java.lang.IllegalArgumentException: toIndex: 778268654, size: 129.

aparnavarun87 commented 1 year ago

The app starts crashing when I upgrade from v1.1.1 to v2. java.lang.IllegalArgumentException: toIndex: 778268654, size: 129. Any solution to resolve this?

ikeed commented 1 year ago

I have the same issue. I'm using okhttp:4.10.0 and com.appmattus.certificatetransparency:certificatetransparency-android:2.1.2'

I'm instantiating the CertificateTransparencyInterceptor somewhat like this:

    @JvmStatic
    fun certTransparencyInterceptor(context: Context): Interceptor {
        return certificateTransparencyInterceptor {
            + "myDomain1"
            + "myDomain2"
            failOnError = true
            logger = object : CTLogger {
                override fun log(host: String, result: VerificationResult) {
                    XLog.v(
                        LOG_TAG,
                        "SSL Certificate verification result: %s for host: %s".format(
                            result.toString(),
                            host
                        )
                    )
                }
            }
            diskCache = AndroidDiskCache(context)
        }
    }

And then adding it like:

OkHttpClient.Builder httpClientBuilder
httpClientBuilder.addNetworkInterceptor(certificateTransparencyInterceptor(context))

I'm not doing anything specific with trust managers or socket factories.

I didn't install it using your installCertificateTransparencyProvider because I needed to catch SSLPeerUnverifiedExceptions and take specific action.

Incidentally, thank you for this library and for all you're doing. You're a pretty key component in the Android ecosystem.

Please let me know if there's any other information I can provide.

For some domains, it seems to work ok, but for others, I get an error like this:


java.lang.IllegalArgumentException: toIndex: 778269429, size: 527
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.bytes.BasicByteBuffer.range(BasicByteBuffer.kt:40)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Sequence$values$2.invoke(ASN1Sequence.kt:35)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Sequence$values$2.invoke(ASN1Sequence.kt:27)
                                                                                                        at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.ASN1Sequence.getValues(ASN1Sequence.kt:27)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.x509.Extensions$values$2.invoke(Extensions.kt:31)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.x509.Extensions$values$2.invoke(Extensions.kt:30)
                                                                                                        at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
                                                                                                        at com.appmattus.certificatetransparency.internal.utils.asn1.x509.Extensions.getValues(Extensions.kt:30)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.hasX509AuthorityKeyIdentifier(LogSignatureVerifier.kt:244)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.createTbsForVerification(LogSignatureVerifier.kt:185)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.verifySCTOverPreCertificate$certificatetransparency(LogSignatureVerifier.kt:156)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.LogSignatureVerifier.verifySignature(LogSignatureVerifier.kt:136)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyBase.hasValidSignedCertificateTimestamp(CertificateTransparencyBase.kt:139)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyBase.verifyCertificateTransparency(CertificateTransparencyBase.kt:96)
                                                                                                        at com.appmattus.certificatetransparency.internal.verifier.CertificateTransparencyInterceptor.intercept(CertificateTransparencyInterceptor.kt:70)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                        at com.facebook.stetho.okhttp3.StethoInterceptor.intercept(StethoInterceptor.java:54)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                        at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:34)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                        at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                        at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
                                                                                                        at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
                                                                                                        at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
<snip/>
``