[英]M2MQTT Argument Exception: unsupported HMAC
I am trying to setup an MQTT client in Unity (C#) which would communicate with AWS IoT Core.我正在尝试在 Unity (C#) 中设置一个 MQTT 客户端,它将与 AWS IoT Core 通信。 Here are the steps I've taken:
以下是我采取的步骤:
1)Generated a.pfx file using the certificate files from AWS: 1)使用来自AWS的证书文件生成a.pfx文件:
openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem
2)Placed the.pem and.pfx file in the Resources folder of my project. 2)将.pem 和.pfx 文件放在我项目的Resources 文件夹中。 The path for the device certification in the code would be:
deviceCertPath="Assets/Resources/certificate.cert.pfx"
代码中设备认证的路径为:
deviceCertPath="Assets/Resources/certificate.cert.pfx"
3)Added M2Mqtt.net dll to Plugins folder (Downloaded from NuGet) 3) 将 M2Mqtt.net dll 添加到 Plugins 文件夹(从 NuGet 下载)
4)My code is as follows: 4)我的代码如下:
using System.Collections;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
using UnityEngine;
using uPLibrary.Networking.M2Mqtt;
using uPLibrary.Networking.M2Mqtt.Messages;
// Variables
private void Start()
{
caCert = X509Certificate2.CreateFromCertFile(caCertPath);
deviceCert = new X509Certificate2(deviceCertPath);
client = new MqttClient(broker, port, true, caCert, deviceCert, MqttSslProtocols.TLSv1_2);
client.MqttMsgPublishReceived += Client_MqttMsgPublishReceived;
client.MqttMsgSubscribed += Client_MqttMsgSubscribed;
//Connect
client.Connect(clientId);
Debug.Log($"Connected to AWS IoT with client id: {clientId}.");
}
// Message Methods
When I try to run the code I get an error that happens when trying to create the deviceCert:当我尝试运行代码时,出现在尝试创建 deviceCert 时发生的错误:
ArgumentException: unsupported HMAC
Mono.Security.X509.PKCS12.Decode (System.Byte[] data) (at <b2e147cb24644c1580a142ea3d6c249e>:0)
Mono.Security.X509.PKCS12..ctor (System.Byte[] data, System.String password) (at <b2e147cb24644c1580a142ea3d6c249e>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, System.String password) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono..ctor (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.X509PalImpl.ImportFallback (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.X509PalImplMono.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile (System.String filename) (at <6073cf49ed704e958b8a66d540dea948>:0)
MQTT.Start () (at Assets/Circulate/Scripts/Networking/MQTT/MQTT.cs:32)
The current.pfx file does not have a password, although I've attempted to use one with a password and got the same error. current.pfx 文件没有密码,尽管我尝试使用一个带密码的文件并得到同样的错误。 When I check the details of the certificates, both have a signature hash algorithm of sha256.
当我检查证书的详细信息时,两者都有 sha256 的签名 hash 算法。 I'm not sure why I am receiving this error and I haven't been able to find much information regarding unsupported HMAC.
我不确定为什么会收到此错误,而且我无法找到有关不受支持的 HMAC 的大量信息。 Any help is appreciated, thank you!
感谢您的帮助,谢谢!
Your exception, based on the source is that the PFX MAC algorithm ID is not 1.3.14.3.2.26 (SHA-1).根据来源,您的例外情况是 PFX MAC 算法 ID 不是1.3.14.3.2.26 (SHA-1)。
This seems surprising, since OpenSSL still defaults to HMAC-SHA1 for the PFX MAC, but maybe your build of OpenSSL has been modified.这似乎令人惊讶,因为 OpenSSL 仍然默认为 PFX MAC 的 HMAC-SHA1,但也许您的 OpenSSL 构建已被修改。 You should be able to force it to use HMAC-SHA1 by adding
-macalg sha1
onto your export command (eg openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem -macalg sha1
).您应该能够通过在导出命令中添加
-macalg sha1
来强制它使用 HMAC-SHA1(例如openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem -macalg sha1
)。
You can verify the MAC algorithm ID by openssl asn1parse
, such as可以通过
openssl asn1parse
验证MAC算法ID,比如
$ openssl asn1parse -inform der -i -in test.pfx
0:d=0 hl=4 l=1716 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :03
7:d=1 hl=4 l=1658 cons: SEQUENCE
11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data
22:d=2 hl=4 l=1643 cons: cont [ 0 ]
26:d=3 hl=4 l=1639 prim: OCTET STRING [HEX DUMP]:3082066...<snip />
1669:d=1 hl=2 l= 49 cons: SEQUENCE
1671:d=2 hl=2 l= 33 cons: SEQUENCE
1673:d=3 hl=2 l= 9 cons: SEQUENCE
1675:d=4 hl=2 l= 5 prim: OBJECT :sha1
1682:d=4 hl=2 l= 0 prim: NULL
1684:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:9E2270B998C4A69898F29634EC0F4823E47879A0
1706:d=2 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E540B4FDBC03B6AF
1716:d=2 hl=2 l= 2 prim: INTEGER :0800
The OBJECT:sha1
5 lines from the bottom is the MAC algorithm identifier. OBJECT:sha1
第5行是MAC算法标识。 (The particular offset for that line (eg 1675) will depend on your particular PFX, but that line will always be 5 from the bottom) (该行的特定偏移量(例如 1675)将取决于您的特定 PFX,但该行始终从底部算起 5)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.