|
mono wcf openssl (сложности с transport)
#39455758
Ссылка:
Ссылка на сообщение:
Ссылка с названием темы:
|
|
|
|
Ubuntu 16.04
Mono / .Net 4.5
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
$ echo '100001' >serial
$ touch certindex.txt
$ mkdir certs
$ openssl req -config yourdomain-CA.conf -new -x509 -days 3650 -keyout yourdomain-CA.key -passout pass:qwerty -out yourdomain-CA.pem
$ openssl req -config yourdomain.server.conf -days 3650 -newkey rsa:4096 -keyout yourdomain.server.key -out yourdomain.server.req
$ openssl ca -batch -config openssl.cnf -cert yourdomain-CA.pem -keyfile yourdomain-CA.key -key qwerty -extfile yourdomain.server.conf -extensions server_exts -out yourdomain.server.pem -in yourdomain.server.req
$ openssl pkcs12 -export -passout pass:qwerty -out yourdomain.server.pfx -inkey yourdomain.server.key -in yourdomain.server.pem
$ openssl x509 -in yourdomain.server.pem -text > yourdomain.server.cert
$ openssl pkcs12 -export -out yourdomain.server.p12 -inkey yourdomain.server.key -in yourdomain.server.pem
$ certmgr --add -c -p qwerty Trust yourdomain.server.pfx
$ httpcfg -add -port 2787 -p12 yourdomain.server.p12 -pwd qwerty
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
[ServiceContract]
public interface IJsonSecurityTokenService
{
[OperationContract]
[WebGet(UriTemplate = "get?message={message}", BodyStyle = WebMessageBodyStyle.Bare, RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
string Get (string message);
}
[ServiceBehavior (InstanceContextMode = InstanceContextMode.PerCall, ConcurrencyMode = ConcurrencyMode.Single)]
[AspNetCompatibilityRequirements (RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class SecurityTokenService : IJsonSecurityTokenService
{
public string Get (string message)
{
return message;
}
}
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
public class SecurityTokenServiceHost : ServiceHost
{
public WebHttpBinding binding { get; private set; }
public SecurityTokenServiceHost (Uri[] baseAddresses)
: base (typeof(SecurityTokenService), baseAddresses)
{
binding = new WebHttpBinding (WebHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
}
protected override void ApplyConfiguration()
{
this.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser,StoreName.Root, X509FindType.FindByThumbprint, "5CD73A7EEEDD05CB600BFBB6D85D5B6D3DB94E76");
base.ApplyConfiguration ();
}
protected override void OnOpening()
{
var contract = ContractDescription.GetContract (typeof(IJsonSecurityTokenService));
var endpointAddress = new EndpointAddress (new Uri (this.BaseAddresses [0], "security/web"));
this.AddServiceEndpoint (new ServiceEndpoint (contract, binding, endpointAddress));
var webHttpBehavior = new WebHttpBehavior();
this.Description.Endpoints[0].Behaviors.Add(webHttpBehavior);
var metadataBehavior = new ServiceMetadataBehavior ();
metadataBehavior.HttpsGetEnabled = true;
this.Description.Behaviors.Add (metadataBehavior);
var debugBehavior = this.Description.Behaviors.Find<ServiceDebugBehavior> ();
debugBehavior.IncludeExceptionDetailInFaults = true;
base.OnOpening();
}
}
public static void Main (string[] args)
{
var baseUri = new Uri ("https://" + Environment.MachineName + ":2787");
var host = new SecurityTokenServiceHost (new []{ baseUri });
host.Open ();
try
{
HttpWebRequest request = HttpWebRequest.CreateHttp(baseUri.ToString() + "security/web/get?message=text");
request.Method = "GET";
request.ContentType = "application/json; charset=UTF-8";
request.ClientCertificates.Add(new X509Certificate2("../../Certificates/yourdomain.server.pfx", "qwerty"));
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
using (StreamReader reader = new StreamReader(response.GetResponseStream(), Encoding.UTF8))
{
string html = reader.ReadToEnd();
Console.WriteLine(html);
}
}
}
catch (WebException ex)
{
throw new Exception(ex.Message);
}
Console.ReadLine ();
host.Close ();
}
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
Unhandled Exception:
System.InvalidOperationException: Operation is not valid due to the current state of the object.
