Here are the versions that we had problems during the migration
Version of Gateway v10 – CR04 (Problem observed in CR03 and also after applying CR04)
OTK Version 4.4.1
Version MAG 4.2.1
Problem :
Login failed when consuming /auth/oauth/v2/token route with MAG SDK 2.0 and 2.1 and Android 10 and 11.
NOTE: For Android minor versions and any iPhone version works without problems.
Error caught in Android DEBUG (full log attached):
2021-10-28 19:12:27.172 29981-30213/? E/MAS: com.ca.mas.core.oauth.OAuthException: Unable to post to https://<GatewayHostName>:8443/auth/oauth/v2/token: Handshake failed
com.ca.mas.core.oauth.OAuthException: com.ca.mas.core.oauth.OAuthException: Unable to post to https://<GatewayHostName>:8443/auth/oauth/v2/token: Handshake failed
…
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8f02818: Failure in SSL library, usually a protocol error
error:04000044:RSA routines:OPENSSL_internal:internal error (external/conscrypt/common/src/jni/main/cpp/conscrypt/native_crypto.cc:740 0xd07a8543:0x00000000)
Release : 10.1
Component : API GATEWAY
Ref : DE508974
After Gateway 10 CR03, RSA-PSS support has been added in the Gateway but for Android 10 and above, we have missed it in our SDK. We need to enable ENCRYPTION_PADDING_NONE to support the same for Android 10 and above.
Apart from that, Android SDK 29 and above has started supporting TLS 1.3. As our gateway has the support for TLS 1.3, MAS SDK does not have that. So we enhanced it to support the TLS 1.3 protocol.
For the devices which are running below Android SDK 29(means Android 9 or below devices), they don't support TLS 1.3. In that case, we should enable TLS 1.2 and TLS 1.3 both on the gateway.
It basically add the support for ENCRYPTION_PADDING_NONE
.setEncryptionPaddings(ENCRYPTION_PADDING_PKCS7, ENCRYPTION_PADDING_RSA_OAEP, ENCRYPTION_PADDING_RSA_PKCS1, ENCRYPTION_PADDING_NONE)
Fix provided (DE520331)
mas-foundation-2.1.00-47.aar
mas-storage-2.1.00-47.aar
These two generated from the same branch and has the same fix.
- you can add the mas storage in the lib folder as well and use.