LoginSignup
10
7

More than 5 years have passed since last update.

@AAkirain株式会社サイバーエージェント

【Android】Lollipop(Api21)より下のgRPC通信でTLS1.2を使う

Posted at

gRPC

gRPCはHTTP/2をベースとした通信になっているので、実質SSL/TLS通信が必須となっています。(
しかし、Android4系以下はデフォルトでは現状普及しているTLS1.2に対応していません。

Error内容

5系以上と同じように通信をすると、以下のエラーが発生します。

  • TLSが使えない場合gRPCの通信は失敗するのでStatus CodeはUNAVAILABLEになります。(参: gRPC Status)
Caused by: io.grpc.StatusRuntimeException: UNAVAILABLE
  • 根本的なエラー内容
Caused by: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x64f34a60: Failure in SSL library, usually a protocol error
error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol (external/openssl/ssl/s23_clnt.c:714 0x5d3f1d5c:0x00000000)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:448)
at io.grpc.okhttp.OkHttpProtocolNegotiator.negotiate(OkHttpProtocolNegotiator.java:93)
at io.grpc.okhttp.OkHttpProtocolNegotiator$AndroidNegotiator.negotiate(OkHttpProtocolNegotiator.java:159)
at io.grpc.okhttp.OkHttpTlsUpgrader.upgrade(OkHttpTlsUpgrader.java:63)
at io.grpc.okhttp.OkHttpClientTransport$1.run(OkHttpClientTransport.java:427)
at io.grpc.internal.SerializingExecutor.run(SerializingExecutor.java:107)

imported modules

SecurityクラスのgetProviders()メソッドを使うと端末にinstallされているmoduleのリストがわかります。
Android4.4にデフォルトで入っていたのは以下のmoduleでした。
ここにTLS1.2が入っていない為、gRPCの通信部分でエラーが発生しています。

*  AndroidOpenSSL, [Provider AndroidOpenSSL Service SSLContext.SSL com.android.org.conscrypt.OpenSSLContextImpl

*  DRLCertFactory, [Provider DRLCertFactory Service CertificateFactory.X509 org.apache.harmony.security.provider.cert.X509CertFactoryImpl
Aliases [X.509]
Attributes {}]

* BC, [Provider BC Service MessageDigest.MD5 com.android.org.bouncycastle.jcajce.provider.digest.MD5$Digest

*  Crypto, [Provider Crypto Service MessageDigest.SHA-1 org.apache.harmony.security.provider.crypto.SHA1_MessageDigestImpl
Aliases [SHA1, SHA]
Attributes {ImplementedIn=Software}, Provider Crypto Service SecureRandom.SHA1PRNG org.apache.harmony.security.provider.crypto.SHA1PRNG_SecureRandomImpl
Aliases []
Attributes {ImplementedIn=Software}, Provider Crypto Service Signature.SHA1withDSA org.apache.harmony.security.provider.crypto.SHA1withDSA_SignatureImpl
Aliases [SHAwithDSA, DSAwithSHA1, SHA1/DSA, SHA/DSA, SHA-1/DSA, DSA, DSS, OID.1.2.840.10040.4.3, 1.2.840.10040.4.3, 1.3.14.3.2.13, 1.3.14.3.2.27]
Attributes {ImplementedIn=Software}, Provider Crypto Service KeyFactory.DSA org.apache.harmony.security.provider.crypto.DSAKeyFactoryImpl
Aliases [1.3.14.3.2.12, 1.2.840.10040.4.1]
Attributes {ImplementedIn=Software}]

*  HarmonyJSSE, [Provider HarmonyJSSE Service SSLContext.SSL com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.SSLv3 com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.TLS com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.TLSv1 com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service KeyManagerFactory.PKIX com.android.org.conscrypt.KeyManagerFactoryImpl
Aliases [X509]
Attributes {}, Provider HarmonyJSSE Service TrustManagerFactory.PKIX com.android.org.conscrypt.TrustManagerFactoryImpl
Aliases [X509]
Attributes {}, Provider HarmonyJSSE Service KeyStore.AndroidCAStore com.android.org.conscrypt.TrustedCertificateKeyStoreSpi
Aliases []
Attributes {}]

