SSL: SslStream, TcpClient
背景如下:
现有文件:clientKeyStore.jks,clientKeyStore.pfx,clientTrustStore.jks,clientTrustStore.pfx
通过这些证书文件部署ssl
使用 SslStream,TcpClient类
已使用的命名空间
using System.Net;//HttpWebRequest类
using System.Net.Sockets;//TcpClient
using System.Security.Cryptography.X509Certificates;//证书文件类
using System.Web.Security;
需求:银联Webservice
SSL 需要 “握手” 这个不会
然后通过HTTPS传送XML请求(这里的文档签名,已解决),接着...
[最优解释]
asp.net?
[其他解释]
public class SslTcpClient
{
private static Hashtable certificateErrors = new Hashtable();
//下面的方法调用由RemoteCertificateValidationDelegate。
public static bool ValidateServerCertificate(object sender,X509Certificate certificate,X509Chain chain,SslPolicyErrors sslPolicyErrors)
{
////此处报错 根据验证过程,远程证书无效。也就是这个地方了
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
//Console.WriteLine("Certificate error证书错误: {0}", sslPolicyErrors);
return false;
}
public static void RunClient(string machineName, string serverName)
{
//创建一个TCP / IP客户端套接字
TcpClient client = new TcpClient(machineName, 9090);
//Console.WriteLine("Client connected.");
//创建一个SSL流,将关闭客户端的流
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null
);
//服务器名称必须与服务器证书上的名称。
try
{
//sslStream.AuthenticateAsClient(serverName);
X509Certificate2 cert = new X509Certificate2(System.Web.HttpContext.Current.Server.MapPath("/ssl/clientKeyStore.pfx"), "123456");
X509Certificate2Collection collection = new X509Certificate2Collection();
if(cert != null)
{
collection.Add(cert);
}
//此处报错 根据验证过程,远程证书无效。
sslStream.AuthenticateAsClient(serverName, collection, SslProtocols.Default, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
client.Close();
return;
}
//编码成一个字节数组测试消息
byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.");
//服务器发送hello消息
sslStream.Write(messsage);
sslStream.Flush();
//读取从服务器的消息。
string serverMessage = ReadMessage(sslStream);
Console.WriteLine("Server says: {0}", serverMessage);
client.Close();
Console.WriteLine("Client closed.");
}
static string ReadMessage(SslStream sslStream)
{
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
if (messageData.ToString().IndexOf("") != -1)
{
break;
}
}
while (bytes != 0);
return messageData.ToString();
}
private static void DisplayUsage()
{
Console.WriteLine("To start the client specify:");
Console.WriteLine("clientSync machineName [serverName]");
Environment.Exit(1);
}
public static int Main(string[] args)
{
string serverCertificateName = "59.41.103.101";
string machineName = "59.41.103.101";
//if (args == null
[其他解释]
args.Length < 1)
//{
// DisplayUsage();
//}
////用户可以指定机器名和服务器名
////服务器名称必须与服务器的证书上的名称相匹配。
//machineName = args[0];
//if (args.Length < 2)
//{
// serverCertificateName = machineName;
//}
//else
//{
// serverCertificateName = args[1];
//}
X509Certificate2 objx509_kehu = new X509Certificate2(System.Web.HttpContext.Current.Server.MapPath("/ssl/clientKeyStore.pfx"), "123456");
serverCertificateName = objx509_kehu.Issuer;
SslTcpClient.RunClient(machineName, serverCertificateName);
return 0;
}
}
