Listener Certificate Authenticator Delegate is not working for Android

vijay.pawar · November 28, 2024, 3:27pm

Currently, for Android Peer-to-Peer communication, we are using the following library and code:
Library:
com.couchbase.lite:couchbase-lite-android-ee:3.0.12
Working Existing Code:

listenerConfig.setAuthenticator(ListenerCertificateAuthenticator(caCertificates))
val listener = URLEndpointListener(listenerConfig)

We are passing a CA certificate to the ListenerCertificateAuthenticator to verify the incoming client certificate and establish a connection.

However, based on our new requirements, we need to perform additional checks in addition to the certificate verification. Therefore, following the guidelines in the Couchbase documentation, we are delegating authentication to a custom class that implements ListenerCertificateAuthenticatorDelegate. (Please refer to the updated code below.)

Couchbase Documentation:

Updated Code:

class Delegate : ListenerCertificateAuthenticatorDelegate {
    override fun authenticate(certs: List<Certificate>): Boolean {
        val valid = true // Our code eventually returns true.
        return valid
    }
}
 
listenerConfig.setAuthenticator(ListenerCertificateAuthenticator(Delegate()))

Although we return true during authentication, the connection still fails to be established, and we are seeing the following error for the peer device(iOS) which is trying to connect. (Note: similar changes does work for iOS)

“error”: “\nCaused by Object: server rejected the TLS client certificate”

It seems like there might be an issue with the Couchbase Android library. Kindly help

blake.meike · December 3, 2024, 8:57pm

FWIW, 3.0.12 is quite old and is out of maintenance. You might consider upgrading to something more recent. That said, I should think this should work.

There really isn’t a lot to go on, here: one snippet of an error message that wasn’t even generated by CBL. Also, I doubt that the code you show, above, is the code that is actually running: why would you assign a variable only to return its value?

Here’s what I suggest:

Print out the list of certs that your authenticator delegate receives.
Print out the value that you return from the delegate, immediately before you return it.
Use adb logcat to capture the CBL logs from around the time of the failure. This interaction is heavily logged so the logs may well shed light.

If that doesn’t make the solution obvious, add the printouts to this post and I’ll have a look

Topic		Replies	Views
How can I have CouchBase Lite present a Client certificate to my server? Couchbase Lite	9	2373	July 31, 2017
Using self signed certificate with couchbase lite on android? Mobile	6	3816	July 8, 2016
Android API 19 (4.4.4) TLSv1.1 Couchbase Lite java	4	2111	April 11, 2018
Couchbase Lite certificates issue Sync Gateway	1	338	March 5, 2024
BasicAuthenticator in CB Lite does not seems to Authenticate (iOS - Swift) Couchbase Lite	1	789	October 21, 2018

Listener Certificate Authenticator Delegate is not working for Android

Related topics