Merge pull request #7 from Inkeliz/native

New option to allow conections from custom certificates

gowebview_android.go

@@ -3,6 +3,8 @@
 package gowebview
 
 import (
+	"crypto/x509"
+	"encoding/base64"
 	"git.wow.st/gmp/jni"
 	"sync"
 	"unsafe"
@@ -97,6 +99,7 @@ func newWindow(config *Config) (wv WebView, err error) {
 
 	w.SetURL(config.URL)
 	w.setProxy(config.TransportConfig.Proxy)
+	w.setCerts(config.TransportConfig.CertificateAuthorities)
 
 	return w, nil
 }
@@ -167,7 +170,7 @@ func (w *webview) SetVisibility(v Visibility) {
 }
 
 func (w *webview) setProxy(proxy *HTTPProxy) error {
-	if proxy == nil {
+	if proxy == nil || (proxy.IP == "" && proxy.Port == "") {
 		return nil
 	}
 
@@ -185,6 +188,29 @@ func (w *webview) setProxy(proxy *HTTPProxy) error {
 	return nil
 }
 
+func (w *webview) setCerts(certs []x509.Certificate) error {
+	if certs == nil {
+		return nil
+	}
+
+	var jcerts string
+	for _, c := range certs {
+		jcerts += base64.StdEncoding.EncodeToString(c.Raw) + ";"
+	}
+
+	err := w.callArgs("webview_certs", "(Ljava/lang/String;)V", func(env jni.Env) []jni.Value {
+		return []jni.Value{
+			jni.Value(jni.JavaString(env, jcerts)),
+		}
+	})
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (w *webview) call(name, sig string) (err error) {
 	// The arguments may need the `env`
 	// In that case there's no input, so it's using func(env jni.Env) []jni.Value { return nil } instead

gowebview_android.java

@@ -13,23 +13,60 @@
 import android.webkit.WebView;
 import android.util.Log;
 import android.os.Build;
-import android.util.Log;
 import android.net.Proxy;
 import java.lang.reflect.*;
 import android.util.ArrayMap;
 import android.content.Intent;
 import java.util.concurrent.Semaphore;
+import android.net.http.SslError;
+import android.webkit.SslErrorHandler;
+import java.security.cert.Certificate;
+import android.net.http.SslCertificate;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.Base64;
+import java.security.MessageDigest;
+import java.security.cert.CertificateFactory;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
 
 public class gowebview_android {
     private View primaryView;
     private WebView webBrowser;
+    private PublicKey[] additionalCerts;
 
     public class gowebview_boolean {
         private boolean b;
         public void Set(Boolean r) {b = r;}
         public boolean Get() {return b;}
     }
 
+    public class gowebview_webbrowser extends WebViewClient {
+        @Override public void onReceivedSslError(WebView v, final SslErrorHandler sslHandler, SslError err){
+            if (!err.hasError(SslError.SSL_UNTRUSTED)) {
+                super.onReceivedSslError(v, sslHandler, err);
+                return;
+            }
+
+            if (additionalCerts == null || additionalCerts.length == 0) {
+                super.onReceivedSslError(v, sslHandler, err);
+                return;
+            }
+
+            for (int i = 0; i < additionalCerts.length; i++) {
+                try{
+                    err.getCertificate().getX509Certificate().verify(additionalCerts[i]);
+                    sslHandler.proceed();
+                    return;
+                } catch (Exception e) {
+
+                }
+            }
+
+            super.onReceivedSslError(v, sslHandler, err);
+        }
+    }
+
     // Executed when call `New(config *Config)`
     public void webview_create(View v) {
         primaryView = v;
@@ -46,7 +83,7 @@ public void run() {
                 webSettings.setUseWideViewPort(true);
                 webSettings.setLoadWithOverviewMode(true);
 
-                webBrowser.setWebViewClient(new WebViewClient());
+                webBrowser.setWebViewClient(new gowebview_webbrowser());
 
                 mutex.release();
             }
@@ -149,4 +186,23 @@ public void run() {
 
         return result.Get();
     }
+
+    public void webview_certs(String der) {
+        String[] sCerts = der.split(";");
+
+
+        additionalCerts = new PublicKey[sCerts.length];
+
+        for (int i = 0; i < sCerts.length; i++) {
+            InputStream streamCert = new ByteArrayInputStream(Base64.getDecoder().decode(sCerts[i]));
+            try {
+                CertificateFactory factory = CertificateFactory.getInstance("X.509");
+                 X509Certificate cert = (X509Certificate)factory.generateCertificate(streamCert);
+
+                 additionalCerts[i] = cert.getPublicKey();
+            } catch(Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
 }

gowebview_windows.go

@@ -3,6 +3,9 @@
 package gowebview
 
 import (
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"github.com/inkeliz/gowebview/internal/network"
@@ -62,9 +65,8 @@ func newWindow(config *Config) (wv WebView, err error) {
 		os.Unsetenv(s)
 	}
 
-	if p := config.TransportConfig.Proxy.String(); p != "" {
-		os.Setenv("WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS", fmt.Sprintf(`--proxy-server="%s"`, p))
-	}
+	w.setProxy(config.TransportConfig.Proxy)
+	w.setCerts(config.TransportConfig.CertificateAuthorities)
 
 	dll, err := windows.LoadDLL(filepath.Join(config.WindowConfig.Path, "WebView2Loader.dll"))
 	if err != nil {
@@ -87,6 +89,34 @@ func newWindow(config *Config) (wv WebView, err error) {
 	return w, nil
 }
 
+func (w *webview) setProxy(proxy *HTTPProxy) {
+	if proxy == nil || (proxy.IP == "" && proxy.Port == "") {
+		return
+	}
+
+	w.addEnv(` --proxy-server="%s"`, proxy.String())
+}
+
+func (w *webview) setCerts(certs []x509.Certificate) {
+	if certs == nil || len(certs) == 0 {
+		return
+	}
+
+	var jcerts string
+	h := sha256.New()
+	for _, c := range certs {
+		h.Write(c.RawSubjectPublicKeyInfo)
+		jcerts += base64.StdEncoding.EncodeToString(h.Sum(nil)) + ","
+		h.Reset()
+	}
+
+	w.addEnv(` --ignore-certificate-errors-spki-list="%s"`, jcerts)
+}
+
+func (w *webview) addEnv(argument, value string) {
+	os.Setenv("WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS", os.Getenv("WEBVIEW2_ADDITIONAL_BROWSER_ARGUMENTS")+" "+fmt.Sprintf(argument, value))
+}
+
 func (w *webview) create() error {
 	cerr := make(chan error, 1<<2)