问题描述
我们正在研究如何将自定义RSA实现与HttpClient集成。 我们正在使用以下测试用例(出于隐私考虑,对其进行了稍微编辑)。 它成功完成。 我们正在.NET Framework 4.7.2中运行测试。
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Operators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.Utilities;
using Org.BouncyCastle.X509;
namespace test
{
[TestClass]
public class ExchangeTest
{
[TestMethod]
public void Smoke ()
{
var keys = GenerateKeys();
var certificate = GenerateCertificate(keys);
Assert.IsNotNull(certificate);
var http = new httpclienthandler();
http.SslProtocols = SslProtocols.Tls12;
http.ClientCertificates.Add(certificate);
http.ClientCertificateOptions = ClientCertificateOption.Manual;
http.ServerCertificateCustomValidationCallback = (message,certificate2,chain,errors) => { return true; };
var httpClient = new HttpClient(http);
var response = httpClient.GetAsync("https://localhost:12345/api/v1").Result;
Assert.IsNotNull(response);
}
public static X509Certificate2 GenerateCertificate(RSA keys)
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WITHRSA",DotNetUtilities.GetKeyPair(keys).Private,random);
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetPublicKey(DotNetUtilities.GetKeyPair(keys).Public);
var subjectDN = new X509Name("CN=Test,C=BR");
certificateGenerator.SetSubjectDN(subjectDN);
var serialNumber = BigIntegers.CreaterandomInRange(BigInteger.One,BigInteger.ValueOf(Int64.MaxValue),random);
certificateGenerator.SetIssuerDN(subjectDN);
certificateGenerator.SetSerialNumber(serialNumber);
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
var certificate = certificateGenerator.Generate(signatureFactory);
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(DotNetUtilities.GetKeyPair(keys).Private);
var rsa = RsaPrivateKeyStructure.GetInstance(info.ParsePrivateKey());
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus,rsa.PublicExponent,rsa.PrivateExponent,rsa.Prime1,rsa.Prime2,rsa.Exponent1,rsa.Exponent2,rsa.Coefficient);
var x509 = new X509Certificate2(certificate.GetEncoded());
return x509.copyWithPrivateKey(DotNetUtilities.ToRSA(rsaparams));
}
public static RSA GenerateKeys()
{
return RSA.Create(2048);
}
}
}
当我们减少这些行时:
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(DotNetUtilities.GetKeyPair(keys).Private);
var rsa = RsaPrivateKeyStructure.GetInstance(info.ParsePrivateKey());
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus,rsa.Coefficient);
var x509 = new X509Certificate2(certificate.GetEncoded());
return x509.copyWithPrivateKey(DotNetUtilities.ToRSA(rsaparams));
包含以下几行:
var x509 = new X509Certificate2(certificate.GetEncoded());
return x509.copyWithPrivateKey(keys);
代码编译成功,但测试失败,并显示System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
对于C#和.NET来说,我们相对较新。 我们错过了什么吗? 我们该如何调试呢?
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)