public NativeMessageHandler(bool throwOnCaptiveNetwork, CustomSSLVerification customSSLVerification, NativeCookieHandler cookieHandler = null)
{
this.throwOnCaptiveNetwork = throwOnCaptiveNetwork;
var clientBuilder = client.NewBuilder();
var specsBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(TlsVersion.Tls12);
var specs = specsBuilder.Build();
clientBuilder.ConnectionSpecs(new List <ConnectionSpec>()
{
specs
});
clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR
clientBuilder.HostnameVerifier(new HostnameVerifier(customSSLVerification.Pins));
this.CertificatePinnerBuilder = new CertificatePinner.Builder();
// Add Certificate Pins
foreach (var pin in customSSLVerification.Pins)
{
this.CertificatePinnerBuilder.Add(pin.Hostname, pin.PublicKeys);
}
clientBuilder.CertificatePinner(CertificatePinnerBuilder.Build());
// Set client credentials
SetClientCertificate(customSSLVerification.ClientCertificate);
// Set SslSocketFactory
if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop)
{
// Support TLS1.2 on Android versions before Lollipop
clientBuilder.SslSocketFactory(new TlsSslSocketFactory(KeyManagers, null), TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
else
{
var sslContext = SSLContext.GetInstance("TLS");
sslContext.Init(KeyManagers, null, null);
clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
if (cookieHandler != null)
{
clientBuilder.CookieJar(cookieHandler);
}
client = clientBuilder.Build();
}
public NativeMessageHandler()
{
var clientBuilder = _client.NewBuilder();
// tls
var tlsSpecBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(new[] { TlsVersion.Tls12, TlsVersion.Tls13 });
var tlsSpec = tlsSpecBuilder.Build();
var specs = new List <ConnectionSpec>()
{
tlsSpec, ConnectionSpec.Cleartext
};
clientBuilder.ConnectionSpecs(specs);
// 始终有Http11避免PROTOCOL_ERROR
clientBuilder.Protocols(new[] { Protocol.Http11, Protocol.Http2 });
// 信任所有服务器证书,支持自签名证书
var sslContext = SSLContext.GetInstance("TLS");
var trustManager = new CustomX509TrustManager();
sslContext.Init(null, new ITrustManager[] { trustManager }, new SecureRandom());
// Create an ssl socket factory with our all-trusting manager
var sslSocketFactory = sslContext.SocketFactory;
clientBuilder.SslSocketFactory(sslSocketFactory, trustManager);
// 读始终不超时,配合服务器推送
clientBuilder.ReadTimeout(0, TimeUnit.Milliseconds);
clientBuilder.WriteTimeout(0, TimeUnit.Milliseconds);
clientBuilder.CallTimeout(0, TimeUnit.Milliseconds);
// Hostname始终有效
clientBuilder.HostnameVerifier((name, ssl) => true);
_client = clientBuilder.Build();
}
public NativeMessageHandler(bool throwOnCaptiveNetwork, TLSConfig tLSConfig, NativeCookieHandler cookieHandler = null, IWebProxy proxy = null)
{
this.throwOnCaptiveNetwork = throwOnCaptiveNetwork;
var clientBuilder = client.NewBuilder();
this.TLSConfig = tLSConfig;
var tlsSpecBuilder = new ConnectionSpec.Builder(ConnectionSpec.ModernTls).TlsVersions(new[] { TlsVersion.Tls12, TlsVersion.Tls13 });
var tlsSpec = tlsSpecBuilder.Build();
var specs = new List <ConnectionSpec>()
{
tlsSpec
};
if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop || NetworkSecurityPolicy.Instance.IsCleartextTrafficPermitted)
{
specs.Add(ConnectionSpec.Cleartext);
}
clientBuilder.ConnectionSpecs(specs);
clientBuilder.Protocols(new[] { Protocol.Http11 }); // Required to avoid stream was reset: PROTOCOL_ERROR
// Add Certificate Pins
if (!TLSConfig.DangerousAcceptAnyServerCertificateValidator &&
TLSConfig.Pins != null &&
TLSConfig.Pins.Count > 0 &&
TLSConfig.Pins.FirstOrDefault(p => p.PublicKeys.Count() > 0) != null)
{
this.PinningMode = "PublicKeysOnly";
this.CertificatePinner = new CertificatePinner();
foreach (var pin in TLSConfig.Pins)
{
this.CertificatePinner.AddPins(pin.Hostname, pin.PublicKeys);
}
clientBuilder.CertificatePinner(CertificatePinner.Build());
}
// Set client credentials
SetClientCertificate(TLSConfig.ClientCertificate);
if (cookieHandler != null)
{
clientBuilder.CookieJar(cookieHandler);
}
// Adding proxy support
if (proxy != null && proxy is WebProxy)
{
var webProxy = proxy as WebProxy;
var type = Java.Net.Proxy.Type.Http;
var address = new InetSocketAddress(webProxy.Address.Host, webProxy.Address.Port);
var jProxy = new Proxy(type, address);
clientBuilder.Proxy(jProxy);
if (webProxy.Credentials != null)
{
var credentials = (NetworkCredential)webProxy.Credentials;
clientBuilder.ProxyAuthenticator(new ProxyAuthenticator(credentials.UserName, credentials.Password));
}
}
var sslContext = SSLContext.GetInstance("TLS");
// Support self-signed certificates
if (TLSConfig.DangerousAcceptAnyServerCertificateValidator)
{
// Install the all-trusting trust manager
var trustManager = new CustomX509TrustManager();
sslContext.Init(KeyManagers, new ITrustManager[] { trustManager }, new SecureRandom());
// Create an ssl socket factory with our all-trusting manager
var sslSocketFactory = sslContext.SocketFactory;
clientBuilder.SslSocketFactory(sslSocketFactory, trustManager);
}
else
{
// Set SslSocketFactory
if (Build.VERSION.SdkInt < BuildVersionCodes.Lollipop)
{
// Support TLS1.2 on Android versions before Lollipop
ProviderInstaller.InstallIfNeeded(Application.Context); // To enable TLS
clientBuilder.SslSocketFactory(new TlsSslSocketFactory(), TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
else
{
sslContext.Init(KeyManagers, null, null);
clientBuilder.SslSocketFactory(sslContext.SocketFactory, TlsSslSocketFactory.GetSystemDefaultTrustManager());
}
}
clientBuilder.HostnameVerifier(new HostnameVerifier(this));
client = clientBuilder.Build();
}