通过自签名证书通过HTTPS连接到站点的Xamarin Android问题:“找不到证书路径的信任锚". [英] Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."
问题描述
我正在尝试对具有2个SSL证书的站点进行HTTPS调用:自签名证书和由第一个证书签名的证书.当我使用HttpClient向站点发送请求时,控制台会记录一个不受信任的链,显示两个证书,然后打印由java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
引起的长堆栈跟踪.
I am trying to make HTTPS calls to site that has 2 SSL certificates: a self-signed certificate and a certificate that was signed by the the first certificate. When I use an HttpClient to send a request to the site, the console logs an untrusted chain, shows both certificates, then print a long stack trace of that is caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
.
我已经在手机上安装了两个证书,并且将Chrome浏览到该站点会显示一个受信任的连接(在安装证书之前,它具有不可信的连接警告).我认为问题在于该应用程序拒绝信任自签名证书.我无权访问服务器,因此对服务器的证书没有影响,因此无法安装由受信任的CA签名的证书.
I have installed both certificates on my phone and navigating Chrome to the site shows a trusted connection (it had an untrusted connection warning before I installed the certificates). I believe the issue is that the App refuses to trust self-signed certificates. I do not have access to the server and thus have no influence on its certificates, so installing a certificate signed by a trusted CA is not viable.
ServicePointManager.ServerCertificateValidationCallback似乎没有运行.
我尝试对ServicePointManager.ServerCertificateValidationCallback
使用我自己的函数,但是我给它的委托似乎从未运行.我的MainActivity.OnCreate方法中包含以下代码,但控制台从不记录该消息:
I have tried using my own function for ServicePointManager.ServerCertificateValidationCallback
, but the delegate I give it never seems to run. I have the following code in my MainActivity.OnCreate method, but the console never logs the message:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
Console.WriteLine($"****************************************************************************************************");
return true;
};
HttpClientHandler.ServerCertificateCustomValidationCallback引发异常.
我尝试使用HttpClientHandler
并设置其ServerCertificateCustomValidationCallback
,但是我只收到消息:
I have tried using an HttpClientHandler
and settings its ServerCertificateCustomValidationCallback
, but I just get the message:
System.NotImplementedException: The method or operation is not implemented. at System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] value)
.
设置代码:
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
HttpClient client = new HttpClient(handler);
推荐答案
我能够在Android和iOS上使用它.
I was able to get this to work in both Android and iOS.
iOS 很简单,只需覆盖ServicePointManager.ServerCertificateValidationCallback
:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
对于Android ,我使用了 Bruno Caceiro对类似问题的回答和创建的依赖服务
For Android I used Bruno Caceiro's answer from a similar question and a created Dependency Service.
在我的Xamarin Forms项目中,我添加了一个简单的界面:
In my Xamarin Forms project I added a simple interface:
public interface IHTTPClientHandlerCreationService
{
HttpClientHandler GetInsecureHandler();
}
在我的Xamarin Android项目中,我实现了该接口:
And in my Xamarin Android project I implemented the interface:
[assembly: Dependency(typeof(HTTPClientHandlerCreationService_Android))]
namespace MyApp.Droid
{
public class HTTPClientHandlerCreationService_Android : CollateralUploader.Services.IHTTPClientHandlerCreationService
{
public HttpClientHandler GetInsecureHandler()
{
return new IgnoreSSLClientHandler();
}
}
internal class IgnoreSSLClientHandler : AndroidClientHandler
{
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return SSLCertificateSocketFactory.GetInsecure(1000, null);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return new IgnoreSSLHostnameVerifier();
}
}
internal class IgnoreSSLHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
public bool Verify(string hostname, ISSLSession session)
{
return true;
}
}
}
共享代码以正确设置HttpClient:
Shared code to correctly set up the HttpClient:
switch (Device.RuntimePlatform)
{
case Device.Android:
this.httpClient = new HttpClient(DependencyService.Get<Services.IHTTPClientHandlerCreationService>().GetInsecureHandler());
break;
default:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
this.httpClient = new HttpClient(new HttpClientHandler());
break;
}
这篇关于通过自签名证书通过HTTPS连接到站点的Xamarin Android问题:“找不到证书路径的信任锚".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!