(转)C# SSL-X509使用
X.509 给出的鉴别框架是一种基于公开密钥体制的鉴别业务密钥管理。一个用户有两把密钥:一把是用户的专用密钥(简称为:私钥),另一把是其他用户都可得到和利用的公共密钥(简称为:公钥)。该鉴别框架允许用户将其公开密钥存放在CA的目录项中。一个用户如果想与另一个用户交换秘密信息,就可以直接从对方的目录项中获得相应的公开密钥,用于各种安全服务。
Windows环境下,有三种方法:通过CA获取证书;通过微软提供的makecert 工具得到测试证书;编程的方法创建,.Net提供了X509Certificate2 类,该类可以用于创建证书,但只能从RawData中创建,创建后无法修改除FriendlyName以外的任何属性。
本文介绍第二种方法:
1)先进入到vs20**的命令行状态,即:开始-->程序-->Microsoft Visual Studio 20**-->Visual Studio Tools-->Visual Studio 20** 命令提示
2)键入:makecert -r -pe -n "CN=MyServer" -ss My -sky exchange
上面一行的意思就是制作一个CN=MyServer的服务器证书,默认存储在CurrentUser"My这个位置,同时这个证书标识为可导出。
(详细的MakeCert参数可参见http://msdn.microsoft.com/zh-cn/bfsktky3(vs.80).aspx)
3)再输入:makecert -r -pe -n "CN=MyClient" -ss My -sky exchange 生成客户端证书
4)查看:可以在IE里查看到,IE-->工具-->Internet选项-->内容-->证书
5)开始-->运行-->MMC : 添加/删除管理单元
6)添加“证书” ,“我的用户账户”
7)将“个人”下的对应证书复制到“受信任的根证书颁发机构”下证书目录,证书就可以使用了
本文参考:http://www.cnblogs.com/whtydn/archive/2009/12/23/1630750.html
http://blog.csdn.net/wyxhd2008/article/details/7962539
下面是whtydn的代码(http://www.cnblogs.com/whtydn/archive/2009/12/23/1630750.html)
using System;
using System.ServiceModel;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Text;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.IdentityModel.Tokens;
using System.IdentityModel.Selectors;
namespace ConsoleApp
{
public class Program
{
static X509Certificate serverCertificate = null;
public static void RunServer()
{
//serverCertificate = X509Certificate.CreateFromSignedFile(@"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\samool.pvk");
TcpListener listener = new TcpListener(IPAddress.Parse("192.168.20.139"), 901);
listener.Start();
while (true)
{
try
{
Console.WriteLine("Waiting for a client to connect...");
TcpClient client = listener.AcceptTcpClient();
ProcessClient(client);
}
catch
{
}
}
}
static void ProcessClient(TcpClient client)
{
SslStream sslStream = new SslStream(client.GetStream(), false);
try
{
sslStream.AuthenticateAsServer(serverCertificate, false, SslProtocols.Tls, true);
DisplaySecurityLevel(sslStream);
DisplaySecurityServices(sslStream);
DisplayCertificateInformation(sslStream);
DisplayStreamProperties(sslStream);
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
Console.WriteLine("Waiting for client message...");
string messageData = ReadMessage(sslStream);
Console.WriteLine("Received: {0}", messageData);
byte[] message = Encoding.UTF8.GetBytes("Hello from the server.");
Console.WriteLine("Sending hello message.");
sslStream.Write(message);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
sslStream.Close();
client.Close();
}
}
static string ReadMessage(SslStream sslStream)
{
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
if (messageData.ToString().IndexOf("") != -1)
{
break;
}
}
while (bytes != 0);
return messageData.ToString();
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}
static void DisplaySecurityServices(SslStream stream)
{
Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
Console.WriteLine("IsSigned: {0}", stream.IsSigned);
Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);
}
static void DisplayStreamProperties(SslStream stream)
{
Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite);
Console.WriteLine("Can timeout: {0}", stream.CanTimeout);
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus);
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.",
remoteCertificate.Subject,
remoteCertificate.GetEffectiveDateString(),
remoteCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Remote certificate is null.");
}
}
private static void DisplayUsage()
{
Console.WriteLine("To start the server specify:");
Console.WriteLine("serverSync certificateFile.cer");
//Environment.Exit(1);
}
public static void Main(string[] args)
{
//string certificate = null;
//if (args == null || args.Length < 1)
//{
// DisplayUsage();
//}
//certificate = args[0];
try
{
X509Store store = new X509Store(StoreName.My);
store.Open(OpenFlags.ReadWrite);
