如何使用 WCF 连接 Apple 的 GSX NewGeneration 网络服务? [英] How can I connect with Apple's GSX NewGeneration webservices with WCF?

问题描述

从 2015 年 8 月 15 日起，Apple 的 GSX 网络服务将升级到更安全的版本，每个请求都需要客户端 SSL 证书.我需要采取哪些步骤才能使用 WCF 框架和 C#.NET 连接到这个新一代网络服务?

Starting August 15 2015, the GSX webservices from Apple will be upgraded to a more secure version, requiring a clientside SSL certificate for each request. What steps do I need to take to connect to this New Generation webservice using the WCF framework with C#.NET?

Apple 的文档指出，第一步是生成 CSR(证书签名请求)，将其发送给 Apple，他们将返回证书以确保未来的连接安全.

The documentation from Apple states the first step is to generate a CSR (Certificate Signing Request), send this to Apple and they will return a certificate to secure the future connections with.

我如何生成此 CSR?我接下来需要采取哪些步骤才能成功连接并获得有效响应?

How can I generate this CSR? What steps do I need to take next to successfully connect and get a valid response?

以上和之前的Find My iPhone webservice实现给我带来了相当大的麻烦，希望能帮到其他用户.

The above and the previous Find My iPhone webservice implementation caused me a relative great deal of trouble, I hope this helps other users out.

(注意，我想添加 apple-gsx 标签，但我没有所需的声望)

(N.B. I'd like to add the apple-gsx tag, but I don't have the required reputation)

推荐答案

为了成功调用 webservice，需要执行以下步骤:

In order to call the webservice succesfully the following steps need to have taken place:

1. 确保您已安装 OpenSSL 并正常工作
2. 生成密钥对:
   openssl genrsa -aes256 -out [NameOfPrivateKey].pem 2048
   保留此私钥私有，不要与任何人共享！
3. 出现提示时，选择一个安全密码并妥善保管.
4. 生成证书签名请求 (CSR):
   openssl req -new -sha256 -key [NameOfPrivateKeyFromStep2].pem -out [NameOfTheSigningRequest].csr
   当上述命令失败并显示警告:无法打开配置文件:/usr/local/ssl/openssl.cnf"时，运行命令 set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg 在管理员命令提示符下)
5. 将 .csr(证书签名请求)发送给 Apple，将 .key 保密.Apple 返回 .pem 证书文件

6. 确保 .pem 和 .key 的 MD5 匹配.以下命令的输出应该相同:

1. Make sure you have OpenSSL installed and working
2. Generate a key pair:
   openssl genrsa -aes256 -out [NameOfPrivateKey].pem 2048
   Keep this private key PRIVATE, don't share this with anyone!
3. When prompted, select a secure password and keep it safe.
4. Generate a certificate signing request (CSR):
   openssl req -new -sha256 -key [NameOfPrivateKeyFromStep2].pem -out [NameOfTheSigningRequest].csr
   When the above command fails with 'WARNING: can't open config file: /usr/local/ssl/openssl.cnf' run the command set OPENSSL_CONF=c:\[PATH TO YOUR OPENSSL DIRECTORY]\bin\openssl.cfg under an Admin command prompt)
5. Send the .csr (Certificate Signing Request) to Apple, keep the .key private. Apple returns a .pem certificate file

6. Make sure the MD5 of .pem and .key match. The output of the following commands should be identical:

openssl x509 -noout -modulus -in [CertificateReceivedFromApple].pem |openssl md5

openssl rsa -noout -modulus -in [NameOfPrivateKeyFromStep2].pem |openssl md5

将证书和密钥合并到一个 .p12 容器中 (更多信息在这里)

Combine the certificate and key into a single .p12 container (More info here)

openssl pkcs12 -export -in [CertificateReceivedFromApple].pem -inkey [NameOfPrivateKeyFromStep2].pem -out [FilenameOfNewKeyContainer].p12

出现提示时，选择一个安全密码并妥善保管.

When prompted, select a secure password and keep it safe.

让VisualStudio生成一个代理类，基于你可以从Apple下载的WSDL文件，例如叫它GsxWSEmeaAspService

Let VisualStudio generate a proxy class, based on the WSDL file you can download from Apple, for example call it GsxWSEmeaAspService

使用下面的代码，验证自己的身份.进一步调用需要 userSessionId 以实际发送或接收数据.

Using the code below, authenticate yourself. The userSessionId is needed for further calls to actually send or receive data.

public void Authenticate() {
    using (GsxWSEmeaAspService client = new GsxWSEmeaAspService()) {
        X509Certificate2 cert = new X509Certificate2(
            [PathToContainerFromStep7].p12"),
            [YourPasswordFromStep8],
            X509KeyStorageFlags.MachineKeySet);
        client.ClientCertificates.Add(cert);

        GsxWSEmeaAspService.authenticateRequestType req = new GsxWSEmeaAspService.authenticateRequestType();
        req.languageCode = "EN";
        req.serviceAccountNo = [YourAppleServiceAccountNumber];
        req.userId = [YourUserID];
        req.userTimeZone = "CEST";

        client.Proxy = null;

        GsxWSEmeaAspService.authenticateResponseType res = client.Authenticate(req);
        userSessionId = res.userSessionId;
    }
}

确保您没有运行任何 http 代理，例如 Fiddler，因为当一个代理处于活动状态时请求将失败.在 SoapUI 中运行请求也是如此:代理设置需要关闭.

Make sure you're not running any http proxies such as Fiddler, because the request will fail when one is active. This is also true for running the requests in SoapUI: the proxy setting needs to be off.

(注意，抱歉，无法说服解析器正确格式化，欢迎提供任何帮助..)

(N.B. Sorry, unable to convince the parser to format this properly, any help is welcome..)

这篇关于如何使用 WCF 连接 Apple 的 GSX NewGeneration 网络服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！