* AndroidKeyStore, [Provider AndroidKeyStore Service KeyStore.AndroidKeyStore android.security.AndroidKeyStore
Aliases []
Attributes {}, Provider AndroidKeyStore Service KeyPairGenerator.RSA android.security.AndroidKeyPairGenerator
Aliases []
Attributes {}]

解決方法

最初はSSLSocketFactoryをoverrideして自作のSocketFactoryからcreateSocketでTLSv1.2を追加して、OKHTTPのChannelBuilderにsslSocketFactoryを追加しました。

ServerSideStreaming RPCの場合は動作をしたのですが、Simple RPCの場合は動作しませんでした。

主にやり方はGoogle Play Services Dynamic Security Providerを使う方法とSecurityクラスにprovideする方法の2つがあります。

Google Play Services Dynamic Security Provider

こちらはGoogle Play Serviceを使います。

gradle

apply plugin: 'android'
...

dependencies {
    compile 'com.google.android.gms:play-services:11.4.2'
}

Code

初期化処理を書きます。
通信するActivityでも良いですが、一度しか行わないのでApplication classが良いと思います。

ProviderInstaller.installIfNeededAsync(this, object : ProviderInstaller.ProviderInstallListener {
    override fun onProviderInstalled() {
    }

    override fun onProviderInstallFailed(errorCode: Int, recoveryIntent: Intent?) {
    }
})