// 检索证书
X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "MyServer", false); // vaildOnly = true时搜索无结果。
if (certs.Count == 0) return;
serverCertificate = certs[0];
RunServer();
store.Close(); // 关闭存储区。
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
//return 0;
//try
//{
// Console.WriteLine("服务端输出:" + ServiceSecurityContext.Current.PrimaryIdentity.AuthenticationType);
// Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name);
// Console.WriteLine("服务端时间:" + DateTime.Now.ToString());
//}
//catch (Exception ex)
//{
// Console.WriteLine(ex.Message);
//}
//Console.ReadLine();
}
}
}
using System;
using System.Security;
using System.Net;
using System.Net.Sockets;
using System.Net.Security;
using System.Text;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
namespace ConsoleAppClient
{
using System;
using System.Collections;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Text;
using System.Security.Cryptography.X509Certificates;
using System.IO;
namespace Examples.System.Net
{
public class SslTcpClient
{
private static Hashtable certificateErrors = new Hashtable();
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
public static void RunClient(string machineName)
{
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName, 901);
Console.WriteLine("Client connected.");
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
// The server name must match the name on the server certificate.
//X509Store store = new X509Store(StoreName.My);
//store.Open(OpenFlags.ReadWrite);
//// 检索证书
//X509Certificate2Collection certs = store.Certificates.Find(X509FindType.FindBySubjectName, "MyServer", false); // vaildOnly = true时搜索无结果。
X509CertificateCollection certs = new X509CertificateCollection();
X509Certificate cert = X509Certificate.CreateFromCertFile(@"D:\cashcer.cer");
certs.Add(cert);
try
{
sslStream.AuthenticateAsClient("MyServer", certs, SslProtocols.Tls, false);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
client.Close();
return;
}
// Encode a test message into a byte array.
// Signal the end of the message using the "<EOF>".
byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.<EOF>");
// Send hello message to the server.
sslStream.Write(messsage);
sslStream.Flush();
// Read message from the server.
string serverMessage = ReadMessage(sslStream);
Console.WriteLine("Server says: {0}", serverMessage);
// Close the client connection.
client.Close();
Console.WriteLine("Client closed.");
}
static string ReadMessage(SslStream sslStream)
{
// Read the message sent by the server.
// The end of the message is signaled using the
// "<EOF>" marker.
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
// Use Decoder class to convert from bytes to UTF8
// in case a character spans two buffers.
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
// Check for EOF.
if (messageData.ToString().IndexOf("<EOF>") != -1)
{
break;
}
} while (bytes != 0);
return messageData.ToString();
}
private static void DisplayUsage()
{
Console.WriteLine("To start the client specify:");
Console.WriteLine("clientSync machineName [serverName]");
Environment.Exit(1);
}
public static void Main(string[] args)
{
string machineName = null;
machineName = "192.168.20.139";
try
{
RunClient(machineName);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
}
}
}
}
ValidateServerCertificate 是向服务器验证证书的方法,如果上面返回的SslPolicyErrors枚举值不是None你就应该检查你的证书是否正确, 是否添加到信任里面。
其它参考文章:http://www.cnblogs.com/chnking/archive/2007/08/18/860983.html
http://www.cnblogs.com/sleepingwit/archive/2008/10/30/1323334.html
(转)C# SSL-X509使用的更多相关文章
- ssl客户端与服务端通信的demo
服务端程序流程 #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <str ...
- SSL连接建立过程分析(1)
Https协议:SSL建立过程分析 web訪问的两种方式: http协议,我们普通情况下是通过它訪问web,由于它不要求太多的安全机制,使用起来也简单,非常多web网站也仅仅支持这样的方式下的訪问. ...
- Https协议:SSL建立过程分析(也比较清楚,而且有OpenSSL的代码)
web访问的两种方式: http协议,我们一般情况下是通过它访问web,因为它不要求太多的安全机制,使用起来也简单,很多web站点也只支持这种方式下的访问. https协议(Hypertext Tra ...
