在 Mono 上使用自定义 SSL 客户端证书 System.Net.HttpClient
Posted
技术标签:
【中文标题】在 Mono 上使用自定义 SSL 客户端证书 System.Net.HttpClient【英文标题】:Using custom SSL client certificates System.Net.HttpClient on Mono 【发布时间】:2014-08-25 22:04:17 【问题描述】:我正在使用来自 NuGet 的Microsoft HTTP Client Libraries,我基本上是在尝试使用 X509Certificate2 证书在 HttpClient 中允许 TLS 身份验证。
我尝试过这样创建客户端:
WebRequestHandler certHandler = new WebRequestHandler ()
ClientCertificateOptions = ClientCertificateOption.Manual,
UseDefaultCredentials = false
;
certHandler.ClientCertificates.Add (this.ClientCertificate);
HttpClient client = new HttpClient (certHandler);
但是certHandler.ClientCertificates 失败了,因为这个getter 是not implemented in Mono,所以我得到了一个NotImplementedException。 (我不确定为什么这仍然是 TODO。)
到目前为止,我运气不佳。任何想法如何在 Mono 环境中简单地在 HttpClient 上设置客户端证书?
【问题讨论】:
也许这会有所帮助...dib0.nl/code/… 这可能是一个待办事项,因为还有其他不使用 HttpClient 的方式来完成连接 虽然这家伙似乎已经在 Mono 上工作了...forums.xamarin.com/discussion/2980/ssl-connection-exception-too @Mick 是的,那个人正在使用我不能使用的 TcpClient。我需要 HttpClient 的许多功能。 也不能使用HttpWebRequest? 【参考方案1】:看起来好像只是能够将客户端证书集合传递给 CreateWebRequest 中的 HttpWebRequest,所以由于继承不起作用,我只是从 mono 复制/粘贴类并添加了实现。
// Copyright (c) 2013 Xamarin Inc. (http://www.xamarin.com)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
using System;
using System.Net.Cache;
using System.Net.Security;
using System.Security.Principal;
using System.Security.Cryptography.X509Certificates;
namespace System.Net.Http
public class WebRequestHandlerWithClientcertificates : HttpClientHandler
bool allowPipelining;
RequestCachePolicy cachePolicy;
AuthenticationLevel authenticationLevel;
TimeSpan continueTimeout;
TokenImpersonationLevel impersonationLevel;
int maxResponseHeadersLength;
int readWriteTimeout;
RemoteCertificateValidationCallback serverCertificateValidationCallback;
bool unsafeAuthenticatedConnectionSharing;
private X509CertificateCollection clientCertificates;
public WebRequestHandler ()
allowPipelining = true;
authenticationLevel = AuthenticationLevel.MutualAuthRequested;
cachePolicy = System.Net.WebRequest.DefaultCachePolicy;
continueTimeout = TimeSpan.FromMilliseconds (350);
impersonationLevel = TokenImpersonationLevel.Delegation;
maxResponseHeadersLength = HttpWebRequest.DefaultMaximumResponseHeadersLength;
readWriteTimeout = 300000;
serverCertificateValidationCallback = null;
unsafeAuthenticatedConnectionSharing = false;
public bool AllowPipelining
get return allowPipelining;
set
EnsureModifiability ();
allowPipelining = value;
public RequestCachePolicy CachePolicy
get return cachePolicy;
set
EnsureModifiability ();
cachePolicy = value;
public AuthenticationLevel AuthenticationLevel
get return authenticationLevel;
set
EnsureModifiability ();
authenticationLevel = value;
public X509CertificateCollection ClientCertificates
get
if (clientCertificates==null)
clientCertificates = new X509CertificateCollection();
return clientCertificates;
set
if (value==null)
throw new ArgumentNullException("value");
EnsureModifiability ();
clientCertificates = value;
[MonoTODO]
public TimeSpan ContinueTimeout
get return continueTimeout;
set
EnsureModifiability ();
continueTimeout = value;
public TokenImpersonationLevel ImpersonationLevel
get return impersonationLevel;
set
EnsureModifiability ();
impersonationLevel = value;
public int MaxResponseHeadersLength
get return maxResponseHeadersLength;
set
EnsureModifiability ();
maxResponseHeadersLength = value;
public int ReadWriteTimeout
get return readWriteTimeout;
set
EnsureModifiability ();
readWriteTimeout = value;
[MonoTODO]
public RemoteCertificateValidationCallback ServerCertificateValidationCallback
get return serverCertificateValidationCallback;
set
EnsureModifiability ();
serverCertificateValidationCallback = value;
public bool UnsafeAuthenticatedConnectionSharing
get return unsafeAuthenticatedConnectionSharing;
set
EnsureModifiability ();
unsafeAuthenticatedConnectionSharing = value;
internal override HttpWebRequest CreateWebRequest (HttpRequestMessage request)
HttpWebRequest wr = base.CreateWebRequest (request);
wr.Pipelined = allowPipelining;
wr.AuthenticationLevel = authenticationLevel;
wr.CachePolicy = cachePolicy;
wr.ImpersonationLevel = impersonationLevel;
wr.MaximumResponseHeadersLength = maxResponseHeadersLength;
wr.ReadWriteTimeout = readWriteTimeout;
wr.UnsafeAuthenticatedConnectionSharing = unsafeAuthenticatedConnectionSharing;
// here : maybe wr.ClientCertificates = ClientCertificates if the line below throws an error in your tests
wr.ClientCertificates.Add(ClientCertificates);
return wr;
现在在您的代码中使用 WebRequestHandlerWithClientCertificates 而不是 WebRequestHandler
【讨论】:
3 个编译问题:(1) 不能“覆盖”继承的成员,因为它没有在ClientCertificates 标记为“抽象”或“虚拟”(2) 不能覆盖CreateWebRequest,因为它不是找到(我认为是因为它被标记为内部)并且 (3) base.CreateWebRequest 由于其保护级别而无法访问。
哼,该死。抱歉,我手头没有测试环境。重点是简单地实现 ClientCertificates 属性并将其传递给 CreateWebRequest 中的 wr,因为它看起来好像是唯一需要的。想到的唯一解决方案是复制/粘贴 WebRequestHandler 并执行此操作,如果可行,则将补丁提交给 mono。我更新了我的答案以反映这一点。以上是关于在 Mono 上使用自定义 SSL 客户端证书 System.Net.HttpClient的主要内容,如果未能解决你的问题,请参考以下文章