[英]Translate cURL to RestSharp (Could not create SSL/TLS secure channel)
I am working to integrate with a third-party that provides sample code for use with cURL. 我正在努力与提供与cURL一起使用的示例代码的第三方集成。 I've been able to successfully connect using cURL via the following command: 我已经能够通过以下命令使用cURL成功连接:
curl -k -d "grant_type=client_cert" --basic -u "myUserName:myPassword" -H "Content-Type: application/x-www-form-urlencoded" --cert c:\\certs\\myCert.pem https://vendorUrl/method curl -k -d“ grant_type = client_cert” –基本-u“ myUserName:myPassword” -H“内容类型:application / x-www-form-urlencoded” --cert c:\\ certs \\ myCert.pem https: // vendorUrl / method
In reading the cURL docs, I believe this is what all the switches translate to: 在阅读cURL文档时,我相信这是所有开关都翻译成的:
I have tried many (!) different tips I've found online, so there are some lines of code that may be unnecessary. 我尝试了许多在线发现的技巧,所以有些行的代码可能是不必要的。 I have tried to indicate where I have interpreted cURL switches to C# in my code comments. 我试图指出我在代码注释中将cURL开关解释为C#的位置。
//Not sure if these are needed or not.
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = false;
//allow every possible protocol for now just to eliminate the protocol as the source of the problem
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;
//this should be the equivalent of cURL's "-k" (insecure) switch.
ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
var certificatePath = ConfigurationManager.AppSettings.GetValue("myPath");
var clientKey = "myKey";
var clientSecret = "mySecret";
var url = "https://vendorUrl/method";
//create the request
var request = new RestRequest(Method.POST);
////this should be the equivalent of cURL's -d (data) switch. no idea if this is done correctly. I have also tried adding this as "AddJsonBody()"
var body = "grant_type=client_cert";
request.AddBody(body);
//this should be the equivalent of cURL's "-H" (header) switch
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
//Import certificate
var certificates = new X509Certificate();
certificates.Import(certificatePath);
var client = new RestClient
{
BaseUrl = new Uri(url),
//this should be the equivalent of cURL's "--cert" switch
ClientCertificates = new X509CertificateCollection { certificates },
//this should be the equivalent of cURL's "--basic" (Basic Auth) switch and the "-u" switch
Authenticator = new HttpBasicAuthenticator(clientKey, clientSecret)
};
var response = client.Execute(request);
The error message I get is the dreaded "The request was aborted: Could not create SSL/TLS secure channel." 我收到的错误消息是可怕的“请求已中止:无法创建SSL / TLS安全通道。”
I also added trace logging as described here: The request was aborted: Could not create SSL/TLS secure channel . 我还添加了跟踪日志记录,如下所述: 请求已中止:无法创建SSL / TLS安全通道 。
I don't really know how to parse the output of the trace, but one of the last messages in the trace looks like a problem: 我真的不知道如何解析跟踪的输出,但是跟踪中的最后一条消息似乎是一个问题:
System.Net Information: 0 : [9232] InitializeSecurityContext(In-Buffers count=2, Out-Buffer length=0, returned code=IllegalMessage). System.Net信息:0:[9232] InitializeSecurityContext(缓冲区内计数= 2,缓冲区外长度= 0,返回代码= IllegalMessage)。
In my case, I had to install the certificate on the local computer/server in order to get this to work. 就我而言,我必须在本地计算机/服务器上安装证书才能使其生效。 It's not clear to me why cURL works without the certificate installed. 我不清楚,为什么在没有安装证书的情况下cURL可以工作。
The certificate I had to install had a .p12 extension. 我必须安装的证书的扩展名为.p12。 So in code I loaded the .pem file, which is a file derived from the .p12 file. 因此,我在代码中加载了.pem文件,该文件是从.p12文件派生的文件。 I'm not claiming to understand why. 我并不是在说为什么。
By switching to HttpClient, I was able to avoid loading the .pem file by adding: 通过切换到HttpClient,我可以通过添加以下内容来避免加载.pem文件:
var handler = new WebRequestHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Automatic;
var httpClient = new HttpClient(handler);
I was not able to find a RestSharp/WebRequest equivalent to ClientCertificateOptions. 我找不到与ClientCertificateOptions等效的RestSharp / WebRequest。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.