微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

c# – 强制HttpWebRequest发送客户端证书

我有一个p12证书,我以这种方式加载它:

X509Certificate2 certificate = new X509Certificate2(certName,password,X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet |
        X509KeyStorageFlags.Exportable);

它是正确加载的,实际上如果我做了certificate.PrivateKey.ToXmlString(true);它返回一个完整的xml而没有错误.
但如果我这样做:

try
{
    X509Chain chain = new X509Chain();
    var chainBuilt = chain.Build(certificate);
    Console.WriteLine("Chain building status: "+ chainBuilt);

    if (chainBuilt == false)
        foreach (X509ChainStatus chainStatus in chain.ChainStatus)
            Console.WriteLine("Chain error: "+ chainStatus.Status);
}
catch (Exception ex)
{
    Console.WriteLine(ex);
}

它写道:

Chain building status: False
Chain error: RevocationStatusUnkNown 
Chain error: OfflineRevocation

所以当我这样做时:

ServicePointManager.CheckCertificateRevocationList = false;
    ServicePointManager.ServerCertificateValidationCallback = (a,b,c,d) => true;
    ServicePointManager.Expect100Continue = true;
    Console.WriteLine("connessione a:" + host);
    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(host);
    req.PreAuthenticate = true;
    req.AllowAutoRedirect = true;
    req.ClientCertificates.Add(certificate);
    req.Method = "POST";
    req.ContentType = "application/x-www-form-urlencoded";
    string postData = "login-form-type=cert";
    byte[] postBytes = Encoding.UTF8.GetBytes(postData);
    req.ContentLength = postBytes.Length;
    Stream postStream = req.GetRequestStream();
    postStream.Write(postBytes,postBytes.Length);
    postStream.Flush();
    postStream.Close();

    WebResponse resp = req.GetResponse();

服务器说证书没有发送/有效.

我的问题是:

>即使链构建错误,我怎么能发送证书?
>还有另一个类发布证书,在发送之前不检查证书验证?

非常感谢.
安东尼

解决方法

解决了这个问题,重点是P12文件(作为PFX)包含多于1个证书,因此必须以这种方式加载:

X509Certificate2Collection certificates = new X509Certificate2Collection();
certificates.Import(certName,X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);

并以这种方式添加到HttpWebRequest:request.ClientCertificates = certificates;

谢谢大家的支持.

完整的示例代码

string host = @"https://localhost/";
string certName = @"C:\temp\cert.pfx";
string password = @"password";

try
{
    X509Certificate2Collection certificates = new X509Certificate2Collection();
    certificates.Import(certName,X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.PersistKeySet);

    ServicePointManager.ServerCertificateValidationCallback = (a,d) => true;
    HttpWebRequest req = (HttpWebRequest)WebRequest.Create(host);
    req.AllowAutoRedirect = true;
    req.ClientCertificates = certificates;
    req.Method = "POST";
    req.ContentType = "application/x-www-form-urlencoded";
    string postData = "login-form-type=cert";
    byte[] postBytes = Encoding.UTF8.GetBytes(postData);
    req.ContentLength = postBytes.Length;

    Stream postStream = req.GetRequestStream();
    postStream.Write(postBytes,postBytes.Length);
    postStream.Flush();
    postStream.Close();
    WebResponse resp = req.GetResponse();

    Stream stream = resp.GetResponseStream();
    using (StreamReader reader = new StreamReader(stream))
    {
        string line = reader.ReadLine();
        while (line != null)
        {
            Console.WriteLine(line);
            line = reader.ReadLine();
        }
    }

    stream.Close();
}
catch(Exception e)
{
    Console.WriteLine(e);
}

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