Flutter从资产文件夹添加自签名证书 [英] Flutter add self signed certificate from asset folder

问题描述

我的服务器在调用其HTTPS API时会提供一个自签名证书。我在 asset 文件夹中有证书文件，并在我尝试过的 pubspec.yaml
中引用了它的路径将证书传递给 SecurityContext ，然后使用该上下文创建 HttpClient 。但是我将证书传递给 SecurityContext 的方式不起作用。以下是代码：

My server provides a Self Signed certificate when calling its HTTPS API. I have the certificate file in the asset folder and referenced its path in pubspec.yaml I have tried passing the certificate to SecurityContext and then using that context to create an HttpClient. But the way I'm passing the certificate to SecurityContext is not working. Here is the code:

Future<ByteData> getFileData(String path) async {
    return await rootBundle.load(path);
}

void initializeHttpClient() async {
    try {
         Future<ByteData> data = getFileData('assets/raw/certificate.crt');
         await data.then((value) {
             var context = SecurityContext.defaultContext;
             context.useCertificateChainBytes(value.buffer.asInt8List());
             client = HttpClient(context: context);
         });

    } on Exception catch (exception) {
         print(exception.toString());
    }
}

SecurityContext 有两种方法：

1） useCertificateChain（）接受文件路径。但是，当我在资产文件夹中提供文件的路径时（ assets / raw / certificate.crt）。

2） useCertificateChainBytes（）上面的代码正在使用此方法。但这也会给我类似错误（文件结尾意外）。

The SecurityContext has two methods:
1) useCertificateChain() this accepts a file path. But when I give the path of the file in my asset folder ('assets/raw/certificate.crt'). It says file not found.
2) useCertificateChainBytes() the above code is using this method. But this also gives me error like (unexpected end of file).

目前的解决方案

我使用 client.badCertificateCallback =（X509Certificate cert，String host，int port）=>绕过它。 true; 。

但我想使其与证书一起使用

推荐答案

从您的问题中不清楚自签名证书的作用是什么。根据您的解决方法，我认为这是您已安装在HTTPS服务器中的服务器端证书。 （这不是您要传递到服务器的客户端证书。）

It's not clear from your question what the role of the self-signed certificate is. Based on your work around, I assume that it's a server side certificate that you have installed in the HTTPS server. (It's not a client side certificate that you would like to pass to the server.)

因此，您需要做的是让Dart HttpClient 以信任该证书，该证书将作为TLS握手的一部分由服务器传递给该证书。 （通过设置回调，您已经使客户端信任任何证书，而不仅是服务器的证书。）

So, what you need to do is to get the Dart HttpClient to trust that certificate, which will be passed to it by the server as part of the TLS handshake. (By setting the callback you have made the client trust any certificate, not just your server's.)

要设置受信任的证书，请使用 setTrustedCertificatesBytes 代替 useCertificateChainBytes （如果您的证书是客户端证书，则将使用它）。

To set the trusted certificate use setTrustedCertificatesBytes in place of useCertificateChainBytes (which you would use if your certificate was a client side one).

您不能直接将资产作为文件 s访问，因为它们是由构建捆绑在一起的。通过加载它们并使用 ... Bytes 方法，您正在做正确的事情。您可以像这样提高代码的可读性（删除 then ）。另外，请注意对 Uint8List

You cannot access assets directly as Files as they are bundled by the build. You are doing the right thing by loading them and using the ...Bytes methods. You could improve the readability of your code like this (removing the then). Also, note the subtle change to Uint8List

ByteData data = await rootBundle.load('assets/raw/certificate.crt');
SecurityContext context = SecurityContext.defaultContext;
context.setTrustedCertificatesBytes(data.buffer.asUint8List());
client = HttpClient(context: context);

这篇关于Flutter从资产文件夹添加自签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！