at Mono.Net.Security.MobileAuthenticatedStream.ValidateCreateContext (System.Boolean serverMode, System.String targetHost, System.Security.Authentication.SslProtocols enabledProtocols, System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Boolean clientCertRequired) [0x0000b] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Boolean clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Boolean clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpConnection.Init () [0x0001d] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpConnection.Close (System.Boolean force_close) [0x000e3] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpListenerResponse.Close (System.Boolean force) [0x00012] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpListenerResponse.Close () [0x0000c] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.ServiceModel.Channels.Http.HttpStandaloneResponseInfo.Close () [0x00000] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpContextInfo.Close () [0x00006] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.InternalClose (System.TimeSpan timeout) [0x00006] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.Close (System.TimeSpan timeout) [0x00000] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.Close () [0x0000c] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Dispatcher.ListenerLoopManager.ProcessRequest (System.ServiceModel.Channels.IReplyChannel reply, System.ServiceModel.Channels.RequestContext rc) [0x0007f] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Dispatcher.ListenerLoopManager.TryReceiveRequestDone (System.IAsyncResult result) [0x0001a] in <abc049434133440d8dd6b5b31f2f4992>:0
at (wrapper managed-to-native) System.Runtime.Remoting.Messaging.AsyncResult:Invoke (System.Runtime.Remoting.Messaging.AsyncResult)
at System.Runtime.Remoting.Messaging.AsyncResult.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem () [0x00000] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
at System.Threading.ThreadPoolWorkQueue.Dispatch () [0x00096] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback () [0x00000] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
[ERROR] FATAL UNHANDLED EXCEPTION: System.InvalidOperationException: Operation is not valid due to the current state of the object.
at Mono.Net.Security.MobileAuthenticatedStream.ValidateCreateContext (System.Boolean serverMode, System.String targetHost, System.Security.Authentication.SslProtocols enabledProtocols, System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Boolean clientCertRequired) [0x0000b] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at Mono.Net.Security.MobileAuthenticatedStream.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Boolean clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00000] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at Mono.Net.Security.Private.MonoSslStreamWrapper.AuthenticateAsServer (System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, System.Boolean clientCertificateRequired, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x00006] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpConnection.Init () [0x0001d] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpConnection.Close (System.Boolean force_close) [0x000e3] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpListenerResponse.Close (System.Boolean force) [0x00012] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.Net.HttpListenerResponse.Close () [0x0000c] in <5641e4edad4f4464ba58c620a7b8ea48>:0
at System.ServiceModel.Channels.Http.HttpStandaloneResponseInfo.Close () [0x00000] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpContextInfo.Close () [0x00006] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.InternalClose (System.TimeSpan timeout) [0x00006] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.Close (System.TimeSpan timeout) [0x00000] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Channels.Http.HttpRequestContext.Close () [0x0000c] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Dispatcher.ListenerLoopManager.ProcessRequest (System.ServiceModel.Channels.IReplyChannel reply, System.ServiceModel.Channels.RequestContext rc) [0x0007f] in <abc049434133440d8dd6b5b31f2f4992>:0
at System.ServiceModel.Dispatcher.ListenerLoopManager.TryReceiveRequestDone (System.IAsyncResult result) [0x0001a] in <abc049434133440d8dd6b5b31f2f4992>:0
at (wrapper managed-to-native) System.Runtime.Remoting.Messaging.AsyncResult:Invoke (System.Runtime.Remoting.Messaging.AsyncResult)
at System.Runtime.Remoting.Messaging.AsyncResult.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem () [0x00000] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
at System.Threading.ThreadPoolWorkQueue.Dispatch () [0x00096] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback () [0x00000] in <dbb16e0bacdc4a0f87478e401bc29b6c>:0
|
|
|
