Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚". [英] Xamarin Android issue connecting via HTTPS to site with self-signed certificate: "Trust anchor for certification path not found."
问题描述
我正在尝试对具有 2 个 SSL 证书的站点进行 HTTPS 调用:一个自签名证书和一个由第一个证书签名的证书.当我使用 HttpClient 向站点发送请求时,控制台会记录一个不受信任的链,显示两个证书,然后打印由 java.security.cert.CertPathValidatorException: Trust anchor for Certification 引起的长堆栈跟踪未找到路径
.
I am trying to make HTTPS calls to site that has 2 SSL certificates: a self-signed certificate and a certificate that was signed by the the first certificate. When I use an HttpClient to send a request to the site, the console logs an untrusted chain, shows both certificates, then print a long stack trace of that is caused by java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
.
我已在手机上安装了这两个证书,将 Chrome 导航到该站点显示受信任的连接(在我安装证书之前,它有一个不受信任的连接警告).我认为问题在于该应用程序拒绝信任自签名证书.我无权访问服务器,因此对其证书没有影响,因此安装由受信任 CA 签署的证书是不可行的.
I have installed both certificates on my phone and navigating Chrome to the site shows a trusted connection (it had an untrusted connection warning before I installed the certificates). I believe the issue is that the App refuses to trust self-signed certificates. I do not have access to the server and thus have no influence on its certificates, so installing a certificate signed by a trusted CA is not viable.
ServicePointManager.ServerCertificateValidationCallback 似乎没有运行.
我尝试将自己的函数用于 ServicePointManager.ServerCertificateValidationCallback
,但我给它的委托似乎从未运行过.我的 MainActivity.OnCreate 方法中有以下代码,但控制台从不记录消息:
I have tried using my own function for ServicePointManager.ServerCertificateValidationCallback
, but the delegate I give it never seems to run. I have the following code in my MainActivity.OnCreate method, but the console never logs the message:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) =>
{
Console.WriteLine($"****************************************************************************************************");
return true;
};
HttpClientHandler.ServerCertificateCustomValidationCallback 引发异常.
我尝试使用 HttpClientHandler
并设置它的 ServerCertificateCustomValidationCallback
,但我只收到消息:
I have tried using an HttpClientHandler
and settings its ServerCertificateCustomValidationCallback
, but I just get the message:
System.NotImplementedException:方法或操作未实现.在 System.Net.Http.HttpClientHandler.set_ServerCertificateCustomValidationCallback (System.Func`5[T1,T2,T3,T4,TResult] 值)
.
设置代码:
HttpClientHandler handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback = (message, cert, chain, errors) => true;
HttpClient client = new HttpClient(handler);
推荐答案
我能够让它在 Android 和 iOS 中都能运行.
I was able to get this to work in both Android and iOS.
iOS 很简单,只需覆盖 ServicePointManager.ServerCertificateValidationCallback
:
iOS was easy, just override ServicePointManager.ServerCertificateValidationCallback
:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
对于 Android 我使用了Bruno Caceiro 对类似问题的回答 和创建的依赖服务.
For Android I used Bruno Caceiro's answer from a similar question and a created Dependency Service.
在我的 Xamarin Forms 项目中,我添加了一个简单的界面:
In my Xamarin Forms project I added a simple interface:
public interface IHTTPClientHandlerCreationService
{
HttpClientHandler GetInsecureHandler();
}
在我的 Xamarin Android 项目中,我实现了接口:
And in my Xamarin Android project I implemented the interface:
[assembly: Dependency(typeof(HTTPClientHandlerCreationService_Android))]
namespace MyApp.Droid
{
public class HTTPClientHandlerCreationService_Android : CollateralUploader.Services.IHTTPClientHandlerCreationService
{
public HttpClientHandler GetInsecureHandler()
{
return new IgnoreSSLClientHandler();
}
}
internal class IgnoreSSLClientHandler : AndroidClientHandler
{
protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
{
return SSLCertificateSocketFactory.GetInsecure(1000, null);
}
protected override IHostnameVerifier GetSSLHostnameVerifier(HttpsURLConnection connection)
{
return new IgnoreSSLHostnameVerifier();
}
}
internal class IgnoreSSLHostnameVerifier : Java.Lang.Object, IHostnameVerifier
{
public bool Verify(string hostname, ISSLSession session)
{
return true;
}
}
}
共享代码以正确设置 HttpClient:
Shared code to correctly set up the HttpClient:
switch (Device.RuntimePlatform)
{
case Device.Android:
this.httpClient = new HttpClient(DependencyService.Get<Services.IHTTPClientHandlerCreationService>().GetInsecureHandler());
break;
default:
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
this.httpClient = new HttpClient(new HttpClientHandler());
break;
}
这篇关于Xamarin Android 问题通过 HTTPS 连接到使用自签名证书的站点:“未找到证书路径的信任锚".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!