Windows Phone 8.0 证书固定 [英] Windows Phone 8.0 certificate pinning

问题描述

如何在没有 SecureBlackbox 等商业库的情况下在 Windows Phone 8.0 中进行证书固定?我可以在 Windows Phone 8.1 上使用它，但它不适用于 WP8.0.

How i can do certificate pinning in Windows Phone 8.0 without commercial libraries like SecureBlackbox? I can do it for Windows Phone 8.1, but it doesn't work for WP8.0.

WP8.1 代码

private async Task<bool> GetPublicKeysFromServer(string serverUrl)
    {
        //clear old cers
        serverPublicKyes = new List<string>();

        Uri serverUri = new Uri(serverUrl);
        HttpClient httpClient = new HttpClient();

        string responseData = string.Empty;
        HttpResponseMessage response = new HttpResponseMessage();
        response = await httpClient.GetAsync(serverUri);

        List<Certificate> listCerts = new List<Certificate>();
        listCerts.Add(response.RequestMessage.TransportInformation.ServerCertificate);

        foreach (Certificate aCertificate in listCerts)
        {
            IBuffer buffer = aCertificate.GetCertificateBlob();
            byte[] bCert = buffer.ToArray();
            string scert = BitConverter.ToString(bCert);
            byte[] rsaOID = EncodeOID("1.2.840.113549.1.1.1");//1.2.840.113549.1.1.1
            string sOID = BitConverter.ToString(rsaOID);
            int length;
            int index = FindX509PubKeyIndex(bCert, rsaOID, out length);
            // Found X509PublicKey in certificate so copy it.
            if (index > -1)
            {
                byte[] X509PublicKey = new byte[length];
                Array.Copy(bCert, index, X509PublicKey, 0, length);
                string URLCertPublicKey = BitConverter.ToString(X509PublicKey);
                serverPublicKyes.Add(URLCertPublicKey);
                Debug.WriteLine("Site Cert: " + URLCertPublicKey);
            }
        }
        return true;
    }

WP8.0 API 不支持:

WP8.0 API does not support:

Windows.Security.Cryptography和HttpRequestMessage.TransportInformation

谢谢.

推荐答案

对于 Windows Phone 8/8.1:Windows Phone 8/8.1 上的证书固定

For Windows Phone 8/8.1: Certificate pinning on windows phone 8/8.1

我认为如果不使用您提到的商业图书馆，您就无法做到.你应该试一试.如果没有，那么我在这里找到了 Stack Overflow 本身的一些内容(阅读 WP8 上的 SSL 证书详细信息):

I don't think you can do it without using commercial library as you mentioned. You should give it a try. If not then here I found some content from Stack Overflow itself (Read SSL Certificate Details on WP8):

对于 WP8，您可以使用 StreamSocket 类，该类具有UpgradeToSslAsync() 方法将为您执行 TLS 握手异步操作.完成后，您可以使用.Information.ServerCertificate 属性来检查您是否获得了您期望的服务器证书.

For WP8, you can use the StreamSocket class, which has an UpgradeToSslAsync() method that will do the TLS handshake for you as an async operation. Once that completes, you can use the .Information.ServerCertificate property to check that you got the server certificate you were expecting.

这篇关于Windows Phone 8.0 证书固定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！