Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚。”
[英]Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."
问题描述
I am trying to make HTTPS calls to site that has 2 SSL certificates: a self-signed certificate and a certificate that was signed by the the first certificate.
我正在尝试对具有 2 个 SSL 证书的站点进行 HTTPS 调用:一个自签名证书和一个由第一个证书签名的证书。 When I use an HttpClient to send a request to the site, the console logs an untrusted chain, shows both certificates, then print a long stack trace of that is caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found .当我使用 HttpClient 向站点发送请求时,控制台会记录一个不受信任的链,显示两个证书,然后打印由java.security.cert.CertPathValidatorException: Trust anchor for certification path not found引起的长堆栈跟踪java.security.cert.CertPathValidatorException: Trust anchor for certification path not found .
I have installed both certificates on my phone and navigating Chrome to the site shows a trusted connection (it had an untrusted connection warning before I installed the certificates).我已经在我的手机上安装了这两个证书,并且将 Chrome 导航到该站点显示受信任的连接(在我安装证书之前,它有一个不受信任的连接警告)。 I believe the issue is that the App refuses to trust self-signed certificates.我认为问题在于该应用程序拒绝信任自签名证书。 I do not have access to the server and thus have no influence on its certificates, so installing a certificate signed by a trusted CA is not viable.我无权访问服务器,因此对其证书没有影响,因此安装由受信任的 CA 签名的证书是不可行的。
Solutions I've tried that have not worked.我尝试过但没有奏效的解决方案。
ServicePointManager.ServerCertificateValidationCallback doesn't seem to run. ServicePointManager.ServerCertificateValidationCallback 似乎没有运行。
I have tried using my own function for ServicePointManager.ServerCertificateValidationCallback , but the delegate I give it never seems to run.我曾尝试将我自己的函数用于ServicePointManager.ServerCertificateValidationCallback ,但我给它的委托似乎从未运行过。 I have the following code in my MainActivity.OnCreate method, but the console never logs the message:我的 MainActivity.OnCreate 方法中有以下代码,但控制台从不记录消息:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
Console.WriteLine($"****************************************************************************************************");
return true;
};
HttpClientHandler.ServerCertificateCustomValidationCallback throws an exception. HttpClientHandler.ServerCertificateCustomValidationCallback 引发异常。
I have tried using an HttpClientHandler and settings its ServerCertificateCustomValidationCallback , but I just get the message:我曾尝试使用HttpClientHandler并设置其ServerCertificateCustomValidationCallback ,但我只收到消息:
System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value) System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value) . System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value) 。
Setup code:设置代码:
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
HttpClient client = new HttpClient(handler);
1 个解决方案
解决方案1
15 已采纳 2019-03-11 19:05:17
I was able to get this to work in both Android and iOS.我能够让它在 Android 和 iOS 上都能工作。
iOS was easy, just override ServicePointManager.ServerCertificateValidationCallback : iOS很简单,只需覆盖ServicePointManager.ServerCertificateValidationCallback :
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
For Android I used Bruno Caceiro's answer from a similar question and a created Dependency Service.对于 Android,我使用了Bruno Caceiro 来自类似问题和创建的依赖服务的答案。
In my Xamarin Forms project I added a simple interface:在我的 Xamarin Forms 项目中,我添加了一个简单的界面:
public interface IHTTPClientHandlerCreationService
{
HttpClientHandler GetInsecureHandler();
}
And in my Xamarin Android project I implemented the interface:在我的 Xamarin Android 项目中,我实现了接口:
[assembly: Dependency(typeof(HTTPClientHandlerCreationService_Android))]
namespace MyApp.Droid
{
public class HTTPClientHandlerCreationService_Android : CollateralUploader.Services.IHTTPClientHandlerCreationService
{
public HttpClientHandler GetInsecureHandler()
{
return new IgnoreSSLClientHandler();
}
}
internal class IgnoreSSLClientHandler : AndroidClientHandler
{
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return SSLCertificateSocketFactory.GetInsecure(1000, null);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return new IgnoreSSLHostnameVerifier();
}
}
internal class IgnoreSSLHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
public bool Verify(string hostname, ISSLSession session)
{
return true;
}
}
}
Shared code to correctly set up the HttpClient:正确设置 HttpClient 的共享代码:
switch (Device.RuntimePlatform)
{
case Device.Android:
this.httpClient = new HttpClient(DependencyService.Get<Services.IHTTPClientHandlerCreationService>().GetInsecureHandler());
break;
default:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
this.httpClient = new HttpClient(new HttpClientHandler());
break;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.