Google Play Serviceがinstallされていない場合はInstallFailedになります。

imported modules

* GmsCore_OpenSSL, [Provider GmsCore_OpenSSL Service SSLContext.SSL com.google.android.gms.org.conscrypt.OpenSSLContextImpl$TLSv12
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service SSLContext.TLS com.google.android.gms.org.conscrypt.OpenSSLContextImpl$TLSv12
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service SSLContext.TLSv1 com.google.android.gms.org.conscrypt.OpenSSLContextImpl$TLSv1
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service SSLContext.TLSv1.1 com.google.android.gms.org.conscrypt.OpenSSLContextImpl$TLSv11
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service SSLContext.TLSv1.2 com.google.android.gms.org.conscrypt.OpenSSLContextImpl$TLSv12
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service SSLContext.Default com.google.android.gms.org.conscrypt.DefaultSSLContextImpl
Aliases []
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.SHA-1 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$SHA1
Aliases [SHA1, SHA, 1.3.14.3.2.26]
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.SHA-224 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$SHA224
Aliases [SHA224, 2.16.840.1.101.3.4.2.4]
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.SHA-256 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$SHA256
Aliases [SHA256, 2.16.840.1.101.3.4.2.1]
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.SHA-384 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$SHA384
Aliases [SHA384, 2.16.840.1.101.3.4.2.2]
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.SHA-512 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$SHA512
Aliases [SHA512, 2.16.840.1.101.3.4.2.3]
Attributes {}, Provider GmsCore_OpenSSL Service MessageDigest.MD5 com.google.android.gms.org.conscrypt.OpenSSLMessageDigestJDK$MD5
Aliases [1.2.840.113549.2.5]
Attributes {}, Provider GmsCore_OpenSSL Service KeyPairGenerator.RSA com.google.android.gms.org.conscrypt.OpenSSLRSAKeyPairGenerator
Aliases [1.2.840.113549.1.1.1, 1.2.840.113549.1.1.7, 2.5.8.1.1]
Attributes {}, Provider GmsCore_OpenSSL Service KeyPairGenerator.EC com.google.android.gms.org.conscrypt.OpenSSLECKeyPairGenerator
Aliases [1.2.840.10045.2.1, 1.3.133.16.840.63.0.2]
Attributes {}, Provider GmsCore_OpenSSL Service KeyFactory.RSA com.google.android.gms.org.conscrypt.OpenSSLRSAKeyFactory
Aliases [1.2.840.113549.1.1.1, 1.2.840.113549.1.1.7, 2.5.8.1.1]
Attributes {}, Provider GmsCore_OpenSSL Service KeyFactory.EC com.google.android.gms.org.conscrypt.OpenSSLECKeyFactory
Aliases [1.2.840.10045.2.1, 1.3.133.16.840.63.0.2]
Attributes {}, Provider GmsCore_OpenSSL Service KeyAgreement.ECDH com.google.android.gms.org.conscrypt.OpenSSLECDHKeyAgreement
Aliases []
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.ECPrivateKey, SupportedKeyFormats=PKCS#8}, Provider GmsCore_OpenSSL Service Signature.MD5WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$MD5RSA
Aliases [MD5WithRSAEncryption, MD5/RSA, 1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4, 1.2.840.113549.2.5with1.2.840.113549.1.1.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA1WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA1RSA
Aliases [SHA1WithRSAEncryption, SHA1/RSA, SHA-1/RSA, 1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.26with1.2.840.113549.1.1.1, 1.3.14.3.2.26with1.2.840.113549.1.1.5, 1.3.14.3.2.29, OID.1.3.14.3.2.29]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA224WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA224RSA
Aliases [SHA224WithRSAEncryption, SHA224/RSA, 1.2.840.113549.1.1.14, OID.1.2.840.113549.1.1.14, 2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1, 2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.14]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA256WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA256RSA
Aliases [SHA256WithRSAEncryption, SHA256/RSA, 1.2.840.113549.1.1.11, OID.1.2.840.113549.1.1.11, 2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1, 2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA384WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA384RSA
Aliases [SHA384WithRSAEncryption, SHA384/RSA, 1.2.840.113549.1.1.12, OID.1.2.840.113549.1.1.12, 2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA512WithRSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA512RSA
Aliases [SHA512WithRSAEncryption, SHA512/RSA, 1.2.840.113549.1.1.13, OID.1.2.840.113549.1.1.13, 2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.NONEwithRSA com.google.android.gms.org.conscrypt.OpenSSLSignatureRawRSA
Aliases []
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Signature.SHA1withECDSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA1ECDSA
Aliases [ECDSA, ECDSAwithSHA1, 1.2.840.10045.4.1, 1.3.14.3.2.26with1.2.840.10045.2.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA224withECDSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA224ECDSA
Aliases [SHA224/ECDSA, 1.2.840.10045.4.3.1, OID.1.2.840.10045.4.3.1, 2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA256withECDSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA256ECDSA
Aliases [SHA256/ECDSA, 1.2.840.10045.4.3.2, OID.1.2.840.10045.4.3.2, 2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA384withECDSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA384ECDSA
Aliases [SHA384/ECDSA, 1.2.840.10045.4.3.3, OID.1.2.840.10045.4.3.3, 2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA512withECDSA com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA512ECDSA
Aliases [SHA512/ECDSA, 1.2.840.10045.4.3.4, OID.1.2.840.10045.4.3.4, 2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA1withRSA/PSS com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA1RSAPSS
Aliases [SHA1withRSAandMGF1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA224withRSA/PSS com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA224RSAPSS
Aliases [SHA224withRSAandMGF1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA256withRSA/PSS com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA256RSAPSS
Aliases [SHA256withRSAandMGF1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA384withRSA/PSS com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA384RSAPSS
Aliases [SHA384withRSAandMGF1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service Signature.SHA512withRSA/PSS com.google.android.gms.org.conscrypt.OpenSSLSignature$SHA512RSAPSS
