HttpWebRequest请求中使用安全证书的方法

中,我们会使用或HttpWebResponse来发送一个客户端数字证书,具体的方法:

方法一:使用X509Certificate证书类读取数字证书文件 (*.cer),之后将证书附加到请求()当中去:

public void GetResponseString(string uri)
{
	try
	{ 
		X509Certificate Cert = X509Certificate.CreateFromCertFile("C:\\证书.cer"); //证书存放的绝对路径
		ServicePointManager.CertificatePolicy = new CertPolicy(); //处理来自证书服务器的错误信息
		HttpWebRequest Request = (HttpWebRequest)WebRequest.Create(uri);//要访问的像https://要访问的地址/mitchellchu/test.aspx,要用SSL访问的地址
		Request.ClientCertificates.Add(Cert);
		Request.UserAgent = "Mitchell Chu robot test"; // 使用的客户端,如果服务端没有要求可以随便填写
		Request.Method = "GET"; // 请求的方式:POST/GET
		using(HttpWebResponse Response = (HttpWebResponse)Request.GetResponse()) //获取Response
		{
			using(StreamReader sr = new StreamReader(Response.GetResponseStream(), Encoding.Default))
			{
				int count;
				char [] ReadBuf = new char[1024];
				do
				{
					count = sr.Read(ReadBuf, 0, 1024);
					if (0 != count)
					{
						Console.WriteLine(new string(ReadBuf));
					}
				}while(count > 0);
			}
		}
	}
	catch(Exception e)
	{
		Console.WriteLine(e.Message);
	}
		
}


class CertPolicy: ICertificatePolicy
{
	public bool CheckValidationResult(ServicePoint srvPoint
		, X509Certificate certificate, WebRequest request, int certificateProblem)
	{
		// 你可以在这里加上证书检验的方法,错误值可以在WinError.h中获得
		// 这里只是简单的返回true,任何证书都可以正常的使用。
		return true;
	}
}

 优点:简单方便

缺点:需要,如果没有,需要先导出证书文件方可使用。

 

方法二: 使用 CryptoAPI 调用,之后获取证书集合,找到需要使用的证书,以X509Certificate对象形式返回,并附加在请求(HttpWebRequest 或)中发送证书。

/*
该案例来源于微软官方网站
@MitchellChu
*/
using System;
using System.Net;
using System.IO;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Runtime.InteropServices;

namespace SelectClientCert
{
	class MyCerts{

		private static int CERT_STORE_PROV_SYSTEM = 10;
		private static int CERT_SYSTEM_STORE_CURRENT_USER = (1 << 16);
		///private static int CERT_SYSTEM_STORE_LOCAL_MACHINE = (2 << 16);

		#region 引入扩展方法
		[DllImport("CRYPT32", EntryPoint="CertOpenStore", CharSet=CharSet.Unicode, SetLastError=true)]
		public static extern IntPtr CertOpenStore(
			int storeProvider, int encodingType,
			int hcryptProv, int flags, string pvPara);

		[DllImport("CRYPT32", EntryPoint="CertEnumCertificatesInStore", CharSet=CharSet.Unicode, SetLastError=true)]
		public static extern IntPtr CertEnumCertificatesInStore(
			IntPtr storeProvider,
			IntPtr prevCertContext);

		[DllImport("CRYPT32", EntryPoint="CertCloseStore", CharSet=CharSet.Unicode, SetLastError=true)]
		public static extern bool CertCloseStore(
			IntPtr storeProvider,
			int flags);
		#endregion
		
		X509CertificateCollection m_certs;

		public MyCerts(){
			m_certs = new X509CertificateCollection();
		}

		public int Init()
		{
			IntPtr storeHandle;
			storeHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, "MY");
			IntPtr currentCertContext;
			currentCertContext = CertEnumCertificatesInStore(storeHandle, (IntPtr)0);
			int i = 0;
			while (currentCertContext != (IntPtr)0) 
			{
				m_certs.Insert(i++, new X509Certificate(currentCertContext));
				currentCertContext = CertEnumCertificatesInStore(storeHandle, currentCertContext);
			}
			CertCloseStore(storeHandle, 0);

			return m_certs.Count;
		}
		
		public X509Certificate this [int index]
		{
			get 
			{
				// Check the index limits.
				if (index < 0 || index > m_certs.Count)
					return null;
				else
					return m_certs[index];
			}
		}
	};
	class MyHttpResource
	{
		String m_url;

		public MyHttpResource(string url){
			m_url = url;
		}

		public void GetFile(){

			HttpWebResponse  result = null;

			try{
			
				HttpWebRequest req = (HttpWebRequest)WebRequest.Create(m_url);
				req.Credentials  = CredentialCache.DefaultCredentials;

				///Method1
				//req.ClientCertificates.Add(X509Certificate.CreateFromCertFile("D:\\Temp\\cert\\c1.cer"));
		
				///Method2
				///Uses interop services
				MyCerts mycert = new MyCerts();
				if(mycert.Init() > 0)
					req.ClientCertificates.Add(mycert[0]);

				result = (HttpWebResponse)req.GetResponse();
				
				Stream ReceiveStream = result.GetResponseStream();
				Encoding encode = System.Text.Encoding.GetEncoding("utf-8");

				StreamReader sr = new StreamReader( ReceiveStream, encode );
				Console.WriteLine("\r\nResponse stream received");

				Char[] read = new Char[256];
				int count = sr.Read( read, 0, 256 );

				Console.WriteLine("HTTP Response...\r\n");
				while (count > 0) 
				{
					String str = new String(read, 0, count);
					Console.Write(str);
					count = sr.Read(read, 0, 256);
				}

			} 
			catch(WebException e) 
			{
            
				Console.WriteLine("\r\nError:");
				#if (DEBUG)
					Console.WriteLine(e.ToString());
				#else		
					Console.WriteLine(e.Message); 				
				#endif

			} 
			finally 
			{
				if ( result != null ) {
					result.Close();
				}
			}
				
		}
	
	}

	class CertSample
	{
		static void Main(string[] args)
		{
			try
			{
				if (args.Length < 1)
				{
					Console.WriteLine("No url is entered to download, returning.\n");
					Console.WriteLine("Usage: CertSample <urltoget>\n");
					Console.WriteLine("  e.g: CertSample https://servername \n"); 

					return;
				}

				MyHttpResource hr = new MyHttpResource(args[0]);
				hr.GetFile();
			}
			catch(Exception e)
			{
				Console.WriteLine(e.ToString());
			}
			return;
		}
	}
}

优点:无需导出文件,直接在系统中查找需要的证书

缺点:需要引用系统方法

Tuesday, August 27, 2013 | .NET技术

文章评论

No comments posted yet.

发表评论

Please add 2 and 3 and type the answer here:

关于博主

  一枚成分复杂的网络IT分子,属于互联网行业分类中的杂牌军。