search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.43k stars 4.76k forks source link

Cannot make connection to Chromecast #83221

Closed timgoeij closed 1 year ago

timgoeij commented 1 year ago

Description

When trying to connect to a chromecast there will be an authentication error. Becauser there is no network security config specified and there is no path for a trust anchor certificate

Steps to Reproduce

  1. Create a new .NET MAUI project
  2. Add the Scharpcaster 1.0.8 package.
  3. Create in the MainPage.xaml.cs a OnAppearing function
  4. Add the following code in the OnAppearing function under step 5:
  5. Test the app and the app will break when trying to connect to a Chromecast
                 base.OnAppearing();

        IChromecastLocator locator = new MdnsChromecastLocator();
        var chromeCasts = await locator.FindReceiversAsync();

        var client = new ChromecastClient();

        await client.ConnectChromecast(chromeCasts.First());
        _ = client.LaunchApplicationAsync("CC1AD845");

        var media = new Media
        {
            ContentUrl = "https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/mp4/DesigningForGoogleCast.mp4"
        };
        _ = await client.GetChannel<IMediaChannel>().LoadAsync(media);

Link to public reproduction project repository

https://github.com/timgoeij/MauiChromeCastTest

Version with bug

7.0 (current)

Last version that worked well

Unknown/Other

Affected platforms

Android

Affected platform versions

Android 7.1, 9, 12

Did you find any workaround?

No response

Relevant log output

Android 7.1:

[NetworkSecurityConfig] No Network Security Config specified, using platform default
[System.err] javax.net.ssl.SSLHandshakeException: Handshake failed
[System.err]    at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:441)
[System.err]    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:1270)
[System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:318)
[System.err]    at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
[System.err]    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104)
[System.err]    at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:202)
[System.err]    at com.android.org.conscrypt.OpenSSLEngineImpl.verifyCertificateChain(OpenSSLEngineImpl.java:666)
[System.err]    at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake_bio(Native Method)
[System.err]    at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:426)
[System.err]    ... 1 more
[System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err]    ... 12 more
[monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll
[monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll
[monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll
Thread started: <Thread Pool> dotnet/maui#12
[monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll
**System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception.

Android 9, 12

[NetworkSecurityConfig] No Network Security Config specified, using platform default
[System.err] javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err]    at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:331)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1138)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1093)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:841)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:713)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:678)
[System.err]    at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:236)
[System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
[System.err]    at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353)
[System.err]    at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102)
[System.err]    at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104)
[System.err]    at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:232)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1633)
[System.err]    at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method)
[System.err]    at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:521)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1099)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1119)
[System.err]    at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1091)
[System.err]    ... 4 more
[System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
[System.err]    ... 18 more
[monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll
[monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll
[monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll
Thread started: <Thread Pool> dotnet/maui#12
[monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll
**System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception.
ghost commented 1 year ago

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones See info in area-owners.md if you want to be subscribed.

Issue Details
### Description When trying to connect to a chromecast there will be an authentication error. Becauser there is no network security config specified and there is no path for a trust anchor certificate ### Steps to Reproduce 1. Create a new .NET MAUI project 2. Add the Scharpcaster 1.0.8 package. 3. Create in the MainPage.xaml.cs a OnAppearing function 4. Add the following code in the OnAppearing function under step 5: 5. Test the app and the app will break when trying to connect to a Chromecast ```cs base.OnAppearing(); IChromecastLocator locator = new MdnsChromecastLocator(); var chromeCasts = await locator.FindReceiversAsync(); var client = new ChromecastClient(); await client.ConnectChromecast(chromeCasts.First()); _ = client.LaunchApplicationAsync("CC1AD845"); var media = new Media { ContentUrl = "https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/mp4/DesigningForGoogleCast.mp4" }; _ = await client.GetChannel().LoadAsync(media); ``` ### Link to public reproduction project repository https://github.com/timgoeij/MauiChromeCastTest ### Version with bug 7.0 (current) ### Last version that worked well Unknown/Other ### Affected platforms Android ### Affected platform versions Android 7.1, 9, 12 ### Did you find any workaround? _No response_ ### Relevant log output ```shell Android 7.1: [NetworkSecurityConfig] No Network Security Config specified, using platform default [System.err] javax.net.ssl.SSLHandshakeException: Handshake failed [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:441) [System.err] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:1270) [System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375) [System.err] at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:318) [System.err] at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102) [System.err] at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104) [System.err] at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:202) [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.verifyCertificateChain(OpenSSLEngineImpl.java:666) [System.err] at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake_bio(Native Method) [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:426) [System.err] ... 1 more [System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] ... 12 more [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll Thread started: dotnet/maui#12 [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll **System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception. Android 9, 12 [NetworkSecurityConfig] No Network Security Config specified, using platform default [System.err] javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:331) [System.err] at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1138) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1093) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:841) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:713) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:678) [System.err] at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:236) [System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418) [System.err] at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353) [System.err] at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102) [System.err] at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104) [System.err] at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:232) [System.err] at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1633) [System.err] at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) [System.err] at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:521) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1099) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1119) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1091) [System.err] ... 4 more [System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] ... 18 more [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll Thread started: dotnet/maui#12 [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll **System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception. ```
Author: timgoeij
Assignees: -
Labels: `area-System.Security`
Milestone: -
ghost commented 1 year ago

Tagging subscribers to this area: @dotnet/ncl, @vcsjones See info in area-owners.md if you want to be subscribed.

