WebView user certificate authentication and configure SSL for HttpsClient .Net maui

Question

WebView user certificate authentication and configure SSL for HttpsClient .Net maui

Prabhav Mehra 21

I am confused if I can in any way configure the HttpsClient or the HttpsClientHandler with the certificate and privateKey instance I get from android keychain KeyChain.choosePrivateKeyAlias() API in android specific platform code in .net maui.

So for instance, I have been using the HttpsUrlConnection in java to make NetworkRequests. There you can configure SSL with the certificate and privateKey instance and make a post/get etc request. In .net/c# tho, I couldn’t find a way to use these certificates and privateKey to configure HttpsClient. I was wondering if we can configure SSL HttpsClient with the same certificate and privateKey we get from android to make NetworkRequests or can we map the HttpsUrlConnection to HttpsClient.

There is a workaround where I can use Custom implementation for different platform for making these Requests. But I would like to use only one( HttpsClient) to make requests while configuring it with platform specific certificates.

Anonymous

2022-10-26T09:22:52.003+00:00

There is a workaround where I can use Custom implementation for different platform for making these Requests. But I would like to use only one( HttpsClient) to make requests while configuring it with platform specific certificates.

Now you can invoke platform code to solve this issue, am I right? But you want to use HttpClient to select available private keys and corresponding certificate chains? You can try to use X509Certificate2
Prabhav Mehra 21 Reputation points

2022-11-18T00:24:16.557+00:00
Appologies for getting back to you late, must have missed the response @Anonymous . Yes I was able to invoke platform specific code and I would like to use the HttpClient to make requests for all platforms. I was able to get something work. So I was able to invoke android specific code for WebView (for example of a specific platform) and get the alias of the Certificate, X509 Certificate and PrivateKey instance. If I understand your comment correctly, I can configure HttpClient with these information for SSL and make network requests with HttpCLient ( similar to what we can do HttpsUrlConnection).

I have added a snippet of Java code for configuring SSL with java android HttpsUrlConnection using certificate alias.

KeyManager keyManager; keyManager = KeyChainKeyManager.fromAlias( context, mAlias); SSLContext sslContext; sslContext = SSLContext.getInstance("TLS"); assert sslContext != null; sslContext.init(new KeyManager[]{keyManager}, null, null); URL url; url = new URL(newUrl); HttpsURLConnection urlConnection; urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setRequestMethod(requestMethod); urlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); urlConnection.setUseCaches(false); urlConnection.connect(); return urlConnection;
Prabhav Mehra 21 Reputation points

2022-11-18T01:23:23.843+00:00

From my initial research and testing, I don’t think the X509Certificate2 works as expected. I got a list of certificates but none of them were the user certificates I was looking for. one linked stack overflow question similar to what I have is https://stackoverflow.com/questions/40363553/list-certificate-stored-in-user-credentials. Where the Stored user credential contains a user key, usr certificate and CA certificate which we can use to configure SSL.
Anonymous

2022-11-18T07:25:11.937+00:00

Yes, you can use code in this SO link to configure SSL

1 answer

Your answer

Anonymous

2022-10-26T09:22:52.003+00:00

There is a workaround where I can use Custom implementation for different platform for making these Requests. But I would like to use only one( HttpsClient) to make requests while configuring it with platform specific certificates.

Now you can invoke platform code to solve this issue, am I right? But you want to use HttpClient to select available private keys and corresponding certificate chains? You can try to use X509Certificate2
Prabhav Mehra 21 Reputation points

2022-11-18T00:24:16.557+00:00

Appologies for getting back to you late, must have missed the response @Anonymous . Yes I was able to invoke platform specific code and I would like to use the HttpClient to make requests for all platforms. I was able to get something work. So I was able to invoke android specific code for WebView (for example of a specific platform) and get the alias of the Certificate, X509 Certificate and PrivateKey instance. If I understand your comment correctly, I can configure HttpClient with these information for SSL and make network requests with HttpCLient ( similar to what we can do HttpsUrlConnection).

