M2MQTT 参数异常:不支持的 HMAC
[英]M2MQTT Argument Exception: unsupported HMAC
问题描述
I am trying to setup an MQTT client in Unity (C#) which would communicate with AWS IoT Core.
我正在尝试在 Unity (C#) 中设置一个 MQTT 客户端,它将与 AWS IoT Core 通信。 Here are the steps I've taken:以下是我采取的步骤:
1)Generated a.pfx file using the certificate files from AWS: 1)使用来自AWS的证书文件生成a.pfx文件:
openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem
2)Placed the.pem and.pfx file in the Resources folder of my project. 2)将.pem 和.pfx 文件放在我项目的Resources 文件夹中。 The path for the device certification in the code would be: deviceCertPath="Assets/Resources/certificate.cert.pfx"代码中设备认证的路径为: deviceCertPath="Assets/Resources/certificate.cert.pfx"
3)Added M2Mqtt.net dll to Plugins folder (Downloaded from NuGet) 3) 将 M2Mqtt.net dll 添加到 Plugins 文件夹(从 NuGet 下载)
4)My code is as follows: 4)我的代码如下:
using System.Collections;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
using UnityEngine;
using uPLibrary.Networking.M2Mqtt;
using uPLibrary.Networking.M2Mqtt.Messages;
// Variables
private void Start()
{
caCert = X509Certificate2.CreateFromCertFile(caCertPath);
deviceCert = new X509Certificate2(deviceCertPath);
client = new MqttClient(broker, port, true, caCert, deviceCert, MqttSslProtocols.TLSv1_2);
client.MqttMsgPublishReceived += Client_MqttMsgPublishReceived;
client.MqttMsgSubscribed += Client_MqttMsgSubscribed;
//Connect
client.Connect(clientId);
Debug.Log($"Connected to AWS IoT with client id: {clientId}.");
}
// Message Methods
When I try to run the code I get an error that happens when trying to create the deviceCert:当我尝试运行代码时,出现在尝试创建 deviceCert 时发生的错误:
ArgumentException: unsupported HMAC
Mono.Security.X509.PKCS12.Decode (System.Byte[] data) (at <b2e147cb24644c1580a142ea3d6c249e>:0)
Mono.Security.X509.PKCS12..ctor (System.Byte[] data, System.String password) (at <b2e147cb24644c1580a142ea3d6c249e>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, System.String password) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono.ImportPkcs12 (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Certificate2ImplMono..ctor (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.X509PalImpl.ImportFallback (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.X509PalImplMono.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.SystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
Mono.SystemCertificateProvider.Mono.ISystemCertificateProvider.Import (System.Byte[] data, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags, Mono.CertificateImportFlags importFlags) (at <6d7c4c8dd3624dc596686fb7270ae1e6>:0)
System.Security.Cryptography.X509Certificates.X509Helper.Import (System.Byte[] rawData, Microsoft.Win32.SafeHandles.SafePasswordHandle password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName, System.String password, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags keyStorageFlags) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate..ctor (System.String fileName) (at <6073cf49ed704e958b8a66d540dea948>:0)
System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromSignedFile (System.String filename) (at <6073cf49ed704e958b8a66d540dea948>:0)
MQTT.Start () (at Assets/Circulate/Scripts/Networking/MQTT/MQTT.cs:32)
The current.pfx file does not have a password, although I've attempted to use one with a password and got the same error. current.pfx 文件没有密码,尽管我尝试使用一个带密码的文件并得到同样的错误。 When I check the details of the certificates, both have a signature hash algorithm of sha256.当我检查证书的详细信息时,两者都有 sha256 的签名 hash 算法。 I'm not sure why I am receiving this error and I haven't been able to find much information regarding unsupported HMAC.我不确定为什么会收到此错误,而且我无法找到有关不受支持的 HMAC 的大量信息。 Any help is appreciated, thank you!感谢您的帮助,谢谢!
1 个解决方案
解决方案1
0 2023-01-04 00:12:21
Your exception, based on the source is that the PFX MAC algorithm ID is not 1.3.14.3.2.26 (SHA-1).根据来源,您的例外情况是 PFX MAC 算法 ID 不是1.3.14.3.2.26 (SHA-1)。
This seems surprising, since OpenSSL still defaults to HMAC-SHA1 for the PFX MAC, but maybe your build of OpenSSL has been modified.这似乎令人惊讶,因为 OpenSSL 仍然默认为 PFX MAC 的 HMAC-SHA1,但也许您的 OpenSSL 构建已被修改。 You should be able to force it to use HMAC-SHA1 by adding -macalg sha1 onto your export command (eg openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem -macalg sha1 ).您应该能够通过在导出命令中添加-macalg sha1来强制它使用 HMAC-SHA1(例如openssl pkcs12 -export -in certificate.pem.crt -inkey private.pem.key -out certificate.cert.pfx -certfile AmazonRootCA1.pem -macalg sha1 )。
You can verify the MAC algorithm ID by openssl asn1parse , such as可以通过openssl asn1parse验证MAC算法ID,比如
$ openssl asn1parse -inform der -i -in test.pfx
0:d=0 hl=4 l=1716 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :03
7:d=1 hl=4 l=1658 cons: SEQUENCE
11:d=2 hl=2 l= 9 prim: OBJECT :pkcs7-data
22:d=2 hl=4 l=1643 cons: cont [ 0 ]
26:d=3 hl=4 l=1639 prim: OCTET STRING [HEX DUMP]:3082066...<snip />
1669:d=1 hl=2 l= 49 cons: SEQUENCE
1671:d=2 hl=2 l= 33 cons: SEQUENCE
1673:d=3 hl=2 l= 9 cons: SEQUENCE
1675:d=4 hl=2 l= 5 prim: OBJECT :sha1
1682:d=4 hl=2 l= 0 prim: NULL
1684:d=3 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:9E2270B998C4A69898F29634EC0F4823E47879A0
1706:d=2 hl=2 l= 8 prim: OCTET STRING [HEX DUMP]:E540B4FDBC03B6AF
1716:d=2 hl=2 l= 2 prim: INTEGER :0800
The OBJECT:sha1 5 lines from the bottom is the MAC algorithm identifier. OBJECT:sha1第5行是MAC算法标识。 (The particular offset for that line (eg 1675) will depend on your particular PFX, but that line will always be 5 from the bottom) (该行的特定偏移量(例如 1675)将取决于您的特定 PFX,但该行始终从底部算起 5)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.