG : #3 pc 00000000000790d8 /data/app/~~E153U5xC4MH7yWHDY8_L0w==/xyz.zedler.patrick.grocy.debug-DGPcCkxyGJEVipop61eL_Q==/lib/arm64/libconscrypt_jni.so (BuildId: f1446306c60470b344a50f938f9632ca54d8b4e4)
10-28 22:13:20.272 11010 11010 F DEBUG : #4 pc 0000000000378f70 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+144) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #5 pc 0000000000362a40 /apex/com.android.art/lib64/libart.so (art_quick_invoke_static_stub+640) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #6 pc 000000000034df38 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread, unsigned int*, unsigned int, art::JValue*, char const*)+204) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #7 pc 0000000000348854 /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, bool, art::JValue*)+448) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #8 pc 000000000076e058 /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp(art::interpreter::SwitchImplContext*)+12452) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #9 pc 000000000037b5d8 /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #10 pc 000000000032705c [anon:dalvik-classes17.dex extracted in memory from /data/app/~~E153U5xC4MH7yWHDY8_L0w==/xyz.zedler.patrick.grocy.debug-DGPcCkxyGJEVipop61eL_Q==/base.apk] (org.conscrypt.OpenSSLX509Certificate.toString+0)
10-28 22:13:20.272 11010 11010 F DEBUG : #11 pc 000000000034d5a8 /apex/com.android.art/lib64/libart.so (artQuickToInterpreterBridge+1932) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #12 pc 0000000000379098 /apex/com.android.art/lib64/libart.so (art_quick_to_interpreter_bridge+88) (BuildId: 1ee2c234829500686eefa384068e67c8)
10-28 22:13:20.272 11010 11010 F DEBUG : #13 pc 00000000020a6630 /memfd:jit-cache (deleted) (offset 0x2000000)
10-28 22:13:20.294 863 863 E tombstoned: Tombstone written to: tombstone_22
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: failed to open /data/tombstones/tombstone_22.pb
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: java.io.FileNotFoundException: open failed: ENOENT (No such file or directory)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.ParcelFileDescriptor.openInternal(ParcelFileDescriptor.java:351)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.ParcelFileDescriptor.open(ParcelFileDescriptor.java:230)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager.handleProtoTombstone(NativeTombstoneManager.java:166)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager.handleTombstone(NativeTombstoneManager.java:135)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager.-$$Nest$mhandleTombstone(NativeTombstoneManager.java:0)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager$TombstoneWatcher.lambda$onEvent$0(NativeTombstoneManager.java:583)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager$TombstoneWatcher.$r8$lambda$tfJ_q07NaI9c6UYttszi4EdMJ7Y(NativeTombstoneManager.java:0)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.os.NativeTombstoneManager$TombstoneWatcher$$ExternalSyntheticLambda0.run(R8$$SyntheticClass:0)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.Handler.handleCallback(Handler.java:958)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.Handler.dispatchMessage(Handler.java:99)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.Looper.loopOnce(Looper.java:230)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.Looper.loop(Looper.java:319)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at android.os.HandlerThread.run(HandlerThread.java:67)
10-28 22:13:20.296 1793 3050 W NativeTombstoneManager: at com.android.server.ServiceThread.run(ServiceThread.java:46)
10-28 22:13:20.296 1793 11021 W ActivityTaskManager: Force finishing activity xyz.zedler.patrick.grocy.debug/xyz.zedler.patrick.grocy.activity.SplashActivity
10-28 22:13:20.298 1793 11027 W ActivityManager: crash : xyz.zedler.patrick.grocy.debug,10270

[stephanritscher]

Hi, after quite some debugging and diffing your code with mine I found the problem is the logging statement you modified in the beginning of checkCertTrusted. It seems to me that X509Certificate.toString() (which is invoked by Arrays.toString()) crashes - who would expect that!?

[stephanritscher]

Please review my suggestion to fix the feature at #892.