public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) client.SetHostnameVerifier(new HostnameVerifier()); noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { UseCookies = cookieHandler != null; if (cookieHandler != null) { CookieContainer = cookieHandler.CookieContainer; } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) client.SetHostnameVerifier(new HostnameVerifier()); noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); var factory = new ImprovedSSLSocketFactory(); client.SetSslSocketFactory(factory); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, bool allowUntrustedCertificate, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.customSSLVerification = customSSLVerification; AllowUntrustedCertificates = allowUntrustedCertificate; noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { session = NSUrlSession.FromConfiguration( NSUrlSessionConfiguration.DefaultSessionConfiguration, new DataTaskDelegate(this), null); this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.customSSLVerification = customSSLVerification; this.DisableCaching = false; }
public NativeMessageHandler (bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) client.SetHostnameVerifier (new HostnameVerifier ()); noCacheCacheControl = (new CacheControl.Builder ()).NoCache ().Build (); // If less than Android Lollipop if (((int)Build.VERSION.SdkInt) < 21) { client.SetSslSocketFactory (new ImprovedSSLSocketFactory ()); } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null, SslProtocol? minimumSSLProtocol = null) { var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration; // System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types // for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port // this configuration directly and instead use the specified minimum value when one is specified. if (minimumSSLProtocol.HasValue) { configuration.TLSMinimumSupportedProtocol = minimumSSLProtocol.Value; } session = NSUrlSession.FromConfiguration( NSUrlSessionConfiguration.DefaultSessionConfiguration, new DataTaskDelegate(this), null); this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.customSSLVerification = customSSLVerification; this.DisableCaching = false; }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) { client.SetHostnameVerifier(new HostnameVerifier()); } noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); client.SetFollowSslRedirects(false); client.FollowRedirects = false; }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) { client.SetHostnameVerifier(new HostnameVerifier()); } noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); // If less than Android Lollipop if (((int)Build.VERSION.SdkInt) < 21) { client.SetSslSocketFactory(new ImprovedSSLSocketFactory()); } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration; // System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types // for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port // this configuration directly and instead use the specified minimum value when one is specified. configuration.TLSMinimumSupportedProtocol = SslProtocol.Tls_1_2; this.CertificatePinner = new CertificatePinner(); foreach (var pin in customSSLVerification.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } SetClientCertificate(customSSLVerification.ClientCertificate); var urlSessionDelegate = new DataTaskDelegate(this); session = NSUrlSession.FromConfiguration(configuration, (INSUrlSessionDelegate)urlSessionDelegate, null); // NSUrlSessionConfiguration.DefaultSessionConfiguration uses the default NSHttpCookieStorage.SharedStorage }
/// <summary> /// Initializes a new instance of the <see /// cref="ModernHttpClient.NativeMessageHandler"/> class. /// </summary> /// <param name="throwOnCaptiveNetwork">If set to <c>true</c> throw on /// captive network (ie: a captive network is usually a wifi network /// where an authentication html form is shown instead of the real /// content).</param> /// <param name="customSSLVerification">Enable custom SSL certificate /// verification via ServicePointManager. Disabled by default for /// performance reasons (i.e. the OS default certificate verification /// will take place)</param> /// <param name="cookieHandler">Enable native cookie handling. /// </param> public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) : base() { }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null, List <IInterceptor> networkInterceptors = null, List <IInterceptor> interceptors = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var clientBuilder = Client.NewBuilder(); /*if (customSSLVerification) * { * clientBuilder.HostnameVerifier((hostname, session) => { * return