Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚". [英] Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."

问题描述

我正在尝试对具有 2 个 SSL 证书的站点进行 HTTPS 调用:一个自签名证书和一个由第一个证书签名的证书.当我使用 HttpClient 向站点发送请求时，控制台会记录一个不受信任的链，显示两个证书，然后打印由 java.security.cert.CertPathValidatorException: Trust anchor for Certification 引起的长堆栈跟踪未找到路径.

I am trying to make HTTPS calls to site that has 2 SSL certificates: a self-signed certificate and a certificate that was signed by the the first certificate. When I use an HttpClient to send a request to the site, the console logs an untrusted chain, shows both certificates, then print a long stack trace of that is caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

我已在手机上安装了这两个证书，将 Chrome 导航到该站点显示受信任的连接(在我安装证书之前，它有一个不受信任的连接警告).我认为问题在于该应用程序拒绝信任自签名证书.我无权访问服务器，因此对其证书没有影响，因此安装由受信任 CA 签署的证书是不可行的.

I have installed both certificates on my phone and navigating Chrome to the site shows a trusted connection (it had an untrusted connection warning before I installed the certificates). I believe the issue is that the App refuses to trust self-signed certificates. I do not have access to the server and thus have no influence on its certificates, so installing a certificate signed by a trusted CA is not viable.

ServicePointManager.ServerCertificateValidationCallback 似乎没有运行.

我尝试将自己的函数用于 ServicePointManager.ServerCertificateValidationCallback，但我给它的委托似乎从未运行过.我的 MainActivity.OnCreate 方法中有以下代码，但控制台从不记录消息:

I have tried using my own function for ServicePointManager.ServerCertificateValidationCallback, but the delegate I give it never seems to run. I have the following code in my MainActivity.OnCreate method, but the console never logs the message:

System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
  Console.WriteLine($"****************************************************************************************************");

  return true;
};

HttpClientHandler.ServerCertificateCustomValidationCallback 引发异常.

我尝试使用 HttpClientHandler 并设置它的 ServerCertificateCustomValidationCallback，但我只收到消息:

I have tried using an HttpClientHandler and settings its ServerCertificateCustomValidationCallback, but I just get the message:

System.NotImplementedException:方法或操作未实现.在 System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] 值).

设置代码:

HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
HttpClient client = new HttpClient(handler);

推荐答案

我能够让它在 Android 和 iOS 中都能运行.

I was able to get this to work in both Android and iOS.

iOS 很简单，只需覆盖 ServicePointManager.ServerCertificateValidationCallback:

iOS was easy, just override ServicePointManager.ServerCertificateValidationCallback:

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;

对于 Android 我使用了Bruno Caceiro 对类似问题的回答 和创建的依赖服务.

For Android I used Bruno Caceiro's answer from a similar question and a created Dependency Service.

在我的 Xamarin Forms 项目中，我添加了一个简单的界面:

In my Xamarin Forms project I added a simple interface:

public interface IHTTPClientHandlerCreationService
{
  HttpClientHandler GetInsecureHandler();
}

在我的 Xamarin Android 项目中，我实现了接口:

And in my Xamarin Android project I implemented the interface:

[assembly: Dependency(typeof(HTTPClientHandlerCreationService_Android))]
namespace MyApp.Droid
{
  public class HTTPClientHandlerCreationService_Android : CollateralUploader.Services.IHTTPClientHandlerCreationService
  {
    public HttpClientHandler GetInsecureHandler()
    {
      return new IgnoreSSLClientHandler();
    }
  }

  internal class IgnoreSSLClientHandler : AndroidClientHandler
  {
    protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
    {
      return SSLCertificateSocketFactory.GetInsecure(1000, null);
    }

    protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
    {
      return new IgnoreSSLHostnameVerifier();
    }
  }

  internal class IgnoreSSLHostnameVerifier : Java.Lang.Object, IHostnameVerifier
  {
    public bool Verify(string hostname, ISSLSession session)
    {
      return true;
    }
  }
}

共享代码以正确设置 HttpClient:

Shared code to correctly set up the HttpClient:

switch (Device.RuntimePlatform)
{
  case Device.Android:
    this.httpClient = new HttpClient(DependencyService.Get<Services.IHTTPClientHandlerCreationService>().GetInsecureHandler());
    break;
  default:
    ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
    this.httpClient = new HttpClient(new HttpClientHandler());
    break;
}

这篇关于Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚".的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！