Npgsql 与 .net core web api 中的 ssl 证书的连接 [英] Npgsql connection with ssl certificates in .net core web api

问题描述

我将 NpgSqlConnection 用于 .net 核心 Web api 项目.当前 PostgreSQL 服务器已移至另一台服务器，需要使用客户端证书进行连接.我们提供了 3 个名为 client-cert.pem、client-key.pem 和 server-ca.pem 的证书文件.我能够使用客户端证书 & 连接到服务器.来自浏览器的 pgAdmin 密钥文件.但是，我无法从我的代码连接.从网上尝试了几种方法，但仍然出现以下错误.

I'm using the NpgSqlConnection for .net core web api project. Current PostgreSQL server has been move to another one and need to connect using the client certificates. We are provided with 3 certificate files named client-cert.pem, client-key.pem and server-ca.pem. I was able to connect to the server using the client cert & key files through the pgAdmin from browser. But, I'm not able to connect from my code. Tried several methods from internet but still I'm getting the below error.

{28000:连接需要有效的客户端证书"}

{"28000: connection requires a valid client certificate"}

我正在尝试的代码片段如下.

The code snippet I'm trying is given below.

var connectionString = "User ID=" + _dOptions.Value.AuthenticationCredentials.UserName
               + ";Password=" + _dOptions.Value.AuthenticationCredentials.PassWord
               + ";Server=" + _dOptions.Value.Server
               + ";Port=" + _dOptions.Value.Port.ToString()
               + ";Database=" + _dOptions.Value.Database
               + ";Integrated Security=true;Pooling=true;SSL Mode=Require;Trust Server Certificate=true";

_con = new NpgsqlConnection(connectionString);
_con.ProvideClientCertificatesCallback += new ProvideClientCertificatesCallback(MyClientCertificates);

private void MyClientCertificates(X509CertificateCollection certificates)
{
      var cert = new X509Certificate("C:\\Users\\c-Anish\\Documents\\cloud_sql_replica_certs\\DEV\\client-cert.pem");
      certificates.Add(cert);
}

此外，这里我们仅使用名为 client-cert.pem 的客户端证书，但是，我认为我们可能需要使用 client-key.pem ?如果是这样，我该如何添加?我在这里错过了什么?

Also, here we are using only the client certificate named client-cert.pem, but, I think we may need to use the client-key.pem ? If so, how can I add that ? What am I missing here ?

如果我遇到这个问题，任何帮助将不胜感激.

Any help will be highly appreciated as I'm stuck with this issue.

推荐答案

我得到了一个解决方案，并想在这里发布它，这可能会帮助面临类似问题的其他人.

I got a solution for this and thought of posting it here which may help others who are facing the similar issue.

它不适用于 .pem 文件.我已使用以下命令将其转换为 .pfx 文件，并且开始正常工作.

It didn't worked with .pem files. I have converted it to a .pfx file using the below command and it started working fine.

openssl pkcs12 -inkey C:\Certs\client-key.pem -in C:\Certs\client-cert.pem -export -out C:\Certs\client-cert.pfx

参考:证书认证支持

编辑

我没有创建物理 pfx 文件，而是能够组合两个 pem 文件并使其工作.下面给出代码片段以供日后参考.

Instead of creating the physical pfx file, I was able to combine the two pem files and got it worked. Code snippet is given below for someone for reference in future.

public X509Certificate2 GetCombinedCertificateAndKey(string certificatePath, string privateKeyPath)
    {
        using var publicKey = new X509Certificate2(certificatePath);

        var privateKeyText = System.IO.File.ReadAllText(privateKeyPath);
        var privateKeyBlocks = privateKeyText.Split("-", StringSplitOptions.RemoveEmptyEntries);
        var privateKeyBytes = Convert.FromBase64String(privateKeyBlocks[1]);
        using var rsa = RSA.Create();

        if (privateKeyBlocks[0] == "BEGIN PRIVATE KEY")
        {
            rsa.ImportPkcs8PrivateKey(privateKeyBytes, out _);
        }
        else if (privateKeyBlocks[0] == "BEGIN RSA PRIVATE KEY")
        {
            rsa.ImportRSAPrivateKey(privateKeyBytes, out _);
        }

        var keyPair = publicKey.CopyWithPrivateKey(rsa);
        var Certificate = new X509Certificate2(keyPair.Export(X509ContentType.Pfx));
        return Certificate;
    }

这篇关于Npgsql 与 .net core web api 中的 ssl 证书的连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！