Xamarin表单HTTPCLIENT SSL认证验证错误
我在 Xamarin.Forms 中遇到了一个问题(虽然是 Forms,但我只有一个 Android 项目,我只需要支持它)。 应用程序必须发布到后端,后端进行 SSL 证书验证。 我有一台测试设备,Android 11 三星。在设备上的用户证书中,有我需要的证书(设置 - 安全 - 用户证书)。 当我在手机上打开 Google Chrome 时,它会加载后端的 swagger UI,我认为它首先询问我是否要使用我的证书。 招摇有效,我能够在那里尝试端点。
问题是我无法从应用程序进行后端调用,因为它会立即删除我的请求并显示 SSL 认证验证失败消息。 我编写了一些具有精确名称空间的快速测试代码,以了解我在做什么:
// This returns the cert of the user's certificates:
Java.Security.Cert.X509Certificate myJavaCert = KeyChain.GetCertificateChain(this.ApplicationContext, "MyCertAlias").FirstOrDefault();
//Convert to X509Certificate2:
var myDotNetCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(myJavaCert.GetEncoded());
//I'm doing HttpClient manually, I don't want to use IHttpClientFactory yet:
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ClientCertificates.Add(myDotNetCert);
var httpClient = new HttpClient(httpClientHandler);
// Finally I call the post that runs for the above mentioned error:
await httpClient.PostAsync(url, objectToPost);
我对这项任务非常困惑,我真的不知道在哪里尝试。 也感谢您提前的帮助!
I got pretty stuck with a problem in Xamarin.Forms (Forms though, but I only have an Android project, I need to support only that).
The app must post to the backend, and the backend do SSL cert validation.
I have a test device, an Android 11 Samsung. Among the user certificates on the device, there is the cert I need (Settings - Security - User certificates).
When I open a Google Chrome on my phone, it loads the swagger UI of the backend, and I think it first asked me if I wanted to use my cert.
The swagger works, I was able to try the endpoints there.
The problem is that I can't make a backend call from the app because it immediately drops my request with an SSL certification validation failed message.
I wrote some quick test code with exact namespaces to understand what I'm doing:
// This returns the cert of the user's certificates:
Java.Security.Cert.X509Certificate myJavaCert = KeyChain.GetCertificateChain(this.ApplicationContext, "MyCertAlias").FirstOrDefault();
//Convert to X509Certificate2:
var myDotNetCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(myJavaCert.GetEncoded());
//I'm doing HttpClient manually, I don't want to use IHttpClientFactory yet:
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ClientCertificates.Add(myDotNetCert);
var httpClient = new HttpClient(httpClientHandler);
// Finally I call the post that runs for the above mentioned error:
await httpClient.PostAsync(url, objectToPost);
I’m pretty stuck with this task, I don’t really know where to try.
Thanks for the help in advance too!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过一周的研究,我终于自己弄清楚了。
这是我自己的问题的完整详细答案:
来自 KeyStore 的 Xamarin Forms (Android) 客户端证书与 PFX文件
After one week of research I finally figured it out to myself.
Here is the full-detailed answer for my own question:
Xamarin Forms (Android) Client certificate from KeyStore vs PFX file