Aliases [SHA512withRSAandMGF1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder|java.security.interfaces.RSAPrivateKey|java.security.interfaces.ECPrivateKey|java.security.interfaces.RSAPublicKey, SupportedKeyFormats=PKCS#8|X.509}, Provider GmsCore_OpenSSL Service SecureRandom.SHA1PRNG com.google.android.gms.org.conscrypt.OpenSSLRandom
Aliases []
Attributes {ImplementedIn=Software}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$Raw
Aliases [RSA/None/NoPadding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/PKCS1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$PKCS1
Aliases [RSA/None/PKCS1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPPadding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA1
Aliases [RSA/None/OAEPPadding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPWithSHA-1AndMGF1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA1
Aliases [RSA/None/OAEPWithSHA-1AndMGF1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPWithSHA-224AndMGF1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA224
Aliases [RSA/None/OAEPWithSHA-224AndMGF1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPWithSHA-256AndMGF1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA256
Aliases [RSA/None/OAEPWithSHA-256AndMGF1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPWithSHA-384AndMGF1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA384
Aliases [RSA/None/OAEPWithSHA-384AndMGF1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.RSA/ECB/OAEPWithSHA-512AndMGF1Padding com.google.android.gms.org.conscrypt.OpenSSLCipherRSA$OAEP$SHA512
Aliases [RSA/None/OAEPWithSHA-512AndMGF1Padding]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateKey|java.security.interfaces.RSAPrivateKey|com.google.android.gms.org.conscrypt.OpenSSLRSAPublicKey|java.security.interfaces.RSAPublicKey}, Provider GmsCore_OpenSSL Service Cipher.AES/ECB/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES$ECB$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES/ECB/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES$ECB$PKCS5Padding
Aliases [AES/ECB/PKCS7Padding]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES/CBC/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES$CBC$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES/CBC/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES$CBC$PKCS5Padding
Aliases [AES/CBC/PKCS7Padding]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES/CTR/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES$CTR
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_128/ECB/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_128$ECB$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_128/ECB/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_128$ECB$PKCS5Padding
Aliases [AES_128/ECB/PKCS7Padding]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_128/CBC/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_128$CBC$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_128/CBC/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_128$CBC$PKCS5Padding
Aliases [AES_128/CBC/PKCS7Padding, PBEWithHmacSHA1AndAES_128, PBEWithHmacSHA224AndAES_128, PBEWithHmacSHA256AndAES_128, PBEWithHmacSHA384AndAES_128, PBEWithHmacSHA512AndAES_128]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_256/ECB/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_256$ECB$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_256/ECB/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_256$ECB$PKCS5Padding
Aliases [AES_256/ECB/PKCS7Padding]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_256/CBC/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_256$CBC$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_256/CBC/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$AES_256$CBC$PKCS5Padding
Aliases [AES_256/CBC/PKCS7Padding, PBEWithHmacSHA1AndAES_256, PBEWithHmacSHA224AndAES_256, PBEWithHmacSHA256AndAES_256, PBEWithHmacSHA384AndAES_256, PBEWithHmacSHA512AndAES_256]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.DESEDE/CBC/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$DESEDE$CBC$NoPadding
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.DESEDE/CBC/PKCS5Padding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$DESEDE$CBC$PKCS5Padding
Aliases [DESEDE/CBC/PKCS7Padding]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.ARC4 com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_CIPHER$ARC4
Aliases [ARCFOUR, RC4, 1.2.840.113549.3.4, OID.1.2.840.113549.3.4]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES/GCM/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_AEAD$AES$GCM
Aliases [GCM, 2.16.840.1.101.3.4.1.6, 2.16.840.1.101.3.4.1.26, 2.16.840.1.101.3.4.1.46]
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_128/GCM/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_AEAD$AES$GCM$AES_128
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Cipher.AES_256/GCM/NoPadding com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_AEAD$AES$GCM$AES_256
Aliases []
Attributes {SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacMD5 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacMD5
Aliases [1.3.6.1.5.5.8.1.1, HMAC-MD5, HMAC/MD5]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacSHA1 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacSHA1
Aliases [1.2.840.113549.2.7, 1.3.6.1.5.5.8.1.2, HMAC-SHA1, HMAC/SHA1]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacSHA224 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacSHA224
Aliases [1.2.840.113549.2.8, HMAC-SHA224, HMAC/SHA224, PBEWITHHMACSHA224]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacSHA256 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacSHA256
Aliases [1.2.840.113549.2.9, 2.16.840.1.101.3.4.2.1, HMAC-SHA256, HMAC/SHA256, PBEWITHHMACSHA256]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacSHA384 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacSHA384
Aliases [1.2.840.113549.2.10, HMAC-SHA384, HMAC/SHA384, PBEWITHHMACSHA384]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service Mac.HmacSHA512 com.google.android.gms.org.conscrypt.OpenSSLMac$HmacSHA512
Aliases [1.2.840.113549.2.11, HMAC-SHA512, HMAC/SHA512, PBEWITHHMACSHA512]
Attributes {SupportedKeyClasses=com.google.android.gms.org.conscrypt.OpenSSLKeyHolder, SupportedKeyFormats=RAW}, Provider GmsCore_OpenSSL Service CertificateFactory.X509 com.google.android.gms.org.conscrypt.OpenSSLX509CertificateFactory
Aliases [X.509]
Attributes {}]

