[英]Certificate verification with Cordova
I wonder if there is a simple/recommended way for verifying the remote site certificate within Cordova. 我想知道是否有一种简单/推荐的方法来验证Cordova中的远程站点证书。 I would like my app to verify $remote.thumbprint is in a list of expected thumbprints and no one MITMs.
我希望我的应用程序验证$ remote.thumbprint是否在预期的指纹列表中,并且没有一个MITM。 The code (and the list) should be deployed on the phone through the app stores (I just assume they are trusted).
代码(和列表)应该通过应用程序商店部署在手机上(我只是假设它们是受信任的)。
Preferably a straight forward solution that does not require platform specific code for Android, IOS and WP? 最好是不需要针对Android,IOS和WP的平台特定代码的直接解决方案?
In order to see the cert information on a remote site you have to have access to that remote server. 为了查看远程站点上的证书信息,您必须有权访问该远程服务器。 But assuming you have access to the server you could write some server code that returns a list of thumbrint values and what ever else you may need returned.
但是,假设您有权访问服务器,则可以编写一些服务器代码,这些代码将返回thumbrint值列表以及您可能需要返回的其他值。 Here is how you could do it with C# using asp.net:
这是使用asp.net使用C#的方法:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Cryptography;
using System.Security.Permissions;
using System.IO;
using System.Security.Cryptography.X509Certificates;
namespace FIPWS01
{
public partial class certtest : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
try
{
X509Store store = new X509Store(StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
// X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectName, "Kilpatrick", false);
X509Certificate2Collection fcollection = (X509Certificate2Collection)collection.Find(X509FindType.FindBySubjectName, "[your info here]", false);
Response.Write("Number of certificates: " + fcollection.Count + "<br>");
foreach (X509Certificate2 x509 in fcollection)
{
byte[] rawdata = x509.RawData;
Response.Write("Friendly Name: " + x509.FriendlyName + "<br>");
Response.Write("Simple Name: " + x509.GetNameInfo(X509NameType.SimpleName, true) + "<br>");
Response.Write("Thumb Print: " + x509.Thumbprint + "<br>");
}
store.Close();
}
catch (CryptographicException)
{
Response.Write("Information could not be written out for this certificate.");
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.