Certificate Pinning on Android

[jgannaway]

When running the test runner for Android, I get the following error for the Certificate pinning tests:

Exception: System.NotImplementedException The method or operation is not implemented.

Stacktrace:

  at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value) [0x00000] in <faf48d3665ec41a489ef407cec7499b0>:0 
  at SecureHttpClient.SecureHttpClientHandler.AddCertificatePinner (System.String hostname, System.String[] pins) [0x00012] in <2f13f251236f4c52a84e9e677ab7d429>:0 
  at SecureHttpClientDemo.MainPage.CheckPin (System.String hostName, System.String url, System.String[] pins) [0x00041] in /Users/jeremygannaway/Projects/SecureHttpClientDemo/SecureHttpClientDemo/MainPage.xaml.cs:42 
  at SecureHttpClientDemo.MainPage.Fail_Clicked (System.Object sender, System.EventArgs e) [0x0002f] in /Users/jeremygannaway/Projects/SecureHttpClientDemo/SecureHttpClientDemo/MainPage.xaml.cs:31 
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_0 (System.Object state) [0x00000] in <58604b4522f748968296166e317b04b4>:0 
  at Android.App.SyncContext+<>c__DisplayClass2_0.<Post>b__0 () [0x00000] in <d9e99b55e96444569d54148253f9c212>:0 
  at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <d9e99b55e96444569d54148253f9c212>:0 
  at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00009] in <d9e99b55e96444569d54148253f9c212>:0 
  at (wrapper dynamic-method) Android.Runtime.DynamicMethodNameCounter.42(intptr,intptr)

Screenshot:

 

Should this be working?

[tranb3r]

There is a new certificate for www.howsmyssl.com. I've just updated the corresponding pin in the tests. Now the tests are running successfully on Android (at least with my own setup).

Now, you can try to pull this commit and test again, but I don't think this has anything to do with your issue.

One thing is sure: set_ServerCertificateCustomValidationCallback should not be called on Android, it's only supported on .Net. Which means for some weird reason, your code is not using the android assembly, but the netstandard one instead.

Could you please provide more information about your configuration, so I can try to reproduce your issue (VS and Xamarin versions ; Android SDK version ; emulator or device...) ? Also, the stack trace you copied is not from the test runner. Could you provide the real stacktrace (from the runner, not from your porject)? And one more thing, maybe you can share the code you're running in SecureHttpClientDemo ?

[jgannaway]

I was originally trying to setup a test with a new, empty Xamarin.Forms app, but I got the System.NotImplementedException exception. So, then I thought I would just download this repo and try it. When I was able to get everything to build and deploy, I was testing using an emulator.

I had copy/pasted the wrong stack trace in my original post. Here's the one from the runner (as you mentioned, it's strange that it references the netstandard implementation):

  at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value) [0x00000] in <25ebe1083eaf4329b5adfdd5bbb7aa57>:0 
  at SecureHttpClient.SecureHttpClientHandler.AddCertificatePinner (System.String hostname, System.String[] pins) [0x00014] in C:\p\secure-httpclient\SecureHttpClient\Platforms\Net\SecureHttpClientHandler.cs:48 
  at SecureHttpClient.Test.CertificatePinnerTest+<CertificatePinnerTest_OneHost_Success>d__8.MoveNext () [0x00023] in C:\p\secure-httpclient\SecureHttpClient.Test\CertificatePinnerTest.cs:26 

I was having trouble getting this repo to build in VS 2017, so I adjusted the Android version to 8.1 and removed the global.json file, which allowed the build to succeed (but I got the error above).

I wasn't able to get this repo to build on VS for Mac (v7 or v8). I even changed the global.json file to target the versions I had installed.

I was curious about the global.json file and how it would impact projects that also have an Sdk value defined (i.e. <Project Sdk="MSBuild.Sdk.Extras/1.6.68">), but I'm not really sure how all that works.

After installing VS 2019, I got the test runner to work on my PC, which has the following setup:

Microsoft Visual Studio Enterprise 2019
Version 16.0.1
VisualStudio.16.Release/16.0.1+28803.156
Microsoft .NET Framework
Version 4.7.03056

Installed Version: Enterprise

Mono Debugging for Visual Studio   16.0.300 (573eda3)
Support for debugging Mono processes with Visual Studio.

NuGet Package Manager   5.0.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit http://docs.nuget.org/.

VisualStudio.Mac   1.0
Mac Extension for Visual Studio

Xamarin   16.0.0.515 (d16-0@a3502d929)
Visual Studio extension to enable development for Xamarin.iOS and Xamarin.Android.

Xamarin Designer   4.17.4.418 (remotes/origin/d16-0@3d086e814)
Visual Studio extension to enable Xamarin Designer tools in Visual Studio.

Xamarin Templates   16.1.47 (31f664d)
Templates for building iOS, Android, and Windows apps with Xamarin and Xamarin.Forms.

Xamarin.Android SDK   9.2.0.5 (HEAD/292d27fa)
Xamarin.Android Reference Assemblies and MSBuild support.
    Mono: mono/mono/2018-08-rc@5ad371dab1b
    Java.Interop: xamarin/java.interop/d16-0@c987483
    LibZipSharp: grendello/LibZipSharp/master@44de300
    LibZip: nih-at/libzip/rel-1-5-1@b95cf3f
    MXE: xamarin/mxe/xamarin@b9cbb535
    ProGuard: xamarin/proguard/master@905836d
    SQLite: xamarin/sqlite/3.26.0@325e91a
    Xamarin.Android Tools: xamarin/xamarin-android-tools/d16-0@0a7edd6

Xamarin.iOS and Xamarin.Mac SDK   12.8.0.0 (0aa8452)
Xamarin.iOS and Xamarin.Mac Reference Assemblies and MSBuild support.

In my VS 2019 setup, I'm getting a build error when trying to use the nuget package. Below are repro steps for the build error:

1. Create a new, blank Xamarin.Forms project
2. In the Android project, Set the Compile using Android Version (Target Framework) to Android 9.0 (Pie)
3. Build the Android project to make sure it builds/deploys successfully to an API 28 emulator.
4. Add the SecureHttpClient nuget to the Android project.
5. Rebuild the Android project and I get the following errors:

COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)
COMPILETODALVIK : Uncaught translation error : com.android.dx.cf.code.SimException: invalid opcode ba (invokedynamic requires --min-sdk-version >= 26)

[jgannaway]

I was able to resolve the com.android.dx.cf.code.SimException error in VS 2019 and VS for Mac 8 by adding <AndroidDexTool>d8</AndroidDexTool> to my Android csproj file. After resolving the build issue, my Xamarin.Forms test app did certificate pinning as expected.

I'm not sure why I was running into so many issues with VS 2017 and VS for Mac 7.