private void InternalBeginWrite(InternalAsyncResult asyncResult)
{
byte[] new_buffer = asyncResult.Buffer;
if (asyncResult.Offset != 0 && asyncResult.Count != 0)
{
new_buffer = new byte[asyncResult.Count];
Array.Copy(asyncResult.Buffer, asyncResult.Offset, new_buffer, 0, asyncResult.Count);
}
// Only write to the SSL object if we have data
if (asyncResult.Count != 0)
{
int bytesWritten = ssl.Write(new_buffer, asyncResult.Count);
if (bytesWritten < 0)
{
SslError lastError = ssl.GetError(bytesWritten);
if (lastError == SslError.SSL_ERROR_WANT_READ)
{
//!!TODO - Log - unexpected renogiation request
}
throw new OpenSslException();
}
}
uint bytesPending = write_bio.BytesPending;
//!!while (bytesPending > 0)
{
ArraySegment <byte> buf = write_bio.ReadBytes((int)bytesPending);
innerStream.BeginWrite(buf.Array, 0, buf.Count, new AsyncCallback(InternalWriteCallback), asyncResult);
//!!bytesPending = write_bio.BytesPending;
}
}
// Continue only when there is a ssl warnings.
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
String message = "SSL Certificate error.";
switch (error.PrimaryError)
{
case SslErrorType.Untrusted:
message = "The certificate authority is not trusted.";
break;
case SslErrorType.Expired:
message = "The certificate has expired.";
break;
case SslErrorType.Idmismatch:
message = "The certificate Hostname mismatch.";
break;
case SslErrorType.Notyetvalid:
message = "The certificate is not yet valid.";
break;
}
message += "\"SSL Certificate Error\" Do you want to continue anyway?.. YES";
//handler.proceed();
handler.Proceed();
}
internal protected override bool ProcessHandshake()
{
bool ret = false;
// Check to see if we have an exception from the previous call
//!!if (handshakeException != null)
//!!{
//!! throw handshakeException;
//!!}
int nRet = 0;
if (handShakeState == HandshakeState.InProcess)
{
nRet = ssl.Connect();
}
else if (handShakeState == HandshakeState.RenegotiateInProcess ||
handShakeState == HandshakeState.Renegotiate)
{
handShakeState = HandshakeState.RenegotiateInProcess;
nRet = ssl.DoHandshake();
}
if (nRet <= 0)
{
SslError lastError = ssl.GetError(nRet);
if (lastError == SslError.SSL_ERROR_WANT_READ)
{
// Do nothing -- the base stream will write the data from the bio
// when this call returns
}
else if (lastError == SslError.SSL_ERROR_WANT_WRITE)
{
// unexpected error
//!!TODO - debug log
}
else
{
// We should have alert data in the bio that needs to be written
// We'll save the exception, allow the write to start, and then throw the exception
// when we come back into the AsyncHandshakeCall
if (write_bio.BytesPending > 0)
{
handshakeException = new OpenSslException();
}
else
{
throw new OpenSslException();
}
}
}
else
{
// Successful handshake
ret = true;
}
return(ret);
}
override protected bool HandleIncoming(MemBlock data, out MemBlock app_data)
{
app_data = null;
int count = 0;
lock (_buffer_sync) {
if (data != null)
{
data.CopyTo(_buffer, 0);
_read.Write(_buffer, data.Length);
}
count = _ssl.Read(_buffer, _buffer.Length);
if (count > 0)
{
app_data = MemBlock.Copy(_buffer, 0, count);
}
}
if (app_data != null)
{
// If the read was successful, Dtls has received an incoming data
// message and decrypted it
return(true);
}
else
{
SslError error = _ssl.GetError(count);
if (error == SslError.SSL_ERROR_WANT_READ)
{
if (SslState == SslState.OK)
{
UpdateState(States.Active);
// In the SslCtx verify, there's no way to get the underlying Sender
_ch.Verify(RemoteCertificate, Sender);
}
HandleWouldBlock();
}
