gpt4 book ai didi

android - Xamarin AndroidClientHandler 发送客户端证书

转载 作者:行者123 更新时间:2023-12-04 22:37:24 25 4
gpt4 key购买 nike

我想我可能在这里遗漏了一些东西,但是如何将客户端证书发送到需要客户端证书的 SSL 站点。

我正在使用 HttpClient 并传递一个 AndroidClientHandler

有很多答案提供了代码,但没有告诉我为什么代码有效或何时应该调用它。我在这上面花了一个多星期。

有人可以提供一个简单的代码示例并简单解释为什么应该这样做。

我正在使用自签名证书。我设法忽略了任何证书验证,并且可以在配置为不需要客户端证书时调用 SSL 站点。

但现在我需要知道如何通过客户端证书。

我查看了许多文章和解决方案,但没有看到客户端证书在哪里通过。

任何帮助,将不胜感激。谢谢

最佳答案

我见过的 Xamarin 示例没有将 IPrivateKey 添加到用于填充 KeyManagerFactory 的 KeyStore

/// <summary>
/// Represents a Java X509Certificate with private key
/// </summary>
public class CertificateDetails
{
public CertificateDetails(IPrivateKey privateKey, X509Certificate[] chain)
{
PrivateKey = privateKey;
Chain = chain;
}

/// <summary>
/// Gets the private key
/// </summary>
public IPrivateKey PrivateKey { get; }

/// <summary>
/// Gets certificate chain
/// </summary>
public IReadOnlyCollection<X509Certificate> Chain { get; }
}


/// <summary>
/// HttpClientHandler based on native Android <see cref="Java.Net.HttpURLConnection"/> that uses a client certificate
/// </summary>
public class AuthAndroidClientHander : AndroidClientHandler
{
readonly CertificateDetails _certificateDetails;

public AuthAndroidClientHander(CertificateDetails certificateDetails)
{
if (certificateDetails is null)
{
throw new ArgumentNullException(nameof(certificateDetails));
}
_certificateDetails = certificateDetails;

//get root certs
var trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
trustManagerFactory.Init((KeyStore)null);
var x509trustManager = trustManagerFactory.GetTrustManagers().OfType<IX509TrustManager>().First();
var acceptedIssuers = x509trustManager.GetAcceptedIssuers();

//trust both default issuers and chain of client certifiate
TrustedCerts = _certificateDetails.Chain.Concat(acceptedIssuers).ToList<Certificate>();
}

/// <summary>
/// Configure keyStore passed into <see cref="AndroidClientHandler.ConfigureKeyManagerFactory"/> and <see cref="AndroidClientHandler.ConfigureTrustManagerFactory"/>
/// </summary>
/// <param name="keyStore"></param>
/// <returns></returns>
protected override KeyStore ConfigureKeyStore(KeyStore keyStore)
{
// replace keyStore generated by base class with a PKCS12 instead of the default KeyStore.DefaultType
keyStore = KeyStore.GetInstance("PKCS12");

//replicate base's SetupSSL() behavior of adding all TrustedCerts to keystore in
keyStore.Load(null, null);

if (TrustedCerts?.Any() == true)
{

for (var i = 0; i < TrustedCerts.Count; i++)
{

Certificate cert = TrustedCerts[i];
if (cert == null)
{
continue;
}
keyStore.SetCertificateEntry($"ca{i}", cert);

}

}

//add private key to keystore
keyStore.SetKeyEntry("privateKey", _certificateDetails.PrivateKey, null, _certificateDetails.Chain.ToArray());

return keyStore;
}

protected override KeyManagerFactory ConfigureKeyManagerFactory(KeyStore keyStore)
{
var kmf = KeyManagerFactory.GetInstance("x509");
kmf.Init(keyStore, null);
return kmf;
}

protected override TrustManagerFactory ConfigureTrustManagerFactory(KeyStore keyStore)
{
var tmf = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
tmf.Init(keyStore);
return tmf;
}
}

关于android - Xamarin AndroidClientHandler 发送客户端证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53547060/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com