我正在使用证书授权方法,下面是我的代码,它不断向我返回“请求已中止:无法创建 SSL/TLS 安全通道”。我不确定将我的证书授权给 API Gateway 的正确程序是什么。
public static Courses RetrieveCourses()
{
var model = new Courses();
//url settings
var hostname = "https://api.ssg-wsg.sg";
var URL = hostname + "/skillsFramework/sectors";
//Certificates
var folderpath = System.AppDomain.CurrentDomain.BaseDirectory;
X509Certificate Cert1 = X509Certificate.CreateFromCertFile(folderpath + "cert.pem");
//private key
var bytesToDecrypt = RsaProviderFromPrivateKeyInPemFile(folderpath + "key.pem"); //Convert.FromBase64String(privateKeyPem.ToString());
X509Certificate2 certificate = new X509Certificate2(Cert1);
certificate.PrivateKey = bytesToDecrypt;
var output = new JObject();
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(URL);
request.Method = "GET";
request.ClientCertificates.Add(certificate);
request.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);
using (HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse())
{
if (webResponse.StatusCode == HttpStatusCode.OK)
{
try
{
using (Stream webStream = webResponse.GetResponseStream() ?? Stream.Null)
using (StreamReader responseReader = new StreamReader(webStream))
{
string response = responseReader.ReadToEnd();
output = JObject.Parse(response);
}
}
catch (WebException ex)
{
WebResponse errorResponse = ex.Response;
using (Stream responseStream = errorResponse.GetResponseStream())
{
StreamReader reader = new StreamReader(responseStream, Encoding.GetEncoding("utf-8"));
String errorText = reader.ReadToEnd();
Log.Write("SFEC Courses API " + ex.Response + " " + ex.Message + " -- Inner exception: " + ex.InnerException + " -- Stack: " + ex.StackTrace);
}
throw;
}
}
else
{
request.Abort();
}
}
}
catch (Exception ex)
{
Log.Write("API CALL: " + ex.Message + " -- Inner exception: " + ex.InnerException + " -- Stack: " + ex.StackTrace);
}
return model;
}
public static RSACryptoServiceProvider RsaProviderFromPrivateKeyInPemFile(string privateKeyPath)
{
using (TextReader privateKeyTextReader = new StringReader(File.ReadAllText(privateKeyPath)))
{
PemReader pr = new PemReader(privateKeyTextReader);
AsymmetricKeyParameter keyPair = (AsymmetricKeyParameter)pr.ReadObject();
RSAParameters rsaParams = DotNetUtilities.ToRSAParameters((RsaPrivateCrtKeyParameters)keyPair);
RSACryptoServiceProvider csp = new RSACryptoServiceProvider();
csp.ImportParameters(rsaParams);
return csp;
}
}
public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
Console.WriteLine("Validating certificate {0}", certificate.Issuer);
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Log.Write("Certificate error: {0}", sslPolicyErrors.ToString());
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
能否分享通过证书方法进行身份验证的正确方法是什么?谢谢。
答案 0 :(得分:0)
您似乎没有为 API 调用使用受支持的 TLS 版本和 SSL 密码。您可以参考常见问题 - 创建应用部分 (https://developer.ssg-wsg.sg/webapp/faq) 以获取有关支持的 SSL/TLS 的更多信息以及使用 https://github.com/ssg-wsg/community/tree/master/guides/certificate 中的证书方法连接到 API 网关的 GitHub 示例代码