我想在我的 UWP 应用程序上执行 ssl 固定。我的应用在 Visual Studio 2015 更新 3 上运行。我需要针对整个团队共享的根 CA 验证服务器证书。我无法获得 System.Security.Cryptography.X509Certificates 的参考,但不可用。请让我知道这里的替代方案。
我尝试了以下方法:
使用 Window.Security.Cryptography。使用 https 请求调用
using (var filter = new HttpBaseProtocolFilter()) { // todo: probably remove this in production, avoids overly aggressive cache try { rootCertificate = caCertificateString; filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.NoCache; filter.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted); filter.IgnorableServerCertificateErrors.Add(ChainValidationResult.InvalidName); filter.ServerCustomValidationRequested += FilterOnServerCustomValidationRequested; //filter.ClientCertificate = await this.getClientCertiifcate(posCertificateString, password); var httpClient = new Windows.Web.Http.HttpClient(filter); var httpContent = new Windows.Web.Http.HttpStringContent(requestObj, Windows.Storage.Streams.UnicodeEncoding.Utf8); httpContent.Headers.ContentType = Windows.Web.Http.Headers.HttpMediaTypeHeaderValue.Parse("application/x-www-form-urlencoded"); var response = await httpClient.PostAsync(new Uri(URL), httpContent); string content = await response.Content.ReadAsStringAsync(); JsonObject statusObject = new JsonObject(); statusObject.Add("response", JsonValue.CreateStringValue(content)); return content; } catch (Exception e1) { string msg = e1.Message; return msg; } }
private void FilterOnServerCustomValidationRequested(HttpBaseProtocolFilter sender, HttpServerCustomValidationRequestedEventArgs args)
{
try
{
byte[] bytes = System.Convert.FromBase64String(this.rootCertificate); // Our root CA. Need to validate against args.ServerCertificate
}
catch(Exception e)
{
args.Reject();
}
}
- 我也有如上所示的 ServerCustomValidationRequested 回调:
- 我应该如何根据我们团队共享的根 CA 进一步验证服务器证书(args.ServerCertificate)。