Key and cert parameters

Question

Key and cert parameters

somehowchris opened this issue 3 years ago · 9 comments

Hey,

So I came across a task to implement something in C#, really liked to tool so far until I had to add --cert and --key parameters as the cool doesn't seem to support it, anyway to have that added?

Answer 1 · 2022-03-11T09:12:28.000Z

I added this as question in https://stackoverflow.com/questions/71420567/how-to-get-page-using-client-and-server-certificate

Answer 2 · 2022-03-11T09:17:59.000Z

@kobruleht

Starting from .NET 5 you can create X509Certificate2 object from pem file
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.createfrompemfile?view=net-6.0

You code should something like this

var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ClientCertificates.Add(X509Certificate2.CreateFromPemFile("cert.pem", "private.pem"));

using var httpClient = new HttpClient(handler);

// make requests

I'll add pem support to the converter when I have spare time.

Answer 3 · 2022-03-12T14:14:49.000Z

Just added support for PEM certificates and the key parameter.
Please let me know if it works for you.

Answer 4 · 2022-03-12T19:44:52.000Z

I tried generated code with certificate and key loading from string using

var handler = new HttpClientHandler();
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.ClientCertificates.Add(X509Certificate2.CreateFromPem(konto.Certificat, konto.Privatekey));
using var httpClient = new HttpClient(handler);
using var request = new HttpRequestMessage(new HttpMethod("GET"), "https://example.com");
var response = await httpClient.SendAsync(request);

this but got exception

No credentials are available in the security package

with stack trace

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.ComponentModel.Win32Exception (0x8009030E): No credentials are available in the security package
   at System.Net.SSPIWrapper.AcquireCredentialsHandle(ISSPIInterface secModule, String package, CredentialUse intent, SCH_CREDENTIALS* scc)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(CredentialUse credUsage, SCH_CREDENTIALS* secureCredential)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandleSchCredentials(SslStreamCertificateContext certificateContext, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
   at System.Net.Security.SslStreamPal.AcquireCredentialsHandle(SslStreamCertificateContext certificateContext, SslProtocols protocols, EncryptionPolicy policy, Boolean isServer)
   at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output)
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer)
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize)
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request)
   at System.Threading.Tasks.TaskCompletionSourceWithCancellation`1.WaitWithCancellationAsync(CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken)

According to

Azure/azure-iot-sdk-csharp#2150

This is caused by bug in windows. Adding

certificate = new X509Certificate2(certificate.Export(X509ContentType.Pfx));

according to this link fixes this. Please add this to generated code.

Answer 5 · 2022-03-13T06:45:22.000Z

@kobruleht
Could you please share the curl command?

Answer 6 · 2022-03-13T07:04:02.000Z

Hi!

curl --key private.key --cert server.crt https://example.com

Answer 7 · 2022-03-13T07:45:40.000Z

I managed to reproduce the issue.
I will push a fix soon, thank you! 👍🏻

Answer 8 · 2022-03-13T08:56:13.000Z

@kobruleht
I've just implemented the workaround. Could you please check the conversion one more time?

Answer 9 · 2022-03-13T10:49:42.000Z

I checked conversion after fix.