19

我有一个为 8.1 构建的 Windows Phone 应用程序,其中一项任务是客户端-服务器证书方案。我的应用程序运行良好,我可以发送客户端证书并登录到服务器。但是,在升级到 Windows 8.10.14xxxx 之后,这是不可能的。我拿了wireshark的踪迹,似乎从未发送过证书。消息的内容长度为 0。

我使用HttpClient.SendAsync(等待)并HttpBaseProtocolFilter输入证书。在升级之前它运行完美。

任何想法?有什么东西坏了吗?

首先,我正在安装 pfx

async private void btnInstall_Click(object sender, RoutedEventArgs e)
{
    //Install the self signed client cert to the user certificate store

    string CACertificate = null;
    try
    {
        Uri uri = new Uri("ms-appx:///certificates/test.pfx");
        var file = await Windows.Storage.StorageFile.GetFileFromApplicationUriAsync(uri);
        IBuffer buffer = await FileIO.ReadBufferAsync(file);
        using (DataReader dataReader = DataReader.FromBuffer(buffer))
        {
            byte[] bytes = new byte[buffer.Length];
            dataReader.ReadBytes(bytes);
            // convert to Base64 for using with ImportPfx
            CACertificate = System.Convert.ToBase64String(bytes);
        }
        await CertificateEnrollmentManager.UserCertificateEnrollmentManager.ImportPfxDataAsync(
            CACertificate,
            "xxxxx",
            ExportOption.Exportable,
            KeyProtectionLevel.NoConsent,
            InstallOptions.None,
            "ClientCert1");


    }
    catch (Exception ex)
    {
        //;
    }
}

然后我打电话给服务

string serviceURL = "https://my.web.services";
Certificate cert = null;

CertificateQuery query = new CertificateQuery();
query.FriendlyName = "ClientCert1";
IReadOnlyCollection<Certificate> certs = await CertificateStores.FindAllAsync(query);

HttpBaseProtocolFilter bpf = new HttpBaseProtocolFilter();
//if you install the CA you don't need to ignore the ServerCertificate Errors
//bpf.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);

if (certs.Count > 0)
{
    cert = certs.ElementAt(0);
    bpf.ClientCertificate = cert;
}

HttpClient httpClient = new HttpClient(bpf);
try
{

    var response = await httpClient.GetInputStreamAsync(new Uri(serviceURL));
    //take data
}
catch (Exception ex)
{              
    //0x80072F0D 
}

在windows phone中运行时,我总是使用异常 ( 0x80072F0D) 。8.10.14xxxx我的代码在更新之前有效,现在我总是使用这个返回码。证书在 httpClient 中加载。当我用调试器停止应用程序时,证书似乎在那里,但是0x800072F0D可能意味着证书没有发送???

场景中有一个中间证书颁发机构。该证书包含在 pfx 中。我需要以某种方式安装它吗?

4

1 回答 1

1

我假设您已经将客户端证书放入应用证书商店。如果没有,请执行以下操作:
1) 下载 PFX 文件。
2)通过以下方式在应用程序的证书存储中安装证书

await CertificateEnrollmentManager.ImportPfxDataAsync(certString, "Your_PFX_Password", ExportOption.Exportable, KeyProtectionLevel.NoConsent, InstallOptions.None, friendlyName);

3) 检查证书存储中的证书。

CertificateQuery certQuery = new CertificateQuery();
certQuery.FriendlyName = friendlyName;
IReadOnlyList<Certificate> certs = await CertificateStores.FindAllAsync(certQuery);

certs[0]应该有你需要的证书。

4) 现在,将证书附加到 HTTP 请求

HttpBaseProtocolFilter protolFilter = new HttpBaseProtocolFilter();
protolFilter.ClientCertificate = certs[0] //from previous step
HttpClient client = new HttpClient(protolFilter)

PS:你不应该使用System.Net.htpp.HttpClient。而不是你应该使用Windows.Web.Http.HttpClient.

于 2015-09-16T07:25:35.123 回答