HostnameVerifier.verifyServerCertificate(hostname, session) & HostnameVerifier.verifyClientCiphers(hostname, session); * }); * }*/ // verifyHostnameCallback parameter function on constructor (NativeMessageHandler - Android) when customSSLVerification is true #6 if (customSSLVerification) { clientBuilder.HostnameVerifier(verifyHostnameCallback == null ? (hostname, session) => { #pragma warning disable 0612 return(HostnameVerifier.verifyServerCertificate(hostname, session) & HostnameVerifier.verifyClientCiphers(hostname, session)); #pragma warning restore 0612 } : verifyHostnameCallback); } if (cookieHandler != null) { clientBuilder.CookieJar(cookieHandler); } if (interceptors != null && interceptors.Count > 0) { foreach (var interceptor in interceptors) { clientBuilder.AddInterceptor(interceptor); } } if (networkInterceptors != null && networkInterceptors.Count > 0) { foreach (var interceptor in networkInterceptors) { clientBuilder.AddNetworkInterceptor(interceptor); } } Client = clientBuilder.Build(); noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); // java.lang.NoSuchMethodError when proguard is turned on #12 //var call = Square.OkHttp3.RealCall.FromArray<int>(new[] { 0 }); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.CustomSSLVerification = customSSLVerification; RefreshClient(); noCacheCacheControl = (new CacheControl.Builder()).NoCache().Build(); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.customSSLVerification = customSSLVerification; if (cookieHandler != null) { this.CookieContainer = cookieHandler; } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; // Enforce TLS1.2 SslProtocols = SslProtocols.Tls12; this.ServerCertificateCustomValidationCallback = (sender, cert, chain, errors) => { var hostname = sender.RequestUri.Host; if (!this.CertificatePinner.HasPins(hostname) || !this.CertificatePinner.Check(hostname, cert.RawData)) { errors = SslPolicyErrors.RemoteCertificateNameMismatch; } return(errors == SslPolicyErrors.None); }; this.CertificatePinner = new CertificatePinner(); // Add Certificate Pins foreach (var pin in customSSLVerification.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } // Set client credentials SetClientCertificate(customSSLVerification.ClientCertificate); if (cookieHandler != null) { this.CookieContainer = cookieHandler; } }
/// <summary> /// Initializes a new instance of the <see /// cref="ModernHttpClient.NativeMessageHandler"/> class. /// </summary> /// <param name="throwOnCaptiveNetwork">If set to <c>true</c> throw on /// captive network (ie: a captive network is usually a wifi network /// where an authentication html form is shown instead of the real /// content).</param> /// <param name="sSLConfig">To enable TLS Mutual Authentication</param> /// <param name="cookieHandler">Enable native cookie handling. /// </param> public NativeMessageHandler(bool throwOnCaptiveNetwork, TLSConfig tLSConfig, NativeCookieHandler cookieHandler = null, IWebProxy proxy = null) : base() { }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration; // System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types // for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port // this configuration directly and instead use the specified minimum value when one is specified. if (minimumSSLProtocol.HasValue) { configuration.TLSMinimumSupportedProtocol = minimumSSLProtocol.Value; } var urlSessionDelegate = new DataTaskDelegate(this); session = NSUrlSession.FromConfiguration(NSUrlSessionConfiguration.DefaultSessionConfiguration, (INSUrlSessionDelegate)urlSessionDelegate, null); this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.customSSLVerification = customSSLVerification; // NSUrlSessionConfiguration.DefaultSessionConfiguration uses the default NSHttpCookieStorage.SharedStorage this.DisableCaching = false; }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; if (customSSLVerification) { client.SetHostnameVerifier(new HostnameVerifier()); } }
public NativeMessageHandler(bool throwOnCaptiveNetwork, TLSConfig tLSConfig, NativeCookieHandler cookieHandler = null, IWebProxy proxy = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var clientBuilder = client.NewBuilder(); this.TLSConfig = tLSConfig; var tlsSpecBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(new[] { TlsVersion.Tls12, TlsVersion.Tls13 }); var tlsSpec = tlsSpecBuilder.Build(); var specs = new List <ConnectionSpec>() { tlsSpec }; if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop || NetworkSecurityPolicy.Instance.IsCleartextTrafficPermitted) { specs.Add(ConnectionSpec.Cleartext); } clientBuilder.ConnectionSpecs(specs); clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR // Add Certificate Pins if (!TLSConfig.DangerousAcceptAnyServerCertificateValidator && TLSConfig.Pins != null && TLSConfig.Pins.Count > 0 && TLSConfig.Pins.FirstOrDefault(p => p.PublicKeys.Count() > 0) != null) { this.PinningMode = "PublicKeysOnly"; this.CertificatePinner = new CertificatePinner(); foreach (var pin in TLSConfig.