C# 在TLS web套接字服务器中使用SslStream时出现问题_C#_.net_Ssl_Websocket_Client Server

C# 在TLS web套接字服务器中使用SslStream时出现问题

c# .net ssl websocket

C# 在TLS web套接字服务器中使用SslStream时出现问题,c#,.net,ssl,websocket,client-server,C#,.net,Ssl,Websocket,Client Server,我跟随创建了我的测试证书。我对服务器使用了Certificate.cer，对客户端使用了Certificate.pfx： makecert-r-pe-n“CN=测试证书”-天空交易所Certificate.cer-sv Key.pvk-eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.7.3.2 “C:\Program Files（x86）\Windows Kits\8.1\bin\x64\pvk2pfx.exe”-pvk Key.pvk-spc Certificate.cer-p

我跟随创建了我的测试证书。我对服务器使用了

Certificate.cer

，对客户端使用了

Certificate.pfx

：

makecert-r-pe-n“CN=测试证书”-天空交易所Certificate.cer-sv Key.pvk-eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.7.3.2

“C:\Program Files（x86）\Windows Kits\8.1\bin\x64\pvk2pfx.exe”-pvk Key.pvk-spc Certificate.cer-pfx Certificate.pfx

我正在尝试创建一个web套接字服务器，并正确验证来自通信客户端和服务器端的证书。下面是我目前正在构建的整个控制台应用程序：

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Net.WebSockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;

namespace WebSockets
{    
    class Program
    {
        static void Main(string[] args)
        {
            CreateWebSocketClient(CreateWebSocketServer(1337), 1338);
            Console.WriteLine("Press any key to exit.");
            Console.ReadKey();
        }

        private static IPEndPoint CreateWebSocketServer(int port)
        {
            var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
            IPEndPoint endpoint = new IPEndPoint(IPAddress.Loopback, port);
            socket.Bind(endpoint);
            socket.Listen(Int32.MaxValue);
            socket.BeginAccept((result) =>
            {
                var clientSocket = socket.EndAccept(result);
                Console.WriteLine("{0}: Connected to the client at {1}.", DateTime.Now, clientSocket.RemoteEndPoint);
                using (var stream = new SslStream(new NetworkStream(clientSocket), false, (sender, certificate, chain, sslPolicyErrors) =>
                    {
                        return true;
                    }, (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
                    {
                        return new X509Certificate2("Certificate.pfx");
                    }, EncryptionPolicy.RequireEncryption))
                {
                    stream.AuthenticateAsServer(new X509Certificate2("Certificate.pfx"), true, SslProtocols.Tls12, true);
                    stream.Write("Hello".ToByteArray());
                    Console.WriteLine("{0}: Read \"{1}\" from the client at {2}.", DateTime.Now, stream.ReadMessage(), clientSocket.RemoteEndPoint);
                }
            }, null);
            Console.WriteLine("{0}: Web socket server started at {1}.", DateTime.Now, socket.LocalEndPoint);
            return endpoint;
        }

        private static void CreateWebSocketClient(IPEndPoint remoteEndpoint, int port)
        {
            var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
            IPEndPoint localEndpoint = new IPEndPoint(IPAddress.Loopback, port);
            socket.Bind(localEndpoint);
            socket.BeginConnect(remoteEndpoint, (result) =>
            {
                socket.EndConnect(result);
                Console.WriteLine("{0}: Connected to the server at {1}.", DateTime.Now, remoteEndpoint);
                using (var stream = new SslStream(new NetworkStream(socket), false, (sender, certificate, chain, sslPolicyErrors) =>
                    {
                        return true;
                    }, (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
                    {
                        return new X509Certificate2("Certificate.cer");
                    }, EncryptionPolicy.RequireEncryption))
                {
                    stream.AuthenticateAsClient(remoteEndpoint.ToString(), new X509Certificate2Collection(new X509Certificate2[] { new X509Certificate2("Certificate.cer") }), SslProtocols.Tls12, true);
                    stream.Write("Hello".ToByteArray());
                    Console.WriteLine("{0}: Read \"{1}\" from the server at {2}.", DateTime.Now, stream.ReadMessage(), remoteEndpoint);
                }
            }, null);
        }
    }

    public static class StringExtensions
    {
        public static Byte[] ToByteArray(this String value)
        {
            Byte[] bytes = new Byte[value.Length * sizeof(Char)];
            Buffer.BlockCopy(value.ToCharArray(), 0, bytes, 0, bytes.Length);
            return bytes;
        }

        public static String FromByteArray(this Byte[] bytes)
        {
            Char[] characters = new Char[bytes.Length / sizeof(Char)];
            Buffer.BlockCopy(bytes, 0, characters, 0, bytes.Length);
            return new String(characters).Trim(new Char[] { (Char)0 });
        }

        public static int BufferSize = 0x400;

        public static String ReadMessage(this SslStream stream)
        {
            var buffer = new Byte[BufferSize];
            stream.Read(buffer, 0, BufferSize);
            return FromByteArray(buffer);
        }
    }
}

运行时，服务器和客户端之间的通信工作正常，但我不确定应该如何实现回调，特别是因为在服务器端调用时，

sslPolicyErrors=RemoteCertificateNotAvailable

和在客户端调用时，

sslPolicyErrors=RemoteCertificateNameMismatch | RemoteCertificateChainErrors

。另外，

certificate

和

chain

在服务器端为空，但出现在客户端的回调中。为什么呢？我的实现存在哪些问题？如何使我的实现正确验证SSL证书？我曾尝试在线搜索SslStream，但是我还没有看到一个完整的、基于X509的TLS服务器客户端实现，它可以完成我需要的证书验证类型。

