Serialization and de-serialization of certain objects does not work as expected

[MarceloMaia2]

[READ] Step 1: Are you in the right place?

Issues filed here should be about bugs in the code in this repository.
If you have a general question, need help debugging, or fall into some
other category use one of these other channels:

• For general technical questions, post a question on StackOverflow
  with the firebase tag.
• For general Firebase discussion, use the firebase-talk
  google group.
• For help troubleshooting your application that does not fall under one
  of the above categories, reach out to the personalized
  Firebase support channel.

[REQUIRED] Step 2: Describe your environment

• Android Studio version: 4.1.3
• Firebase Component: inappmessaging
• Component version: 20.0.0

[REQUIRED] Step 3: Describe the problem

Steps to reproduce:

The problem
java.lang.ClassNotFoundException: com.google.android.gms.org.conscrypt.OpenSSLRSAPrivateCrtKey at java.lang.Class.classForName(Native Method) at java.lang.Class.forName(Class.java:453) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:628) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1615) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1520) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1776) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353) at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:2002) at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1926) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1803) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1353) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:373)

Without SDK of Firebase InApp Messaging (FIAM), de-serialization and serialization works as expected. Adding the firebase-inappmessaging-display dependency to the project, causes this completely separate part to throw an exception.

Relevant Code:

To generate RSA:

public static KeyPair generateRSAKeyPair() {
        KeyPairGenerator keyGen = null;
        KeyPair keyPair = null;
        try {
            keyGen = KeyPairGenerator.getInstance("RSA");
            keyGen.initialize(1024);
            keyPair = keyGen.genKeyPair();
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            e.printStackTrace();
        }
        return keyPair;
    }

To serialize:

public static byte[] serializeClientKeyPair(KeyPair clientKeyPair) {
        ByteArrayOutputStream b = new ByteArrayOutputStream();
        ObjectOutputStream o;
        try {
            o = new ObjectOutputStream(b);
            o.writeObject(clientKeyPair);
        } catch (IOException e) {
            e.printStackTrace();
        }
        byte[] res = b.toByteArray();
        return res;
    }

And to de-serialize:

public static KeyPair deserializeKeyPair(byte[] serializedKeyPair) {
        ByteArrayInputStream bi = new ByteArrayInputStream(serializedKeyPair);
        ObjectInputStream oi;
        Object obj = null;
        try {
            oi = new ObjectInputStream(bi);
            obj = oi.readObject();
        } catch (StreamCorruptedException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        }
        return ((KeyPair) obj);
    }

When including FIAM SDK to the project, with an Android >=9, exception is thrown at obj = oi.readObject(); when doing the steps:

                KeyPair keyPair = generateRSAKeyPair();
                byte[] serialized = serializeClientKeyPair(keyPair);
                KeyPair deserializedKeyPair = deserializeKeyPair(serialized);

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[eldhosembabu]

Could you please provide a sample project with detailed steps to reproduce this issue?

[MarceloMaia2]

Could you please provide a sample project with detailed steps to reproduce this issue?

Hello, you can use this sample project https://github.com/MarceloMaia2/FIAM

@eldhosembabu is this helpful?

[MarceloMaia2]

Hello @eldhosembabu , is there any kind of update?
Best regards,

[eldhosembabu]

hi @MarceloMaia2 ,

thanks for providing the sample app and it helps!

I was able to reproduce the issue and we are looking into it. Will keep you posted.

Let me know if you are experiencing this issue related with any other firebase SDKs other than FIAM SDK

[victorlopesjg]

Hi @eldhosembabu ,

Is there any way to solve this problem?

[eldhosembabu]

I think it has to do with the fact that fiam uses(as it should) https://github.com/firebase/firebase-android-sdk/blob/master/firebase-inappmessaging/src/main/java/com/google/firebase/inappmessaging/internal/ProviderInstaller.java#L34
this ensures that old devices have secure tls connections.

So our suggestion is to use some modern serialization mechanism like json, protobuf, etc

[victorlopesjg]

Hi @eldhosembabu , I don't understand your suggestion. We use KeyPair to validate the communication with the server. How best to do this?

[victorlopesjg]

The problem was solved. It was necessary to use KeyPairGenerator

[eldhosembabu]

Hi @victorlopesjg ,

Glad to hear the problem was resolved. Would be great if you can mention the resolution here so that it could benefit others with same issue.

[eldhosembabu]

Possible resolution : #2554 (comment)