[Android] Fix app crash when using non-native HttpClientHandler

[simonrozsival]

HTTP requests done with HttpClient + HttpClientHandler caused Android apps to crash.

For example, a simple HTTP request using the default HttpClient will throw an exception with the following stack trace:

var client = new HttpClient();
try {
    var response = await client.GetAsync("https://microsoft.com");
    Console.WriteLine(response);
} catch (Exception e) {
    Console.WriteLine(e);
}

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
  ---> System.NullReferenceException: Object reference not set to an instance of an object
    at System.Net.CertificateValidationPal.GetRemoteCertificate(SafeDeleteContext securityContext, Boolean retrieveChainCertificates, X509Chain& chain)
    at System.Net.CertificateValidationPal.GetRemoteCertificate(SafeDeleteContext securityContext)
    at System.Net.Security.SslStream.SelectClientCertificate(Boolean& sessionRestartAttempt)
    at System.Net.Security.SslStream.AcquireClientCredentials(Byte[]& thumbPrint)
    at System.Net.Security.SslStream.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)
    at System.Net.Security.SslStream.NextMessage(ReadOnlySpan`1 incomingBuffer)
    at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__144`1[[System.Net.Security.AsyncReadWriteAdapter, System.Net.Security, Version=7.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
    --- End of inner exception stack trace ---
    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
    at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.<WaitWithCancellationAsync>d__1[[System.Net.Http.HttpConnection, System.Net.Http, Version=7.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
    at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
    at Program.<Main>$(String[] args) in /home/simon/dotnet/runtime/src/mono/sample/Android/Program.cs:line 12

There is a missing null check in CertificateValidationpal.Android.cs which was removed recently (https://github.com/dotnet/runtime/pull/68188/files#diff-5f4278661dbb1331a13f14f1bf94b3a67e7474e8e4c32a21a99860f966ab02aeL66-L68).

Possibly also related to #69557

[ghost]

Tagging subscribers to 'arch-android': @steveisok, @akoeplinger
See info in area-owners.md if you want to be subscribed.

Issue Details

---

HTTP requests done with HttpClient + HttpClientHandler caused Android apps to crash. For example the test added in this PR would crash with this stack trace:

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
  ---> System.NullReferenceException: Object reference not set to an instance of an object
    at System.Net.CertificateValidationPal.GetRemoteCertificate(SafeDeleteContext securityContext, Boolean retrieveChainCertificates, X509Chain& chain)
    at System.Net.CertificateValidationPal.GetRemoteCertificate(SafeDeleteContext securityContext)
    at System.Net.Security.SslStream.SelectClientCertificate(Boolean& sessionRestartAttempt)
    at System.Net.Security.SslStream.AcquireClientCredentials(Byte[]& thumbPrint)
    at System.Net.Security.SslStream.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)
    at System.Net.Security.SslStream.NextMessage(ReadOnlySpan`1 incomingBuffer)
    at System.Net.Security.SslStream.<ForceAuthenticationAsync>d__144`1[[System.Net.Security.AsyncReadWriteAdapter, System.Net.Security, Version=7.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
    --- End of inner exception stack trace ---
    at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(QueueItem queueItem)
    at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.<WaitWithCancellationAsync>d__1[[System.Net.Http.HttpConnection, System.Net.Http, Version=7.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a]].MoveNext()
    at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
    at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
    at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)
    at Program.<Main>$(String[] args) in /home/simon/dotnet/runtime/src/mono/sample/Android/Program.cs:line 12

There is a missing null check in CertificateValidationpal.Android.cs which was removed recently (https://github.com/dotnet/runtime/pull/68188/files#diff-5f4278661dbb1331a13f14f1bf94b3a67e7474e8e4c32a21a99860f966ab02aeL66-L68).

Possibly also related to #69557

Author:	simonrozsival
Assignees:	-
Labels:	os-android
Milestone:	-

[simonrozsival]

/azp run runtime-extra-platforms

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[akoeplinger]

this shouldn't happen given that securityContext isn't marked as nullable, which suggests to me something higher up the call chain is doing something unexpected.

[wfurt]

The underlaying handle is nullable.

        private SafeFreeCredentials? _credentialsHandle;
        private SafeDeleteSslContext? _securityContext;

But is seems like it is like this for long time

runtime/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Protocol.cs

Line 254 in 3e5517b

remoteCert = CertificateValidationPal.GetRemoteCertificate(_securityContext!);

Making the parameter nullable make sense to me. I think it will be null when we try to select client certificate before the handshake. cc: @rzikm

[simonrozsival]

The nullability annotations seem to be inconsistent across platforms:

• in the OSX version there's no ? but there's a null check: https://github.com/dotnet/runtime/blob/main/src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.OSX.cs#L55
• in the Unix version there's a ? and there's a null check: https://github.com/dotnet/runtime/blob/main/src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Unix.cs#L31
• in the Windows version there's a ? and there's a null check: https://github.com/dotnet/runtime/blob/main/src/libraries/System.Net.Security/src/System/Net/CertificateValidationPal.Windows.cs#L34

[akoeplinger]

Ok thanks, that sounds like indeed we're expecting a null securityContext here and should make it consistent across platforms.

[wfurt]

On a side note, #69527 removes the dual SafeHandle wrapping for Linux. We could do something similar for Android in future.

[simonrozsival]

/azp run runtime-extra-platforms

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

/azp run runtime-extra-platforms

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

/azp run outerloop-mono

[azure-pipelines]

No pipelines are associated with this pull request.

[simonrozsival]

/azp run runtime-extra-platforms

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

/azp run runtime-libraries-mono outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

I re-enabled the functional tests for System.Net.Http on Android and disabled all the tests that are failing. The bug that's fixed in this PR fixed several dozen outerloop tests.

[simonrozsival]

/azp run runtime-libraries-mono outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

/azp run runtime-extra-platforms

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[simonrozsival]

I think this PR is now ready:

• the failing runtime test has something to do with Tar on Linux
• the failing runtime-extra-platforms tests are unrelated to this PR (Browser, iOS, tvOS, Linux)
• the failing runtime-libraries-mono outerloop tests are unrelated to this PR
  • the only Android-related leg doesn't have any test failures related to System.Net.Http