- ssl通信c实现
/*File:client.c *Auth:sjin *Date:2014-03-11 * */ #include <stdio.h>#include <string.h>#i ...
- OpenSSL编写SSL,TLS程序***
一.简介 SSL(Secure Socket Layer)是netscape公司提出的主要用于web的安全通信标准,分为2.0版和3.0版.TLS(Transport Layer Security)是 ...
- SSL握手通信详解及linux下c/c++ SSL Socket代码举例
SSL握手通信详解及linux下c/c++ SSL Socket代码举例 摘自:http://www.169it.com/article/3215130236.html 分享到:8 发布时 ...
- SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码)
SSL握手通信详解及linux下c/c++ SSL Socket代码举例(另附SSL双向认证客户端代码) 摘自: https://blog.csdn.net/sjin_1314/article/det ...
- 公钥、私钥、SSL/TLS、会话密钥、DES【转载】
原文链接:https://www.cnblogs.com/thbCode/p/5829719.html 一,公钥私钥1,公钥和私钥成对出现2,公开的密钥叫公钥,只有自己知道的叫私钥3,用公钥加密的数据 ...
- 公钥、私钥、SSL/TLS、会话密钥、DES
一,公钥私钥 1,公钥和私钥成对出现 2,公开的密钥叫公钥,只有自己知道的叫私钥 3,用公钥加密的数据只有对应的私钥可以解密 4,用私钥加密的数据只有对应的公钥可以解密 5,如果可以用公钥解密,则必然 ...
- 我的MYSQL学习心得(十三) 权限管理
我的MYSQL学习心得(十三) 权限管理 我的MYSQL学习心得(一) 简单语法 我的MYSQL学习心得(二) 数据类型宽度 我的MYSQL学习心得(三) 查看字段长度 我的MYSQL学习心得(四) ...
随机推荐
- web压力测试 - http_load
http_load是基于linux平台的一个性能测工具 非常小巧易用,可以用并行方式运行,来测试web服务器的性能 测试方式 (1)准备测试url vim url.txt 填写要测试的url,可以写多 ...
- 如何将XSD文件以及引入import的文件生成相应的C#类。
下将微软的 Sample Code Generator 1.4.2.1 如果链接不可以用,请到google上搜索,并安装. 拷贝要生成的XSD相关文件到安装目录,MS-DOS下进入安装目录. 执行命令 ...
- 【Reporting Services 报表开发】— 矩阵的使用
矩阵,相较于数据表示一维的数据,只能指定固定的数据列,来呈现动态的明细数据行,所以,它可以说是种二维的数据展现形式,让我们能够很容易地从数据行和数据集的交替中查看对应的汇总信息.像SQL Server ...
- [原]Fedora 20安装记录
Fedora是我最喜欢的Linux版本,很长时间以来我都在安装使用.近一年多以来一直在搞一个C#相关的开发,很久都没有接触Fedora了,我上一次使用的版本还是Fedora 17.本以为作为一个“老” ...
- Struts2 - Convertion
Struts2中的Convertion插件是比较有用,它可以简化很多操作,比如不需要一个一个Action在struts.xml中设置.当然,最有意义的是它与rest插件一起整合使用,可以完成web-s ...
- 从客户端中检测到有潜在危险的Request.Form值 的解决方法
在提交表单时候,asp.net 提示:"从客户端(......)中检测到有潜在危险的 Request.Form 值" .asp.net中的请求验证特性提供了某一等级的保护措施防止X ...
- BeX5平台简明部署过程
http://wex5.com/cn/concise-deployment/ BeX5平台简明部署过程 该文章主要介绍BeX5平台开发完成后,资源部署至正式环境的过程. 一. 获取BeX5企业快速开发 ...
- [运维-服务器 – 2A] – nginx下绑定域名
这个篇文章今天(2016-01-21)才有幸写了,因为自己对nginx部署以前没玩过,还得感谢下我们数字化的总经理.在这里记录下自己成长的经验,与遇到的问题. 因为自己的域名是在万网上买的,解析无法直 ...
- c++学习-特殊类成员
静态变量: #include<iostream> #include<string> #include <typeinfo> using namespace std; ...
- KEIL编译错误总结:
1 expected an identifier:#define宏定义常量后,如果再用前面定义的常量作为枚举常量就会报错,方法,去掉#define宏定义