else if (error == SslError.SSL_ERROR_SSL)
{
var ose = new OpenSslException();
Close("Received unrecoverable error: " + ose.ToString());
throw ose;
}
else if (error == SslError.SSL_ERROR_ZERO_RETURN)
{
Close("Received clean close notification");
}
else
{
ProtocolLog.WriteIf(ProtocolLog.SecurityExceptions,
"Receive other: " + error);
}
}
return(false);
}
internal protected override bool ProcessHandshake()
{
bool bRet = false;
int nRet = 0;
if (handShakeState == HandshakeState.InProcess)
{
nRet = ssl.Accept();
}
else if (handShakeState == HandshakeState.RenegotiateInProcess)
{
nRet = ssl.DoHandshake();
}
else if (handShakeState == HandshakeState.Renegotiate)
{
nRet = ssl.DoHandshake();
ssl.State = Ssl.SSL_ST_ACCEPT;
handShakeState = HandshakeState.RenegotiateInProcess;
}
SslError lastError = ssl.GetError(nRet);
if (lastError == SslError.SSL_ERROR_WANT_READ || lastError == SslError.SSL_ERROR_WANT_WRITE || lastError == SslError.SSL_ERROR_NONE)
{
if (nRet == 1) // success
{
bRet = true;
}
}
else
{
// Check to see if we have alert data in the write_bio that needs to be sent
if (write_bio.BytesPending > 0)
{
// We encountered an error, but need to send the alert
// set the handshakeException so that it will be processed
// and thrown after the alert is sent
handshakeException = new OpenSslException();
}
else
{
// No alert to send, throw the exception
throw new OpenSslException();
}
}
return(bRet);
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
Log.Info("Error", "Exception caught!");
handler.Proceed();
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
Log.Info("Error", "Exception caught!");
handler.Cancel();
}
private void InternalReadCallback(IAsyncResult asyncResult)
{
InternalAsyncResult internalAsyncResult = (InternalAsyncResult)asyncResult.AsyncState;
bool haveDataToReturn = false;
try
{
int bytesRead = 0;
try
{
bytesRead = innerStream.EndRead(asyncResult);
}
catch (Exception ex)
{
// Set the exception into the internal async result
internalAsyncResult.SetComplete(ex);
}
if (bytesRead <= 0)
{
// Zero byte read most likely indicates connection closed (if it's a network stream)
internalAsyncResult.SetComplete(0);
return;
}
else
{
// Copy encrypted data into the SSL read_bio
read_bio.Write(read_buffer, bytesRead);
if (handShakeState == HandshakeState.InProcess ||
handShakeState == HandshakeState.RenegotiateInProcess)
{
// We are in the handshake, complete the async operation to fire the async
// handshake callback for processing
internalAsyncResult.SetComplete(bytesRead);
return;
}
uint nBytesPending = read_bio.BytesPending;
byte[] decrypted_buf = new byte[SSL3_RT_MAX_PACKET_SIZE];
while (nBytesPending > 0)
{
int decryptedBytesRead = ssl.Read(decrypted_buf, decrypted_buf.Length);
if (decryptedBytesRead <= 0)
{
SslError lastError = ssl.GetError(decryptedBytesRead);
if (lastError == SslError.SSL_ERROR_WANT_READ)
{
// if we have bytes pending in the write bio.
// the client has requested a renegotiation
if (write_bio.BytesPending > 0)
{
// Start the renegotiation by writing the write_bio data, and use the RenegotiationWriteCallback
// to handle the rest of the renegotiation
ArraySegment <byte> buf = write_bio.ReadBytes((int)write_bio.BytesPending);
innerStream.BeginWrite(buf.Array, 0, buf.Count, new AsyncCallback(RenegotiationWriteCallback), internalAsyncResult);
return;
}
// no data in the out bio, we just need more data to complete the record
//break;
}
else if (lastError == SslError.SSL_ERROR_WANT_WRITE)
{
// unexpected error!
