[Bug Report] System.NullReferenceException: ProvisioningTransportException: HTTP transport exception during provClient.RegisterAsync() #3493
Description
Context
C# MAUI project, .net8 targetting Android 12, API 31
works fine with ubuntu 20, windows 11 Desktop x64
- same issue with both AVD and physical tablet.
SDK version used:
Microsoft.CSharp {4.7.0}
Portable.BouncyCastle {1.9.0}
Azure.Identity {1.14.2}
Microsoft.Azure.Devices.Client {1.42.3}
Microsoft.Azure.Devices.Provisioning.Transport.Http {1.15.4}
Microsoft.Extensions.Logging.Abstractions {8.0.3}
Newtonsoft.Json {13.0.3}
Microsoft.Azure.Devices.Provisioning.Transport.Mqtt {1.17.5}
Microsoft.Azure.Devices {1.40.0}
Azure.Messaging.ServiceBus {7.20.1}
Microsoft.Extensions.Logging.Abstractions {8.0.3}
Newtonsoft.Json {13.0.3}
System.Configuration.ConfigurationManager {9.0.7}
System.Text.Json {8.0.6}
Microsoft.Maui.Controls {8.0.100}
Microsoft.NET.ILLink.Tasks {8.0.19}
Microsoft.Maui.Controls.Compatibility {8.0.100}
Microsoft.Extensions.Logging.Debug {8.0.1}
System.Diagnostics.DiagnosticSource {8.0.1}
log4net {3.1.0}
I get following exception during ProvisioningDeviceClient.RegisterAsync()
Object reference not set to an instance of an object.
at Microsoft.Azure.Devices.Provisioning.Client.Transport.CertificateChainCredentials.InitializeServiceClient[DeviceProvisioningServiceRuntimeClient](ServiceClient`1 client)
at Microsoft.Azure.Devices.Provisioning.Client.Transport.DeviceProvisioningServiceRuntimeClient..ctor(Uri baseUri, ServiceClientCredentials credentials, HttpClientHandler rootHandler, DelegatingHandler[] handlers)
at Microsoft.Azure.Devices.Provisioning.Client.Transport.HttpAuthStrategyX509.CreateClient(Uri uri, HttpClientHandler httpClientHandler)
at Microsoft.Azure.Devices.Provisioning.Client.Transport.ProvisioningTransportHandlerHttp.RegisterAsync(ProvisioningTransportRegisterMessage message, CancellationToken cancellationToken)
at Microsoft.Azure.Devices.Provisioning.Client.Transport.ProvisioningTransportHandlerHttp.RegisterAsync(ProvisioningTransportRegisterMessage message, CancellationToken cancellationToken)
at mysomeclass.ConnectToProvisioningClient(String deviceId) in mycode.cs:line [someline]
in debug console
[me.myapp] type=1400 audit(0.0:11222): avc: denied { getattr } for path="/proc/sys/kernel/ostype" dev="proc" ino=540598 scontext=u:r:untrusted_app:s0:c191,c256,c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0 app=com.companyname.myapp
Description of the issue
the procedure used is standard as same code works in windows 11 and ubuntu.
But only in android it gives error. also I could not debug the source for the sdk lib in android.
Steps used
- // Generate a new RSA key pair (2048 bits) for CSR request
var keyGenerationParams = new KeyGenerationParameters(new Org.BouncyCastle.Security.SecureRandom(), 2048);
var keyGen = new RsaKeyPairGenerator();
keyGen.Init(keyGenerationParams);
AsymmetricCipherKeyPair keyPair = keyGen.GenerateKeyPair();
// Output the private key as PEM string
string privateKeyPem;
using (var sw = new StringWriter())
{
var pemWriter = new PemWriter(sw);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKeyPem = sw.ToString();
}
// Build subject info (adjust fields as needed)
var attrs = new List<KeyValuePair<DerObjectIdentifier, string>>
{
new KeyValuePair<DerObjectIdentifier, string>(X509Name.CN, deviceId),
new KeyValuePair<DerObjectIdentifier, string>(X509Name.O, "Your Organization"),
new KeyValuePair<DerObjectIdentifier, string>(X509Name.L, "Your Locality"),
new KeyValuePair<DerObjectIdentifier, string>(X509Name.ST, "Your State"),
};
var subject = new X509Name(attrs.Select(x => x.Key).ToList(), attrs.ToDictionary(x => x.Key, x => x.Value));
// Create the PKCS#10 Certificate Signing Request
var signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA", keyPair.Private);
var csr = new Pkcs10CertificationRequest(signatureFactory, subject, keyPair.Public, null, keyPair.Private);
// Output the CSR as PEM string
string csrPem;
using (var swCsr = new StringWriter())
{
var pemWriterCsr = new PemWriter(swCsr);
pemWriterCsr.WriteObject(csr);
pemWriterCsr.Writer.Flush();
csrPem = swCsr.ToString();
}
return (csrPem, privateKeyPem);
- send CSR to CA get signed certificate
- combine CS from CA with private key from 1.
// Parse certificate PEM
var certReader = new PemReader(new StringReader(certificatePEMStr));
var bcCert = (Org.BouncyCastle.X509.X509Certificate)certReader.ReadObject();
// Parse private key PEM
var keyReader = new PemReader(new StringReader(privateKeyPEM));
var keyPair = (AsymmetricCipherKeyPair)keyReader.ReadObject();
// Convert BouncyCastle private key to .NET RSA
var rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair.Private);
var rsa = RSA.Create();
rsa.ImportParameters(rsaParams);
// Create X509Certificate2 from BouncyCastle certificate
var cert = new X509Certificate2(bcCert.GetEncoded());
// Combine with private key
var certWithKey = cert.CopyWithPrivateKey(rsa);
// Export and reload for Android compatibility
var pkcs12Bytes = certWithKey.Export(X509ContentType.Pkcs12);
var finalCert = new X509Certificate2(pkcs12Bytes, (string)null,
X509KeyStorageFlags.Exportable);
// Validate the certificate
ValidateCertificate(finalCert);
Console.WriteLine("X509Certificate2 created successfully");
Console.WriteLine($"Subject: {finalCert.Subject}");
Console.WriteLine($"Thumbprint: {finalCert.Thumbprint}");
Console.WriteLine($"Has Private Key: {finalCert.HasPrivateKey}");
Console.WriteLine($"Valid From: {finalCert.NotBefore}");
Console.WriteLine($"Valid To: {finalCert.NotAfter}");
//var id = new DeviceRegistration(_security.GetRegistrationID());
return finalCert;
finally try to connect to provision client
var transport = new ProvisioningTransportHandlerHttp();
_security = new SecurityProviderX509Certificate(finalCert);
_provClient =
ProvisioningDeviceClient.Create(_provisioningServiceEndPoint, _IDScope, _security, transport);
_provClient.RegisterAsync()