public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null)
{
this.throwOnCaptiveNetwork = throwOnCaptiveNetwork;
var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration;
// System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types
// for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port
// this configuration directly and instead use the specified minimum value when one is specified.
configuration.TLSMinimumSupportedProtocol = SslProtocol.Tls_1_2;
this.CertificatePinner = new CertificatePinner();
foreach (var pin in customSSLVerification.Pins)
{
this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys);
}
SetClientCertificate(customSSLVerification.ClientCertificate);
var urlSessionDelegate = new DataTaskDelegate(this);
session = NSUrlSession.FromConfiguration(configuration, (INSUrlSessionDelegate)urlSessionDelegate, null);
// NSUrlSessionConfiguration.DefaultSessionConfiguration uses the default NSHttpCookieStorage.SharedStorage
}
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null)
{
this.throwOnCaptiveNetwork = throwOnCaptiveNetwork;
// Enforce TLS1.2
SslProtocols = SslProtocols.Tls12;
this.ServerCertificateCustomValidationCallback = (sender, cert, chain, errors) =>
{
var hostname = sender.RequestUri.Host;
if (!this.CertificatePinner.HasPins(hostname) || !this.CertificatePinner.Check(hostname, cert.RawData))
{
errors = SslPolicyErrors.RemoteCertificateNameMismatch;
}
return(errors == SslPolicyErrors.None);
};
this.CertificatePinner = new CertificatePinner();
// Add Certificate Pins
foreach (var pin in customSSLVerification.Pins)
{
this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys);
}
// Set client credentials
SetClientCertificate(customSSLVerification.ClientCertificate);
if (cookieHandler != null)
{
this.CookieContainer = cookieHandler;
}
}
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null)
{
this.throwOnCaptiveNetwork = throwOnCaptiveNetwork;
var clientBuilder = client.NewBuilder();
var specsBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(TlsVersion.Tls12);
var specs = specsBuilder.Build();
clientBuilder.ConnectionSpecs(new List <ConnectionSpec>()
{
specs
});
clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR
clientBuilder.HostnameVerifier(new HostnameVerifier(customSSLVerification.Pins));
this.CertificatePinnerBuilder = new CertificatePinner.Builder();
// Add Certificate Pins
foreach (var pin in customSSLVerification.Pins)
{
this.CertificatePinnerBuilder.Add(pin.Hostname, pin.PublicKeys);
}
clientBuilder.CertificatePinner(CertificatePinnerBuilder.Build());
// Set client credentials
SetClientCertificate(customSSLVerification.ClientCertificate);
// Set SslSocketFactory
if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop)
{
// Support TLS1.2 on Android versions before Lollipop
clientBuilder.SslSocketFactory(new TlsSslSocketFactory(KeyManagers, null), TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
else
{
var sslContext = SSLContext.GetInstance("TLS");
sslContext.Init(KeyManagers, null, null);
clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
if (cookieHandler != null)
{
clientBuilder.CookieJar(cookieHandler);
}
client = clientBuilder.Build();
}
/// <summary>
/// Initializes a new instance of the <see
/// cref="ModernHttpClient.NativeMessageHandler"/> class.
/// </summary>
/// <param name="throwOnCaptiveNetwork">If set to <c>true</c> throw on
/// captive network (ie: a captive network is usually a wifi network
/// where an authentication html form is shown instead of the real
/// content).</param>
/// <param name="customSSLVerification">Enable custom SSL certificate
/// verification via ServicePointManager. Disabled by default for
/// performance reasons (i.e. the OS default certificate verification
/// will take place)</param>
/// <param name="cookieHandler">Enable native cookie handling.
/// </param>
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) : base()
{
}