//!!TODO debug log
}
else if (lastError == SslError.SSL_ERROR_ZERO_RETURN)
{
// Shutdown alert
SendShutdownAlert();
break;
}
else
{
throw new OpenSslException();
}
}
if (decryptedBytesRead > 0)
{
// Write decrypted data to memory stream
long pos = decrypted_data_stream.Position;
decrypted_data_stream.Seek(0, SeekOrigin.End);
decrypted_data_stream.Write(decrypted_buf, 0, decryptedBytesRead);
decrypted_data_stream.Seek(pos, SeekOrigin.Begin);
haveDataToReturn = true;
}
// See if we have more data to process
nBytesPending = read_bio.BytesPending;
}
// Check to see if we have data to return, if not, fire the async read again
if (!haveDataToReturn)
{
innerStream.BeginRead(read_buffer, 0, read_buffer.Length, new AsyncCallback(InternalReadCallback), internalAsyncResult);
}
else
{
int bytesReadIntoUserBuffer = 0;
// Read the data into the buffer provided by the user (now hosted in the InternalAsyncResult)
bytesReadIntoUserBuffer = decrypted_data_stream.Read(internalAsyncResult.Buffer, internalAsyncResult.Offset, internalAsyncResult.Count);
internalAsyncResult.SetComplete(bytesReadIntoUserBuffer);
}
}
}
catch (Exception ex)
{
internalAsyncResult.SetComplete(ex);
}
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
if (sslContinue == null)
{
var certComparer = new SslCertificateEqualityComparer();
sslContinue = new HashSet <SslCertificate> (certComparer);
inProgress = new Dictionary <SslCertificate, List <SslErrorHandler> > (certComparer);
}
List <SslErrorHandler> handlers;
if (inProgress.TryGetValue(error.Certificate, out handlers))
{
handlers.Add(handler);
return;
}
if (sslContinue.Contains(error.Certificate))
{
handler.Proceed();
return;
}
inProgress[error.Certificate] = new List <SslErrorHandler>();
AlertDialog.Builder builder = new AlertDialog.Builder(this.activity);
builder.SetTitle("Security warning");
builder.SetIcon(Android.Resource.Drawable.IcDialogAlert);
builder.SetMessage("There are problems with the security certificate for this site.");
builder.SetNegativeButton("Go back", (sender, args) => {
UpdateInProgressHandlers(error.Certificate, h => h.Cancel());
handler.Cancel();
});
builder.SetPositiveButton("Continue", (sender, args) => {
sslContinue.Add(error.Certificate);
UpdateInProgressHandlers(error.Certificate, h => h.Proceed());
handler.Proceed();
});
builder.Create().Show();
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
try
{
base.OnReceivedSslError(view, handler, error);
OnPageEventReceivedSslError?.Invoke(view, handler, error);
}
catch (Exception e)
{
Crashes.TrackError(e);
}
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
/*SslCertificate sslCertificateserver = error.Certificate;
* String key = KeyStore.DefaultType;
* KeyStore keyStore = KeyStore.GetInstance(key);
* keyStore.Load(null, null);
* Certificate cer = keyStore.GetCertificate("ca");
*
* if (cer!=null)
* {
* X509Certificate x509 = (Java.Security.Cert.X509Certificate)cer;
* SslCertificate sslcert = new SslCertificate(x509);
*
* }*/
switch (error.PrimaryError)
{
case SslError.SslUntrusted:
handler.Proceed();
break;
case SslError.SslExpired:
break;
case SslError.SslIdmismatch:
break;
case SslError.SslNotyetvalid:
handler.Proceed();
break;
default:
break;
}
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
if (FormsWebViewRenderer.IgnoreSslGlobally)
{
handler.Proceed();
}
else
{
handler.Cancel();
}
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
handler.Proceed();
//AlertDialog.Builder builder = new AlertDialog.Builder((Activity)Forms.Context);
//AlertDialog ad = builder.Create();
//string message = "Zertifikat Fehler";
//switch (error.PrimaryError)
//{
// case SslErrorType.Untrusted:
// message = "Zertifikat ist nicht vertrauenswürdig."; break;
// case SslErrorType.Expired:
// message = "Zertifikat ist abgelaufen."; break;
// case SslErrorType.Idmismatch:
// message = "Zertifikat ID ist fehlerhaft."; break;
// case SslErrorType.Notyetvalid:
// message = "Zertifikat ist noch nicht gültig."; break;
//}
//message += " Möchten Sie trotzdem fortfahren?";
//ad.SetTitle("SSL Zertifikat Fehler");
//ad.SetMessage(message);
//ad.SetButton("OK", (sender, args) =>
//{
// handler.Proceed();
//});
//ad.SetButton2("Cancel", (sender, args) =>
//{
// handler.Cancel();
//});
//ad.SetIcon(Android.Resource.Drawable.IcDialogAlert);
//ad.Show();
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
IsInWebClientFrame = true;
try {
if (BaseClient != null)
{
BaseClient.OnReceivedSslError(view, handler, error);
}
else
{
base.OnReceivedSslError(view, handler, error);
}
} finally {
IsInWebClientFrame = false;
}
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
handler.Proceed();
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
base.OnReceivedSslError(view, handler, error);
}
public override void OnReceivedSslError(Android.Webkit.WebView view, SslErrorHandler handler, SslError error)
{
if (Reference == null || !Reference.TryGetTarget(out FormsWebViewRenderer renderer))
{
return;
}
if (renderer.Element == null)
{
return;
}
if (FormsWebViewRenderer.IgnoreSSLGlobally)
{
handler.Proceed();
}
else
{
handler.Cancel();
renderer.Element.Navigating = false;
}
}
public override void OnReceivedSslError(WebView view, SslErrorHandler handler, SslError error)
{
Logger.Error(Tag, "onReceivedSslError: error");
handler.Cancel();
}