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } clientBuilder.CertificatePinner(CertificatePinner.Build()); } // Set client credentials SetClientCertificate(TLSConfig.ClientCertificate); if (cookieHandler != null) { clientBuilder.CookieJar(cookieHandler); } // Adding proxy support if (proxy != null && proxy is WebProxy) { var webProxy = proxy as WebProxy; var type = Java.Net.Proxy.Type.Http; var address = new InetSocketAddress(webProxy.Address.Host, webProxy.Address.Port); var jProxy = new Proxy(type, address); clientBuilder.Proxy(jProxy); if (webProxy.Credentials != null) { var credentials = (NetworkCredential)webProxy.Credentials; clientBuilder.ProxyAuthenticator(new ProxyAuthenticator(credentials.UserName, credentials.Password)); } } var sslContext = SSLContext.GetInstance("TLS"); // Support self-signed certificates if (TLSConfig.DangerousAcceptAnyServerCertificateValidator) { // Install the all-trusting trust manager var trustManager = new CustomX509TrustManager(); sslContext.Init(KeyManagers, new ITrustManager[] { trustManager }, new SecureRandom()); // Create an ssl socket factory with our all-trusting manager var sslSocketFactory = sslContext.SocketFactory; clientBuilder.SslSocketFactory(sslSocketFactory, trustManager); } else { // Set SslSocketFactory if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop) { // Support TLS1.2 on Android versions before Lollipop ProviderInstaller.InstallIfNeeded(Application.Context); // To enable TLS clientBuilder.SslSocketFactory(new TlsSslSocketFactory(), TlsSslSocketFactory.GetSystemDefaultTrustManager()); } else { sslContext.Init(KeyManagers, null, null); clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager()); } } clientBuilder.HostnameVerifier(new HostnameVerifier(this)); client = clientBuilder.Build(); }
public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) : this(throwOnCaptiveNetwork, customSSLVerification, cookieHandler, null) { }
public NativeMessageHandler(bool throwOnCaptiveNetwork, TLSConfig tLSConfig, NativeCookieHandler cookieHandler = null, IWebProxy proxy = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; this.TLSConfig = tLSConfig; // Enforce TLS1.2 SslProtocols = SslProtocols.Tls12; // Add Certificate Pins if (!TLSConfig.DangerousAcceptAnyServerCertificateValidator && TLSConfig.Pins != null && TLSConfig.Pins.Count > 0 && TLSConfig.Pins.FirstOrDefault(p => p.PublicKeys.Count() > 0) != null) { this.PinningMode = "PublicKeysOnly"; this.CertificatePinner = new CertificatePinner(); foreach (var pin in TLSConfig.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } } // Set client credentials SetClientCertificate(TLSConfig.ClientCertificate); if (cookieHandler != null) { this.CookieContainer = cookieHandler; } // Adding proxy support if (proxy != null) { Proxy = proxy; UseProxy = true; } this.ServerCertificateCustomValidationCallback = (request, root, chain, e) => { var errors = SslPolicyErrors.None; if (TLSConfig.DangerousAcceptAnyServerCertificateValidator) { goto sslErrorVerify; } var hostname = request.RequestUri.Host; var netCerts = new List <X509Certificate2>(); foreach (var element in chain.ChainElements) { netCerts.Add(element.Certificate); } switch (this.PinningMode) { case "CertificateOnly": // Build certificate chain and check for errors if (chain == null || chain.ChainElements.Count == 0) { //no cert at all errors = SslPolicyErrors.RemoteCertificateNotAvailable; goto sslErrorVerify; } if (chain.ChainElements.Count == 1) { //no root? errors = SslPolicyErrors.RemoteCertificateChainErrors; goto sslErrorVerify; } if (!chain.Build(root)) { errors = SslPolicyErrors.RemoteCertificateChainErrors; goto sslErrorVerify; } var subject = root.Subject; var subjectCn = cnRegex.Match(subject).Groups[1].Value; if (string.IsNullOrWhiteSpace(subjectCn) || !Utility.MatchHostnameToPattern(hostname, subjectCn)) { var subjectAn = root.ParseSubjectAlternativeName(); if (subjectAn.FirstOrDefault(s => Utility.MatchHostnameToPattern(hostname, s)) == null) { errors = SslPolicyErrors.RemoteCertificateNameMismatch; goto sslErrorVerify; } } break; case "PublicKeysOnly": if (this.CertificatePinner != null) { if (!this.CertificatePinner.HasPins(hostname)) { errors = SslPolicyErrors.RemoteCertificateNameMismatch; goto sslErrorVerify; } if (!this.CertificatePinner.Check(hostname, netCerts)) { errors = SslPolicyErrors.RemoteCertificateNameMismatch; } } break; } sslErrorVerify: return(errors == SslPolicyErrors.None); }; }