我有三个不同的问题。我最初的方法很好，但是：

我在这里误用了证书，因为在客户端使用

.pfx

证书可以解决我的

RemoteCertificateNotAvailable

问题。我不知道为什么

.cer

不起作用

我在调用

AuthenticateTaseClient

时指定了错误的使用者名称，因为第一个参数使用了“测试证书”，而不是

remoteEndpoint。ToString（）

解决了我的

RemoteCertificateNameMatch

尽管是自签名的，但为了避开

RemoteCertificateChaineErrors

错误，我必须将此证书添加到我当前用户帐户下的受信任人员存储中，以信任该证书

还包括一些其他的小改进，我的代码现在也可以接受多个客户机（正如我修复了上面的一些bug），如下所示（请不要逐字复制此文件，因为它需要在不同的位置执行大量操作、正确的清理逻辑、利用读取调用时读取的字节而不是修剪NUL、引入一些Unicode字符（如EOT）来指定消息的结尾、对其进行解析以及处理si不支持的奇数大小的缓冲区nce我们的C#字符大小为2个字节，处理奇数读取等；这需要大量的改进才能看到生产系统的曙光，如果您愿意，它只能作为示例或概念证明。）：

我希望这有助于其他人在C#中揭开web套接字、SSL流、X509证书等的神秘面纱。快乐编码：）我可能会在我的博客上发布它的最终版本。

感谢分享代码。您介意描述一下如何修改要连接到的代码吗wss://echo.websocket.org?

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Net;
using System.Net.Security;
using System.Net.Sockets;
using System.Net.WebSockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

namespace WebSockets
{
    class Program
    {
        static void Main(string[] args)
        {
            IPEndPoint server = CreateWebSocketServer(1337);
            CreateWebSocketClient(server, 1338);
            CreateWebSocketClient(server, 1339);
            Console.WriteLine("Press any key to exit.");
            Console.ReadKey();
        }

        private static IPEndPoint CreateWebSocketServer(int port)
        {
            var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
            IPEndPoint endpoint = new IPEndPoint(IPAddress.Loopback, port);
            socket.Bind(endpoint);
            socket.Listen(Int32.MaxValue);
            ListenForClients(socket);
            Console.WriteLine("{0}: Web socket server started at {1}.", DateTime.Now, socket.LocalEndPoint);
            return endpoint;
        }

        private static void ListenForClients(Socket socket)
        {
            socket.BeginAccept((result) =>
            {
                new Thread(() =>
                {
                    ListenForClients(socket);
                }).Start();
                var clientSocket = socket.EndAccept(result);
                Console.WriteLine("{0}: Connected to the client at {1}.", DateTime.Now, clientSocket.RemoteEndPoint);
                using (var stream = new SslStream(new NetworkStream(clientSocket), false, (sender, certificate, chain, sslPolicyErrors) =>
                {
                    if (sslPolicyErrors == SslPolicyErrors.None)
                        return true;
                    return false;
                }, (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
                {
                    return new X509Certificate2("Certificate.pfx");
                }, EncryptionPolicy.RequireEncryption))
                {
                    stream.AuthenticateAsServer(new X509Certificate2("Certificate.pfx"), true, SslProtocols.Tls12, true);
                    stream.Write("Hello".ToByteArray());
                    Console.WriteLine("{0}: Read \"{1}\" from the client at {2}.", DateTime.Now, stream.ReadMessage(), clientSocket.RemoteEndPoint);
                }
            }, null);
        }

        private static void CreateWebSocketClient(IPEndPoint remoteEndpoint, int port)
        {
            var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
            IPEndPoint localEndpoint = new IPEndPoint(IPAddress.Loopback, port);
            socket.Bind(localEndpoint);
            socket.BeginConnect(remoteEndpoint, (result) =>
            {
                socket.EndConnect(result);
                Console.WriteLine("{0}: Client at {1} connected to the server at {2}.", DateTime.Now, localEndpoint, remoteEndpoint);
                using (var stream = new SslStream(new NetworkStream(socket), false, (sender, certificate, chain, sslPolicyErrors) =>
                {
                    if (sslPolicyErrors == SslPolicyErrors.None)
                        return true;
                    return false;
                }, (sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
                {
                    return new X509Certificate2("Certificate.pfx");
                }, EncryptionPolicy.RequireEncryption))
                {
                    stream.AuthenticateAsClient("Test Certificate", new X509Certificate2Collection(new X509Certificate2[] { new X509Certificate2("Certificate.pfx") }), SslProtocols.Tls12, true);
                    stream.Write("Hello".ToByteArray());
                    Console.WriteLine("{0}: Client at {1} read \"{2}\" from the server at {3}.", DateTime.Now, localEndpoint, stream.ReadMessage(), remoteEndpoint);
                }
            }, null);
        }
    }

    public static class StringExtensions
    {
        public static Byte[] ToByteArray(this String value)
        {
            Byte[] bytes = new Byte[value.Length * sizeof(Char)];
            Buffer.BlockCopy(value.ToCharArray(), 0, bytes, 0, bytes.Length);
            return bytes;
        }

        public static String FromByteArray(this Byte[] bytes)
        {
            Char[] characters = new Char[bytes.Length / sizeof(Char)];
            Buffer.BlockCopy(bytes, 0, characters, 0, bytes.Length);
            return new String(characters).Trim(new Char[] { (Char)0 });
        }

        public static int BufferSize = 0x400;

        public static String ReadMessage(this SslStream stream)
        {
            var buffer = new Byte[BufferSize];
            stream.Read(buffer, 0, BufferSize);
            return FromByteArray(buffer);
        }
    }
}