I have added a snippet of Java code for configuring SSL with java android HttpsUrlConnection using certificate alias.

KeyManager keyManager; keyManager = KeyChainKeyManager.fromAlias( context, mAlias); SSLContext sslContext; sslContext = SSLContext.getInstance("TLS"); assert sslContext != null; sslContext.init(new KeyManager[]{keyManager}, null, null); URL url; url = new URL(newUrl); HttpsURLConnection urlConnection; urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setRequestMethod(requestMethod); urlConnection.setSSLSocketFactory(sslContext.getSocketFactory()); urlConnection.setUseCaches(false); urlConnection.connect(); return urlConnection;
Prabhav Mehra 21 Reputation points

2022-11-18T01:23:23.843+00:00

From my initial research and testing, I don’t think the X509Certificate2 works as expected. I got a list of certificates but none of them were the user certificates I was looking for. one linked stack overflow question similar to what I have is https://stackoverflow.com/questions/40363553/list-certificate-stored-in-user-credentials. Where the Stored user credential contains a user key, usr certificate and CA certificate which we can use to configure SSL.
Anonymous

2022-11-18T07:25:11.937+00:00

Yes, you can use code in this SO link to configure SSL

Answer 1

.NET exposes access to all java and android API’s so we can use them in our platform specific code.
I have implemented the choose certificate dialog when the user visits a website which requires certificate auth, getting the certificate chosen alias and then using the same to get certificate and private key instance.
There is a class AndroidMessageHandler that inherits HttpMessageHandler, which can be then used to configure HttpsClient (.NET class for Network Request/ to be discussed later)
I have added a custom class which extends AndroidMessageHandler https://learn.microsoft.com/en-us/dotnet/api/xamarin.android.net.androidmessagehandler?cid=kerryherger&view=xamarin-android-sdk-13 and added SSL handling code (using the certificate chosen by the user).

Common Code (used and accessible by the whole app):
I have used the HttpsClient class
Following code snippet shows the use of HttpsClient with custom handler I created and how I configured SSL. This would mean we do not need custom Network Requests implementation for each platform. Instead we need custom handler implementation but the HttpsClient remains the same for requests,
irrespective of the platform.

      private SSLContext GetSSLContext() {   
       string protocol;   
       if (SslProtocols == SslProtocols.Tls11)   
       {   
            protocol = "TLSv1.1";   
       }   
       else if (SslProtocols == SslProtocols.Tls || SslProtocols == SslProtocols.Tls12)   
       {   
            protocol = "TLSv1.2";   
       }   
       else   
       {   
            throw new IOException("unsupported ssl protocol: " + SslProtocols.ToString());   
       }   

        IKeyManager keyManager;   
        # KeyChainKeyManager is a custom class   
        keyManager = KeyChainKeyManager.fromAlias(Application.Context, mAlias);   

        SSLContext ctx = SSLContext.GetInstance("TLS");   
        ctx.Init(new IKeyManager[] { keyManager }, null, null);   
        return ctx;   
  }   

  protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)   
  {   
        SSLSocketFactory socketFactory = sslContext.SocketFactory;   
        if (connection != null)   
        {   
            connection.SSLSocketFactory = socketFactory;   
        }   
        return socketFactory;   
  }

if ANDROID

    new Thread(async () =>   
    {   
        # ICertificationService is an interface and implemented in a class CertificationService.    
        # DependencyService is a way to invoke native platform functionality from shared code.   
        ICertificationService certificationService = DependencyService.Get<ICertificationService>();   
        var httpClient = new HttpClient(certificationService.GetAuthAndroidClientHander());   
    }).Start();   
#endif

Share via

WebView user certificate authentication and configure SSL for HttpsClient .Net maui

1 answer

if ANDROID

Your answer