protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return(new IgnoreSSLHostnameVerifier());
}
#pragma warning disable CS0809 // Obsolete member overrides non-obsolete member
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
#pragma warning restore CS0809 // Obsolete member overrides non-obsolete member
{
return(SSLCertificateSocketFactory.GetInsecure(1000, null));
}
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return(SSLCertificateSocketFactory.GetInsecure(1000, null));
}
/// <summary>
/// Returns a custom host name verifier for a HTTPS connection. By default it returns <c>null</c> and
/// thus the connection uses whatever host name verification mechanism the operating system defaults to.
/// Override in your class to define custom host name verification behavior. The overriding class should
/// not set the <see cref="m:HttpsURLConnection.HostnameVerifier"/> property directly on the passed
/// <paramref name="connection"/>
/// </summary>
/// <returns>Instance of IHostnameVerifier to be used for this HTTPS connection</returns>
/// <param name="connection">HTTPS connection object.</param>
protected virtual IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return(null);
}
/// <summary>
/// Configure and return a custom <see cref="t:SSLSocketFactory"/> for the passed HTTPS <paramref
/// name="connection"/>. If the class overriding the method returns anything but the default
/// <c>null</c>, the SSL setup code will not call the <see cref="ConfigureKeyManagerFactory"/> nor the
/// <see cref="ConfigureTrustManagerFactory"/> methods used to configure a custom trust manager which is
/// then used to create a default socket factory.
/// Deriving class must perform all the key manager and trust manager configuration to ensure proper
/// operation of the returned socket factory.
/// </summary>
/// <returns>Instance of SSLSocketFactory ready to use with the HTTPS connection.</returns>
/// <param name="connection">HTTPS connection to return socket factory for</param>
protected virtual SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return(null);
}
void SetupSSL(HttpsURLConnection httpsConnection)
{
if (httpsConnection == null)
{
return;
}
SSLSocketFactory socketFactory = ConfigureCustomSSLSocketFactory(httpsConnection);
if (socketFactory != null)
{
httpsConnection.SSLSocketFactory = socketFactory;
return;
}
// Context: https://github.com/xamarin/xamarin-android/issues/1615
int apiLevel = (int)Build.VERSION.SdkInt;
if (apiLevel >= 16 && apiLevel <= 20)
{
httpsConnection.SSLSocketFactory = new OldAndroidSSLSocketFactory();
return;
}
KeyStore keyStore = KeyStore.GetInstance(KeyStore.DefaultType);
keyStore.Load(null, null);
bool gotCerts = TrustedCerts?.Count > 0;
if (gotCerts)
{
for (int i = 0; i < TrustedCerts.Count; i++)
{
Certificate cert = TrustedCerts [i];
if (cert == null)
{
continue;
}
keyStore.SetCertificateEntry($"ca{i}", cert);
}
}
keyStore = ConfigureKeyStore(keyStore);
KeyManagerFactory kmf = ConfigureKeyManagerFactory(keyStore);
TrustManagerFactory tmf = ConfigureTrustManagerFactory(keyStore);
if (tmf == null)
{
// If there are no certs and no trust manager factory, we can't use a custom manager
// because it will cause all the HTTPS requests to fail because of unverified trust
// chain
if (!gotCerts)
{
return;
}
tmf = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
tmf.Init(keyStore);
}
SSLContext context = SSLContext.GetInstance("TLS");
context.Init(kmf?.GetKeyManagers(), tmf.GetTrustManagers(), null);
httpsConnection.SSLSocketFactory = context.SocketFactory;
}
public string UploadString(Uri u, string method, string data)
{
// http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/tip/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
// fails on openJDK why?
