powered by Jive Software

java.security.KeyStoreException: BKS not found

I feel like I’m back to 2017 with this topic :slight_smile: - TLS connection example for Android

Anyways, Smack 4.4.3 on Android 9. Debug build of application works fine. Release build does not connect with this error:

2021-08-16 17:49:18.162 31086-32440/? W/AbstractXMPPConnection: Connection XMPPTCPConnection[not-authenticated] (2) closed with error
    javax.net.ssl.SSLHandshakeException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.KeyStoreException: BKS not found
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):25)
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1)
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2)
        at java.lang.Thread.run(Thread.java:798)
     Caused by: java.security.cert.CertificateException: java.lang.RuntimeException: java.lang.RuntimeException: java.security.KeyStoreException: BKS not found
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@212621027@21.26.21 (100308-387928701):8)
        at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
        at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6)
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):16)
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2) 
        at java.lang.Thread.run(Thread.java:798) 
     Caused by: java.lang.RuntimeException: java.lang.RuntimeException: java.security.KeyStoreException: BKS not found
        at com.google.android.gms.org.conscrypt.Platform.checkTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):4)
        at com.google.android.gms.org.conscrypt.Platform.checkServerTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1)
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6)
        at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
        at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):16) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2) 
        at java.lang.Thread.run(Thread.java:798) 
     Caused by: java.lang.RuntimeException: java.security.KeyStoreException: BKS not found
        at android.security.net.config.NetworkSecurityTrustManager.<init>(NetworkSecurityTrustManager.java:62)
        at android.security.net.config.NetworkSecurityConfig.getTrustManager(NetworkSecurityConfig.java:114)
        at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.google.android.gms.org.conscrypt.Platform.checkTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):2)
        at com.google.android.gms.org.conscrypt.Platform.checkServerTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
        at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):16) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2) 
        at java.lang.Thread.run(Thread.java:798) 
     Caused by: java.security.KeyStoreException: BKS not found
        at java.security.KeyStore.getInstance(KeyStore.java:890)
        at android.security.net.config.NetworkSecurityTrustManager.<init>(NetworkSecurityTrustManager.java:58)
        at android.security.net.config.NetworkSecurityConfig.getTrustManager(NetworkSecurityConfig.java:114) 
        at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88) 
        at java.lang.reflect.Method.invoke(Native Method) 
        at com.google.android.gms.org.conscrypt.Platform.checkTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):2) 
        at com.google.android.gms.org.conscrypt.Platform.checkServerTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
        at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):16) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2) 
        at java.lang.Thread.run(Thread.java:798) 
     Caused by: java.security.NoSuchAlgorithmException: BKS KeyStore not available
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
        at java.security.Security.getImpl(Security.java:628)
        at java.security.KeyStore.getInstance(KeyStore.java:887)
        at android.security.net.config.NetworkSecurityTrustManager.<init>(NetworkSecurityTrustManager.java:58) 
        at android.security.net.config.NetworkSecurityConfig.getTrustManager(NetworkSecurityConfig.java:114) 
        at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88) 
        at java.lang.reflect.Method.invoke(Native Method) 
        at com.google.android.gms.org.conscrypt.Platform.checkTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):2) 
        at com.google.android.gms.org.conscrypt.Platform.checkServerTrusted(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
        at com.google.android.gms.org.conscrypt.NativeSsl.doHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):16) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.waitForHandshake(:com.google.android.gms@212621027@21.26.21 (100308-387928701):1) 
        at com.google.android.gms.org.conscrypt.ConscryptFileDescriptorSocket.getInputStream(:com.google.android.gms@212621027@21.26.21 (100308-387928701):6) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:8) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1400(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:66) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:1) 
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:2) 
        at java.lang.Thread.run(Thread.java:798) 
...

Previously used Smack 4.3.5 and both Debug and Release builds worked ok.

So I found the solution: add to proguard-rules.pro:

-keep class org.bouncycastle.jcajce.provider.** { *; }

Not sure why proguard is removing something that is obviously needed by Smack…

Most likely because those classes are discovered via reflection making their use opaque to ProGuard.