我正在尝试实现一种方法,使浏览器(即IE)连接到网站,并仅在证书存储中显示与站点服务器接受的用户证书匹配的相关用户证书。 WireShark Capture显示了我尝试在变量数组中捕获的数据的示例。 enter image description here 这是用于Windows PowerShell。
# url encode the uri
$RequestURI = [uri]::EscapeUriString($NonceURI)
$httpsString = "https://"
$BaseURL_DNS = $BaseURL
$BaseURL_DNS = $BaseURL_DNS.Replace($httpsString, "")
$baseURL_escaped = [uri]::EscapeUriString($BaseURL_DNS)
# gets Current User Store
# "My" is store name for personal store on windows
# "CurrentUser" is enum value of System.Security.Cryptography.X509Certificates.StoreLocation
# "LocalMachine" is alternate value
# x509Store can be used with type X509CertificateCollection
$PersonalUserStore = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "CurrentUser")
# ReadOnly and OpenExistingOnly are enum values of System.Security.Cryptography.X509Certificates.OpenFlags
$PersonalUserStore.Open("ReadOnly,OpenExistingOnly")
# gets only the valid certificates from the personal user store
$CurrentDateTime = Get-Date
$ValidCertificates = $PersonalUserStore.Certificates.Find("FindByTimeValid",$CurrentDateTime,$false)
$certCollection_Type = $ValidCertificates.GetType()
#$baseURL_Request = [System.Net.WebRequest]::Create($baseURL_escaped)
#$webSocket = [System.Net.WebSockets.WebSocketContext.RequstUri]
$client_TLS = New-Object System.Net.Sockets.TcpClient
#$tlsProtocol = New-Object System.Security.Authentication.SslProtocols
$client_TLS.Connect($baseURL_escaped, 443)
#$client_TLS.Write($dataToSubmit, 0, $dataToSubmit.Length)
$sender = New-Object System.Object
$ssl_Connect_Stream = New-Object System.Net.Security.SslStream($client_TLS.GetStream())
#Authenticate to Server As Client (computerName of target HostName, Empty Cert Collection, Enum Value of TLS Protocol, and Check Revocation Value of FALSE)
$ssl_Connect_Stream.AuthenticateAsClient($baseURL_escaped, $null, 'Tls', $false)
$remoteCert = $ssl_Connect_Stream.RemoteCertificate
$test = [System.Net.ServicePointManager]::ServerCertificateValidationCallback
[string[]] $acceptableIssuers
$sslCert_Callback = New-Object System.Net.Security.LocalCertificateSelectionCallback($sender, $baseURL_escaped, $ValidCertificates, $null, $acceptableIssuers)
#$sslServer_Callback = New-Object System.Net.Security.ServerCertificateSelectionCallback($sender, $baseURL_escaped)
#$transContext = $ssl_Connect_Stream.TransportContext().ToSting()
$textConext = $transContext.ToString()
#$ssl_Connect_Stream.Write()
我希望看到一个子变量,其中包含该网站以外的所有证书颁发机构(CA)的值。
我希望$ remoteCert变量仅包含证书链,但仅包含站点的单个证书。
当我尝试执行该行来分配$ sslCert_Callback变量时,我收到错误消息:““找不到LocalCertificateSelectionCallback的重载”和参数计数5。“'
使用$ PSVersionTable命令,我确认我的Powershell版本是2.0,因此不支持“ System.Net.Security.ServerCertificateSelectionCallback”,所以我不能使用它('https://docs.microsoft.com/en-us/dotnet/api/system.net.security.servercertificateselectioncallback?view=netstandard-2.1')