Xamarin.Android Http 客户端允许我从 KeyStore 添加客户端证书

debugcn 发表于 Dev

K.肯普斯基

我正在尝试添加从这种方法中获得的客户端证书：

    private X509Certificate[] GetCertificateChain(string alias)
    {
        try
        {
            return KeyChain.GetCertificateChain(this, alias);
        }
        catch (KeyChainException e)
        {

        }            

        return null;
    }

System.Net.Http.HttpClientHandler 不允许我添加客户端证书。抛出 NotImplemented 异常。有什么解决办法吗？也许其他Http客户端？

亚历克斯

您需要扩展AndroidClientHandler和覆盖ConfigureCustomSSLSocketFactory

public class HttpsClientHandler : AndroidClientHandler
{
    private static readonly Logger LOG = LogManager.GetLogger();

    private SSLContext sslContext;
    private readonly ITrustManager[] trustManagers;
    private IKeyManager[] keyManagers = null;

    public HttpsClientHandler() : base()
    {
        trustManagers = GetTrustManagers();
        sslContext = GetSSLContext();
    }

    private SSLContext GetSSLContext()
    {
        string protocol;
        if (SslProtocols == SslProtocols.Tls11)
        {
            protocol = "TLSv1.1";
        } else if (SslProtocols == SslProtocols.Tls || SslProtocols == SslProtocols.Tls12)
        {
            protocol = "TLSv1.2";
        } else
        {
            throw new IOException("unsupported ssl protocol: " + SslProtocols.ToString());
        }
        SSLContext ctx = SSLContext.GetInstance(protocol);
        ctx.Init(keyManagers, trustManagers, null);
        return ctx;
    }

    public new SslProtocols SslProtocols { get; set; } = SslProtocols.Tls12;

    public void SetClientCertificate(byte[] pkcs12, char[] password)
    {
        keyManagers = GetKeyManagersFromClientCert(pkcs12, password);
        SSLContext newContext = GetSSLContext();
        sslContext = newContext;
    }

    private ITrustManager[] GetTrustManagers()
    {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.GetInstance(TrustManagerFactory.DefaultAlgorithm);
        trustManagerFactory.Init((KeyStore)null);
        return trustManagerFactory.GetTrustManagers();
    }

    private IKeyManager[] GetKeyManagersFromClientCert(byte[] pkcs12, char[] password)
    {
        if (pkcs12 != null)
        {
            using (MemoryStream memoryStream = new MemoryStream(pkcs12))
            {
                KeyStore keyStore = KeyStore.GetInstance("pkcs12");
                keyStore.Load(memoryStream, password);
                KeyManagerFactory kmf = KeyManagerFactory.GetInstance("x509");
                kmf.Init(keyStore, password);
                return kmf.GetKeyManagers();
            }
        }
        return null;
    }

    protected override SSLSocketFactory ConfigureCustomSSLSocketFactory(HttpsURLConnection connection)
    {
        SSLSocketFactory socketFactory = sslContext.SocketFactory;
        if (connection != null)
        {
            connection.SSLSocketFactory = socketFactory;
        }
        return socketFactory;
    }
}

本文收集自互联网，转载请注明来源。

如有侵权，请联系[email protected] 删除。