Console.WriteLine("enter UploadString " + new { u, method });
var w = new StringBuilder();
HttpURLConnection xHttpURLConnection = null;
try
{
#region NSA is that you? intercept? we can only trust pinned off device certs
var trustAllCerts = new[] {
new localX509TrustManager {
}
};
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new localHostnameVerifier {
});
#endregion
//UploadString getOutputStream
//enter checkServerTrusted
//enter getAcceptedIssuers
//UploadString writeBytes
var url = new java.net.URL(u.ToString());
xHttpURLConnection = (HttpURLConnection)url.openConnection();
var https = xHttpURLConnection as HttpsURLConnection;
if (https != null)
{
//Console.WriteLine(new { https });
}
//conn.setHostnameVerifier(new localHostnameVerifier { });
xHttpURLConnection.setDoOutput(true);
xHttpURLConnection.setDoInput(true);
xHttpURLConnection.setInstanceFollowRedirects(false);
//conn.setInstanceFollowRedirects(true);
xHttpURLConnection.setRequestMethod(method);
var xContentType = default(string);
try
{
if (Headers != null)
{
foreach (string key in Headers.AllKeys)
{
if (key == "Content-Type")
{
xContentType = Headers[key];
}
xHttpURLConnection.addRequestProperty(key, Headers[key]);
}
}
}
catch (Exception e)
{
//System.Console.WriteLine("ERROR: Failed to write headers. Exception was:" + e.Message);
}
if (xContentType == null)
{
xHttpURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
xHttpURLConnection.setRequestProperty("charset", "utf-8");
}
//conn.setRequestProperty("content-length", "" + data.Length);
xHttpURLConnection.setRequestProperty("Content-Length", "" + data.Length);
xHttpURLConnection.setUseCaches(false);
//Console.WriteLine("UploadString getOutputStream");
var o = xHttpURLConnection.getOutputStream();
//Console.WriteLine("UploadString writeBytes");
//
DataOutputStream wr = new DataOutputStream(o);
wr.writeBytes(data);
//Console.WriteLine("UploadString flush");
wr.flush();
//Console.WriteLine("UploadString close");
wr.close();
//Console.WriteLine("UploadString readLine");
//var i = new java.io.InputStreamReader(url.openStream(), "UTF-8");
var i = new java.io.InputStreamReader(xHttpURLConnection.getInputStream(), "UTF-8");
var reader = new java.io.BufferedReader(i);
// can't we just read to the end?
var line = reader.readLine();
while (line != null)
{
w.AppendLine(line);
line = reader.readLine();
}
reader.close();
}
catch (Exception err)
{
// 500 ?
// = java.net.ProtocolException: Invalid HTTP method:
// oops
Console.WriteLine("UploadString " + new { err });
}
//Console.WriteLine("exit UploadString " + new { conn });
if (xHttpURLConnection != null)
{
xHttpURLConnection.disconnect();
}
return(w.ToString());
}
public static bool request(NetRequest.RequestAdapter adapter)
{
bool requireRetry = false;
int retryCount = adapter.getRetryCount();
bool code = false;
object exception = null;
object result = null;
HttpsURLConnection conn = null;
// HttpURLConnection conn = null;
OutputStream oout = null;
InputStream iin = null;
bool var36 = false;
do
{
try
{
try
{
requireRetry = false;
var36 = false;
exception = null;
result = null;
URL var34 = new URL(adapter.getURL());
trustAllHosts();
conn = (HttpsURLConnection)var34.OpenConnection();
// conn = (HttpURLConnection)var34.openConnection();
conn.ConnectTimeout = adapter.getConnectTimeout();
conn.DoInput = (true);
conn.DoOutput = (true);
conn.SetRequestProperty("Content-Type", "application/json");
conn.ReadTimeout = (adapter.getReadTimeout());
conn.RequestMethod = (adapter.getRequestMethod());
conn.UseCaches = (false);
conn.HostnameVerifier = (DO_NOT_VERIFY);
//oout = parse(new ByteArrayInputStream(StreamToBytes(conn.OutputStream)));
oout.Write(Encoding.Default.GetBytes(adapter.getRequeststring()));
oout.Flush();
if ((int)conn.ResponseCode != 200)
{
var36 = true;
new IllegalStateException("ResponseCode: " + conn.ResponseCode);
}
else
{
iin = new ByteArrayInputStream(StreamToBytes(conn.InputStream));
adapter.parseResponse(iin);
}
}
catch (SocketTimeoutException var32)
{
var32.PrintStackTrace();
requireRetry = true;
var36 = true;
}
catch (SSLHandshakeException e)
{
e.PrintStackTrace();
// throw new SSLHandshakeException();
}
catch (Java.IO.IOException var33)
{
var33.PrintStackTrace();
var36 = true;
}
catch (JSONException var341)
{
var341.PrintStackTrace();
var36 = true;
}
catch (Java.Lang.Exception var35)
{
var35.PrintStackTrace();
var36 = true;
}
}
catch (Java.Lang.Exception)
{
if (oout != null)
{
try
{
oout.Close();
}
catch (Java.IO.IOException var31)
{
}
}
if (iin != null)
{
try
{
iin.Close();
}
catch (Java.IO.IOException var30)
{
}
}
if (conn != null)
{
conn.Disconnect();
}
}
} while (requireRetry && retryCount-- > 0);
return(var36);
}
protected override SSLSocketFactory?ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return((SSLSocketFactory?)SSLSocketFactory.Default);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return(_hostnameVerifier);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return(AllowSelfSigned ? new IgnoreHostnameVerifier() : base.GetSSLHostnameVerifier(connection));
}
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return(AllowSelfSigned ? SelfSignedSocketFactory() : base.ConfigureCustomSSLSocketFactory(connection));
}