public NativeMessageHandler(bool throwOnCaptiveNetwork, TLSConfig tLSConfig, NativeCookieHandler cookieHandler = null, IWebProxy proxy = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var configuration = NSUrlSessionConfiguration.DefaultSessionConfiguration; this.TLSConfig = tLSConfig; // System.Net.ServicePointManager.SecurityProtocol provides a mechanism for specifying supported protocol types // for System.Net. Since iOS only provides an API for a minimum and maximum protocol we are not able to port // this configuration directly and instead use the specified minimum value when one is specified. configuration.TLSMinimumSupportedProtocol = SslProtocol.Tls_1_2; if (!TLSConfig.DangerousAcceptAnyServerCertificateValidator && TLSConfig.Pins != null && TLSConfig.Pins.Count > 0 && TLSConfig.Pins.FirstOrDefault(p => p.PublicKeys.Count() > 0) != null) { this.PinningMode = "PublicKeysOnly"; this.CertificatePinner = new CertificatePinner(); foreach (var pin in TLSConfig.Pins) { this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys); } } SetClientCertificate(TLSConfig.ClientCertificate); // NSUrlSessionConfiguration.DefaultSessionConfiguration uses the default NSHttpCookieStorage.SharedStorage // PR: Proxy has been supported on iOS #19 if (proxy != null && proxy is WebProxy) { var webProxy = proxy as WebProxy; NSObject[] values = { NSObject.FromObject(webProxy.Address.Host), NSNumber.FromInt32(webProxy.Address.Port), NSNumber.FromInt32(1) }; NSObject[] keys = { NSObject.FromObject("HTTPSProxy"), NSObject.FromObject("HTTPSPort"), NSObject.FromObject("HTTPSEnable") }; var proxyDict = NSDictionary.FromObjectsAndKeys(values, keys); configuration.ConnectionProxyDictionary = proxyDict; if (webProxy.Credentials != null) { var credentials = (NetworkCredential)webProxy.Credentials; var authData = string.Format("{0}:{1}", credentials.UserName, credentials.Password); var authHeaderValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(authData)); NSObject[] hValues = { NSObject.FromObject(authHeaderValue) }; NSObject[] hKeys = { NSObject.FromObject("Proxy-Authorization") }; var headers = NSDictionary.FromObjectsAndKeys(hValues, hKeys); configuration.HttpAdditionalHeaders = headers; } } var urlSessionDelegate = new DataTaskDelegate(this); session = NSUrlSession.FromConfiguration(configuration, (INSUrlSessionDelegate)urlSessionDelegate, null); }
/// <summary> /// Initializes a new instance of the <see /// cref="ModernHttpClient.Portable.NativeMessageHandler"/> class. /// </summary> /// <param name="throwOnCaptiveNetwork">If set to <c>true</c> throw on /// captive network (ie: a captive network is usually a wifi network /// where an authentication html form is shown instead of the real /// content).</param> /// <param name="customSSLVerification">Enable custom SSL certificate /// verification via ServicePointManager. Disabled by default for /// performance reasons (i.e. the OS default certificate verification /// will take place)</param> /// <param name="cookieHandler">Enable native cookie handling. /// </param> public NativeMessageHandler(bool throwOnCaptiveNetwork, bool customSSLVerification, NativeCookieHandler cookieHandler = null) : base() { }
public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null) { this.throwOnCaptiveNetwork = throwOnCaptiveNetwork; var clientBuilder = client.NewBuilder(); var specsBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(TlsVersion.Tls12); var specs = specsBuilder.Build(); clientBuilder.ConnectionSpecs(new List <ConnectionSpec>() { specs }); clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR clientBuilder.HostnameVerifier(new HostnameVerifier(customSSLVerification.Pins)); this.CertificatePinnerBuilder = new CertificatePinner.Builder(); // Add Certificate Pins foreach (var pin in customSSLVerification.Pins) { this.CertificatePinnerBuilder.Add(pin.Hostname, pin.PublicKeys); } clientBuilder.CertificatePinner(CertificatePinnerBuilder.Build()); // Set client credentials SetClientCertificate(customSSLVerification.ClientCertificate); // Set SslSocketFactory if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop) { // Support TLS1.2 on Android versions before Lollipop clientBuilder.SslSocketFactory(new TlsSslSocketFactory(KeyManagers, null), TlsSslSocketFactory.GetSystemDefaultTrustManager()); } else { var sslContext = SSLContext.GetInstance("TLS"); sslContext.Init(KeyManagers, null, null); clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager()); } if (cookieHandler != null) { clientBuilder.CookieJar(cookieHandler); } client = clientBuilder.Build(); }