....

多すぎるので省略しました。まだあと3倍以上あります。
GmsCore_OpenSSLが入っているのがポイントです。GmsCore_OpenSSLにより、TLS1.2が有効になりました。
これによって、4系でもTLS1.2でgRP通信が行えます。

Conscypt

GooglePlayServiceはmoduleがたくさんimportされてしまいました。
そこで、必要な分のみimportするため、AndroidとOpenJDK用にTLSを提供しているgoogleのConscyptを使用します。

gradle

compile "org.conscrypt:conscrypt-android:1.0.0.RC11"

(1.1.0-SNAPSHOTは使えませんでした)

Code

上記同様一度だけ初期化処理を書きます。
こちらは、TLS1.2に必要な GmsCore_OpenSSL のみimportします。

Security.insertProviderAt(Conscrypt.newProvider("GmsCore_OpenSSL"), 1)

imported module

* GmsCore_OpenSSL, [Provider GmsCore_OpenSSL Service SSLContext.SSL org.conscrypt.OpenSSLContextImpl$TLSv12
* AndroidOpenSSL, [Provider AndroidOpenSSL Service SSLContext.SSL com.android.org.conscrypt.OpenSSLContextImpl
* DRLCertFactory, [Provider DRLCertFactory Service CertificateFactory.X509 org.apache.harmony.security.provider.cert.X509CertFactoryImpl
Aliases [X.509]
Attributes {}]
* BC, [Provider BC Service MessageDigest.MD5 com.android.org.bouncycastle.jcajce.provider.digest.MD5$Digest
* Crypto, [Provider Crypto Service MessageDigest.SHA-1 org.apache.harmony.security.provider.crypto.SHA1_MessageDigestImpl
Aliases [SHA1, SHA]
Attributes {ImplementedIn=Software}, Provider Crypto Service SecureRandom.SHA1PRNG org.apache.harmony.security.provider.crypto.SHA1PRNG_SecureRandomImpl
Aliases []
Attributes {ImplementedIn=Software}, Provider Crypto Service Signature.SHA1withDSA org.apache.harmony.security.provider.crypto.SHA1withDSA_SignatureImpl
Aliases [SHAwithDSA, DSAwithSHA1, SHA1/DSA, SHA/DSA, SHA-1/DSA, DSA, DSS, OID.1.2.840.10040.4.3, 1.2.840.10040.4.3, 1.3.14.3.2.13, 1.3.14.3.2.27]
Attributes {ImplementedIn=Software}, Provider Crypto Service KeyFactory.DSA org.apache.harmony.security.provider.crypto.DSAKeyFactoryImpl
Aliases [1.3.14.3.2.12, 1.2.840.10040.4.1]
Attributes {ImplementedIn=Software}]
* HarmonyJSSE, [Provider HarmonyJSSE Service SSLContext.SSL com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.SSLv3 com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.TLS com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service SSLContext.TLSv1 com.android.org.conscrypt.SSLContextImpl
Aliases []
Attributes {}, Provider HarmonyJSSE Service KeyManagerFactory.PKIX com.android.org.conscrypt.KeyManagerFactoryImpl
Aliases [X509]
Attributes {}, Provider HarmonyJSSE Service TrustManagerFactory.PKIX com.android.org.conscrypt.TrustManagerFactoryImpl
Aliases [X509]
Attributes {}, Provider HarmonyJSSE Service KeyStore.AndroidCAStore com.android.org.conscrypt.TrustedCertificateKeyStoreSpi
Aliases []
Attributes {}]
* AndroidKeyStore, [Provider AndroidKeyStore Service KeyStore.AndroidKeyStore android.security.AndroidKeyStore
Aliases []
Attributes {}, Provider AndroidKeyStore Service KeyPairGenerator.RSA android.security.AndroidKeyPairGenerator
Aliases []
Attributes {}]

こちらは、先ほどとは異なり、defaultに GmsCore_OpenSSL部分のみが追加されました。
これによって、4系でもTLS1.2でgRP通信が行えます。

Conclusion

Conscryptを導入すると、依存関係が増えるので一長一短ですが、各プロジェクトに適した導入方法をとると良いと思います。

10
7
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
10
7