Citat:
Ursprungligen postat av jackjson
Digrad affärssystem bjuder på en lösning
Kod:
private HttpWebRequest CreateSwishRequest(String url, String clientCertPath, String clientCertPass)
{
//Basic set up
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls11; //Tls12 does not work
//Load client certificates
var clientCerts = new X509Certificate2Collection();
clientCerts.Import(clientCertPath, clientCertPass ?? "", X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
//Assert CA certs in cert store, and get root CA
var rootCertificate = AssertCertsInStore(clientCerts);
var req = HttpWebRequest.Create(url) as HttpWebRequest;
req.ClientCertificates = clientCerts;
req.Method = "POST";
req.ContentType = "application/json; charset=UTF-8";
req.AllowAutoRedirect = false;
//Verify server root CA by comparing to client cert root CA
req.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => {
var chainRootCa = chain?.ChainElements?.OfType<X509ChainElement>().LastOrDefault()?.Certificate;
if (rootCertificate == null || chainRootCa == null)
return false;
return rootCertificate.Equals(chainRootCa); //Same root CA as client cert
};
return req;
}
private X509Certificate2 AssertCertsInStore(X509Certificate2Collection certs)
{
//Create typed array
var certArr = certs.OfType<X509Certificate2>().ToArray();
//Build certificate chain
var chain = new X509Chain();
chain.ChainPolicy.ExtraStore.AddRange(certArr.Where(o => !o.HasPrivateKey).ToArray());
var privateCert = certArr.FirstOrDefault(o => o.HasPrivateKey);
if (privateCert == null)
return null;
var result = chain.Build(privateCert);
//Get CA certs
var caCerts = chain.ChainElements.OfType<X509ChainElement>().Where(o => !o.Certificate.HasPrivateKey).Select(o => o.Certificate).ToArray();
if (caCerts == null || caCerts.Length == 0)
return null;
//Assert CA certs in intermediate CA store
var intermediateStore = new X509Store(StoreName.CertificateAuthority, StoreLocation.CurrentUser);
intermediateStore.Open(OpenFlags.ReadWrite);
foreach (var ca in caCerts)
{
if (!intermediateStore.Certificates.Contains(ca))
intermediateStore.Add(ca);
}
intermediateStore.Close();
//Return last CA in chain (root CA)
return caCerts.LastOrDefault();
}
|
Tackar, hade fått det att lira genom att installera root certifikatet på servern men detta kommer ju hjälpa så man slipper den biten.