Environment

• Android Studio Chipmunk | 2021.2.1 Patch 2
• openkit-java v2.2.0

Problem
warning [TrustAllX509TrustManager](https://github.com/Dynatrace/openkit-java/issues/new#TrustAllX509TrustManager): Insecure TLS/SSL trust manager

Insecure TLS/SSL trust manager [../../com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class](https://github.com/Dynatrace/com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class): checkClientTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers [../../com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class](https://github.com/Dynatrace/com/dynatrace/openkit/protocol/ssl/SSLBlindTrustManager%24BlindX509TrustManager.class): checkServerTrusted is empty, which could cause insecure network traffic due to trusting arbitrary TLS/SSL certificates presented by peers

Steps to reproduce

• Run lintDebug Gradle task
  ./gradlew lintDebug

When DynatraceOpenKitBuilder is initialized with build() - it fails with the stacktrace below on Java 6.

Calling this:

openKit = new DynatraceOpenKitBuilder(BEACON_URL, APP_ID, deviceID).withApplicationName(APP_NAME).withApplicationVersion("1.0.0.0").withOperatingSystem(os).withManufacturer(domain).withModelID(ProcessUtil.getProcessIdAndHost()).enableVerbose().build();

Gives the following error at runtime:

java.lang.ExceptionInInitializerError at java.lang.J9VMInternals.initialize(J9VMInternals.java:222) at com.dynatrace.openkit.AbstractOpenKitBuilder.getLogger(AbstractOpenKitBuilder.java:260) at com.dynatrace.openkit.AbstractOpenKitBuilder.build(AbstractOpenKitBuilder.java:207) at UDynatrace.initDynatraceOpenKit(UDynatrace.java:144)

... cut out ...

Caused by: java.lang.IllegalArgumentException: Illegal pattern character 'X' at java.text.SimpleDateFormat.compile(SimpleDateFormat.java:786) at java.text.SimpleDateFormat.initialize(SimpleDateFormat.java:587) at java.text.SimpleDateFormat.<init>(SimpleDateFormat.java:512) at java.text.SimpleDateFormat.<init>(SimpleDateFormat.java:487) at com.dynatrace.openkit.core.util.DefaultLogger.<clinit>(DefaultLogger.java:32) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) ... 75 more

The error arises because Java 6 does not support the SimpleDateFormat type 'X' -> https://docs.oracle.com/javase/6/docs/api/java/text/SimpleDateFormat.html

Workaround

Create a new Logger implementation and change the DATEFORMAT so it does not contain X in the format.

static final String DATEFORMAT = "yyyy-MM-dd'T'HH:mm:ss.SSS";

Can I suggest to add a bit more information about how to specify the deviceID?

Because it is not very clear for the customer that the deviceID is used for identifying each user that connects to the application.
And needs to be used with only digits.

Based on a conversation on Slack:
Custom applications have the same behavior then mobile applications: Not every session is tagged, especially when the user did not accept the privacy settings. Therefore the metric is based on the device id.

The official documentation is also not very clear: https://docs.dynatrace.com/docs/shortlink/user-session#user-session-identification

My customer has implemented it by specifying the ID of the application and not the ID of the users so in consequence, only 1 unique user was reported:

Thank you!

Action#close() and WebRequestTracer#close() would simply delegate to Action#leaveAction() and WebRequestTracer#stop(), respectively.

This would make both objects transparently usable with try-with-resources in Java 7+ without breaking compatibility with Java 6.

I'm interested in creating a PriorityQueue containing n sessions, prioritized by the remaining status requests. The queue would provide a session that is most likely to be configured and open. At the moment there doesn't seem to be public method that obtains that integer. I believe the closest thing is statically referencing the MAX_STATUS_RETRY int declared inside SessionImpl

This seems more robust than using the most recent timestamp

right now a new HTTPClient object is created for each Beacon.send() call. given that usually the number of different server IDs is very limited (~3) and the monitor name is hardly ever changed, I suggest e.g. pooling of the HTTPClient objects.

I seems like the HTTPClient implementation will not work on Android.

I get this INFO trace when trying to use the sample code in the "instrumenting your app" section of the docs

INFO  [BeaconSender] Exception occurred during connection establishment. Cause : java.net.ProtocolException: content-length promised 473 bytes, but received 295 . Retry in progress.

In HTTPClient, the Content Length used is data.length

Since this class uses java.util.zip.GZIPOutputStream, it would seem the version given in the Android framework isn't compatible.

Should it be changed to use the gzipped length?

e.g.

connection.setRequestProperty("Content-Length", String.valueOf(gzippedData.length));

This request is related to my previous suggestion #207

Would it be possible to use a string in the deviceID?
In my customer context, every user is identified with a unique string identifier (Ex. Z1234567) or with the “Hostname” (Ex. INHL0007777) which are unfortunately alpha numeric characters.

Thank you!

Hey,

Can this library be used to do the server side tracing. I know the tracer which exists is for outgoing web request equivalent, however if we extend the library we might be able to write an incoming web request tracer.
The reason I ask is because oneagent SDK is not behaving well with vertx due to the way thread models work in vertx. The oneagent jumbles up the purepath.

Will we be able to extend this kit to construct the same by extending this SDK.

Abhishek