Issue Details
### Description When trying to connect to a chromecast there will be an authentication error. Becauser there is no network security config specified and there is no path for a trust anchor certificate ### Steps to Reproduce 1. Create a new .NET MAUI project 2. Add the Scharpcaster 1.0.8 package. 3. Create in the MainPage.xaml.cs a OnAppearing function 4. Add the following code in the OnAppearing function under step 5: 5. Test the app and the app will break when trying to connect to a Chromecast ```cs base.OnAppearing(); IChromecastLocator locator = new MdnsChromecastLocator(); var chromeCasts = await locator.FindReceiversAsync(); var client = new ChromecastClient(); await client.ConnectChromecast(chromeCasts.First()); _ = client.LaunchApplicationAsync("CC1AD845"); var media = new Media { ContentUrl = "https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/mp4/DesigningForGoogleCast.mp4" }; _ = await client.GetChannel().LoadAsync(media); ``` ### Link to public reproduction project repository https://github.com/timgoeij/MauiChromeCastTest ### Version with bug 7.0 (current) ### Last version that worked well Unknown/Other ### Affected platforms Android ### Affected platform versions Android 7.1, 9, 12 ### Did you find any workaround? _No response_ ### Relevant log output ```shell Android 7.1: [NetworkSecurityConfig] No Network Security Config specified, using platform default [System.err] javax.net.ssl.SSLHandshakeException: Handshake failed [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:441) [System.err] at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:1270) [System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375) [System.err] at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:318) [System.err] at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102) [System.err] at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104) [System.err] at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:202) [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.verifyCertificateChain(OpenSSLEngineImpl.java:666) [System.err] at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake_bio(Native Method) [System.err] at com.android.org.conscrypt.OpenSSLEngineImpl.unwrap(OpenSSLEngineImpl.java:426) [System.err] ... 1 more [System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] ... 12 more [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll Thread started: dotnet/maui#12 [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll **System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception. Android 9, 12 [NetworkSecurityConfig] No Network Security Config specified, using platform default [System.err] javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.SSLUtils.toSSLHandshakeException(SSLUtils.java:331) [System.err] at com.android.org.conscrypt.ConscryptEngine.convertException(ConscryptEngine.java:1138) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1093) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:841) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:713) [System.err] at com.android.org.conscrypt.ConscryptEngine.unwrap(ConscryptEngine.java:678) [System.err] at com.android.org.conscrypt.Java8EngineWrapper.unwrap(Java8EngineWrapper.java:236) [System.err] Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495) [System.err] at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418) [System.err] at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:353) [System.err] at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:102) [System.err] at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:104) [System.err] at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:232) [System.err] at com.android.org.conscrypt.ConscryptEngine.verifyCertificateChain(ConscryptEngine.java:1633) [System.err] at com.android.org.conscrypt.NativeCrypto.ENGINE_SSL_read_direct(Native Method) [System.err] at com.android.org.conscrypt.NativeSsl.readDirectByteBuffer(NativeSsl.java:521) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataDirect(ConscryptEngine.java:1099) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextDataHeap(ConscryptEngine.java:1119) [System.err] at com.android.org.conscrypt.ConscryptEngine.readPlaintextData(ConscryptEngine.java:1091) [System.err] ... 4 more [System.err] Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. [System.err] ... 18 more [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl-NL/System.Net.Security.resources.dll [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll Thread started: dotnet/maui#12 [monodroid-assembly] open_from_bundles: failed to load assembly nl/System.Net.Security.resources.dll **System.Security.Authentication.AuthenticationException:** 'Authentication failed, see inner exception. ```
Author: timgoeij
Assignees: -
Labels: `area-System.Net.Security`, `os-android`, `untriaged`
Milestone: -
jfversluis commented 1 year ago

I have confirmed that this also happens with a Android project without .NET MAUI involved on net7.0-android.

The same happens when using the GoogleCast plugin instead of the plugin used here, so it doesn't seem to be the plugin either. The exact same code works on iOS/macOS.

steveisok commented 1 year ago

/cc @simonrozsival

simonrozsival commented 1 year ago

The remote certificate validation callback in SharpCaster will work with .NET 8 on Android thanks to #77386 (https://github.com/Tapanila/SharpCaster/blob/0cf04845f961c6a975681ee8daa2349bbe4c9259/Sharpcaster/ChromeCastClient.cs#L110).

We chose not to backport the fix to .NET 7 and I don't know how this could be worked around using network_security_config.xml. I'm afraid there isn't a good workaround for this issue in .NET 7.