SSL： SslStream， TcpClient

专心做码农 2012-04-11 11:21:24

背景如下：
现有文件：clientKeyStore.jks，clientKeyStore.pfx，clientTrustStore.jks，clientTrustStore.pfx
通过这些证书文件部署ssl
使用 SslStream，TcpClient类

已使用的命名空间
using System.Net;//HttpWebRequest类
using System.Net.Sockets;//TcpClient
using System.Security.Cryptography.X509Certificates;//证书文件类
using System.Web.Security;

需求：银联Webservice
SSL 需要 “握手” 这个不会

然后通过HTTPS传送XML请求（这里的文档签名，已解决）,接着...

...全文

558 11 打赏收藏转发到动态举报

写回复

用AI写文章

11 条回复

切换为时间正序

请发表友善的回复…

发表回复

王保臣企业管理软件开发 2014-12-06

打赏
举报

hi,我遇到了你帖子中的问题,总是提示"根据验证过程,远程证书无效",请问你是如何解决的?

nullnullcao 2012-12-10

打赏
举报

楼主,这个问题搞定了没??

anzhiqiang_touzi 2012-04-11

打赏
举报

mark, tcp端口啥的没问题吧，没接触过ssl。。。

kkgoose 2012-04-11

打赏
举报

mark, tcp端口啥的没问题吧，没接触过ssl。。。

专心做码农 2012-04-11

打赏
举报

[Quote=引用 3 楼的回复:]

asp.net?
[/Quote]
当然.net java的google一大堆可惜我不会JAVA

只能通过SslStream，TcpClient

//创建一个TCP / IP客户端套接字
TcpClient client = new TcpClient(machineName);

报错：服务器积极拒绝远程一切正常

林g 2012-04-11

打赏
举报

asp.net?

orochiheart 2012-04-11

打赏
举报

mingpei0703 2012-04-11

打赏
举报

专心做码农 2012-04-11

打赏
举报



public class SslTcpClient

    {

        private static Hashtable certificateErrors = new Hashtable();

        //下面的方法调用由RemoteCertificateValidationDelegate。

        public static bool ValidateServerCertificate(object sender,X509Certificate certificate,X509Chain chain,SslPolicyErrors sslPolicyErrors)

        {

            ////此处报错 根据验证过程，远程证书无效。也就是这个地方了

            if (sslPolicyErrors == SslPolicyErrors.None)

                return true;



            //Console.WriteLine("Certificate error证书错误: {0}", sslPolicyErrors);

            return false;

        }



        public static void RunClient(string machineName, string serverName)

        {

            //创建一个TCP / IP客户端套接字

            TcpClient client = new TcpClient(machineName, 9090);

            

            //Console.WriteLine("Client connected.");

            //创建一个SSL流，将关闭客户端的流

            SslStream sslStream = new SslStream(

                client.GetStream(),

                false,

                new RemoteCertificateValidationCallback(ValidateServerCertificate),

                null

                );

            //服务器名称必须与服务器证书上的名称。

            try

            {

                //sslStream.AuthenticateAsClient(serverName);



                X509Certificate2 cert = new X509Certificate2(System.Web.HttpContext.Current.Server.MapPath("/ssl/clientKeyStore.pfx"), "123456");

                X509Certificate2Collection collection = new X509Certificate2Collection();

                if(cert != null)

                {

                    collection.Add(cert);

                }

                //此处报错 根据验证过程，远程证书无效。

                sslStream.AuthenticateAsClient(serverName, collection, SslProtocols.Default, false);

            }

            catch (AuthenticationException e)

            {

                Console.WriteLine("Exception: {0}", e.Message);

                if (e.InnerException != null)

                {

                    Console.WriteLine("Inner exception: {0}", e.InnerException.Message);

                }

                Console.WriteLine("Authentication failed - closing the connection.");

                client.Close();

                return;

            }

            //编码成一个字节数组测试消息

            byte[] messsage = Encoding.UTF8.GetBytes("Hello from the client.");

            //服务器发送hello消息

            sslStream.Write(messsage);

            sslStream.Flush();

            //读取从服务器的消息。

            string serverMessage = ReadMessage(sslStream);

            Console.WriteLine("Server says: {0}", serverMessage);

            client.Close();

            Console.WriteLine("Client closed.");

        }

        static string ReadMessage(SslStream sslStream)

        {

            byte[] buffer = new byte[2048];

            StringBuilder messageData = new StringBuilder();

            int bytes = -1;

            do

            {

                bytes = sslStream.Read(buffer, 0, buffer.Length);

                Decoder decoder = Encoding.UTF8.GetDecoder();

                char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];

                decoder.GetChars(buffer, 0, bytes, chars, 0);

                messageData.Append(chars);

                if (messageData.ToString().IndexOf("") != -1)

                {

                    break;

                }

            }

            while (bytes != 0);

            return messageData.ToString();

        }

        private static void DisplayUsage()

        {

            Console.WriteLine("To start the client specify:");

            Console.WriteLine("clientSync machineName [serverName]");

            Environment.Exit(1);

        }

        public static int Main(string[] args)

        {

            string serverCertificateName = "59.41.103.101";

            string machineName = "59.41.103.101";

            //if (args == null || args.Length < 1)

            //{

            //    DisplayUsage();

            //}

            ////用户可以指定机器名和服务器名

            ////服务器名称必须与服务器的证书上的名称相匹配。

            //machineName = args[0];

            //if (args.Length < 2)

            //{

            //    serverCertificateName = machineName;

            //}

            //else

            //{

            //    serverCertificateName = args[1];

            //}

            X509Certificate2 objx509_kehu = new X509Certificate2(System.Web.HttpContext.Current.Server.MapPath("/ssl/clientKeyStore.pfx"), "123456");

            

            serverCertificateName = objx509_kehu.Issuer;

            SslTcpClient.RunClient(machineName, serverCertificateName);

            return 0;

        }

    }