[英]Trust anchor for certification path not found. Using self-signed client certificates on android
[英]Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."
我正在尝试对具有 2 个 SSL 证书的站点进行 HTTPS 调用:一个自签名证书和一个由第一个证书签名的证书。 当我使用 HttpClient 向站点发送请求时,控制台会记录一个不受信任的链,显示两个证书,然后打印由java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
引起的长堆栈跟踪java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
.
我已经在我的手机上安装了这两个证书,并且将 Chrome 导航到该站点显示受信任的连接(在我安装证书之前,它有一个不受信任的连接警告)。 我认为问题在于该应用程序拒绝信任自签名证书。 我无权访问服务器,因此对其证书没有影响,因此安装由受信任的 CA 签名的证书是不可行的。
ServicePointManager.ServerCertificateValidationCallback 似乎没有运行。
我曾尝试将我自己的函数用于ServicePointManager.ServerCertificateValidationCallback
,但我给它的委托似乎从未运行过。 我的 MainActivity.OnCreate 方法中有以下代码,但控制台从不记录消息:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
Console.WriteLine($"****************************************************************************************************");
return true;
};
HttpClientHandler.ServerCertificateCustomValidationCallback 引发异常。
我曾尝试使用HttpClientHandler
并设置其ServerCertificateCustomValidationCallback
,但我只收到消息:
System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value)
System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value)
。
设置代码:
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
HttpClient client = new HttpClient(handler);
我能够让它在 Android 和 iOS 上都能工作。
iOS很简单,只需覆盖ServicePointManager.ServerCertificateValidationCallback
:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
对于 Android,我使用了Bruno Caceiro 来自类似问题和创建的依赖服务的答案。
在我的 Xamarin Forms 项目中,我添加了一个简单的界面:
public interface IHTTPClientHandlerCreationService
{
HttpClientHandler GetInsecureHandler();
}
在我的 Xamarin Android 项目中,我实现了接口:
[assembly: Dependency(typeof(HTTPClientHandlerCreationService_Android))]
namespace MyApp.Droid
{
public class HTTPClientHandlerCreationService_Android : CollateralUploader.Services.IHTTPClientHandlerCreationService
{
public HttpClientHandler GetInsecureHandler()
{
return new IgnoreSSLClientHandler();
}
}
internal class IgnoreSSLClientHandler : AndroidClientHandler
{
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return SSLCertificateSocketFactory.GetInsecure(1000, null);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return new IgnoreSSLHostnameVerifier();
}
}
internal class IgnoreSSLHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
public bool Verify(string hostname, ISSLSession session)
{
return true;
}
}
}
正确设置 HttpClient 的共享代码:
switch (Device.RuntimePlatform)
{
case Device.Android:
this.httpClient = new HttpClient(DependencyService.Get<Services.IHTTPClientHandlerCreationService>().GetInsecureHandler());
break;
default:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
this.httpClient = new HttpClient(new HttpClientHandler());
break;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.