SSL TCP SslStream服务器抛出未处理的异常“”;System.Security.Cryptography.
本文关键字:System Cryptography Security 异常 SslStream TCP 服务器 未处理 SSL | 更新日期: 2023-09-27 18:24:17
我正试图创建一个C#TCP服务器,以便在Windows 2008服务器上使用SslStream从发送TCP数据的客户端(目标C移动应用程序)接收TCP数据。
我使用的是微软的示例代码(注意:我对该代码的修改版本在这个问题的末尾),即它是服务器代码,就在"下面的代码示例演示创建一个TcpListener,它使用SslStream类与客户端通信")
例外
然而,当我运行这个服务器代码时,我会得到以下异常:
System.Security.Cryptography.CryptographicException: Cannot find the original si
gner.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicExce
ption(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(
String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCer
tContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertific
ateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlag
s)
at System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCe
rtFile(String filename)
at SslTcpServer.LocationSslTcpServer.RunServer(String certificate) in c:'SslTcpServer'Program.cs:line 20
at SslTcpServer.Program.Main(String[] args) in c:'SslTcpServer'Program.cs:line 180
我也在http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate.aspx它抛出了一个类似的异常。
附加信息
我从NameCheap获得了SSL证书。我购买了EssentialSSL通配符证书。我在Windows 2008服务器上进行了创建证书请求,即以开头的gaint文本
-----BEGIN NEW CERTIFICATE REQUEST-----
alots of random characters
-----END NEW CERTIFICATE REQUEST-----
并将该gaint文本文件上传到NameCheap,并通过电子邮件收到一个Certificate.cer文件。
我的代码
public sealed class LocationSslTcpServer
{
static X509Certificate serverCertificate = null;
// The certificate parameter specifies the name of the file
// containing the machine certificate.
public static void RunServer(string certificate)
{
serverCertificate = X509Certificate.CreateFromCertFile(certificate);
// Create a TCP/IP (IPv4) socket and listen for incoming connections.
TcpListener listener = new TcpListener(IPAddress.Any, 8080);
listener.Start();
while (true)
{
Console.WriteLine("Waiting for a client to connect...");
// Application blocks while waiting for an incoming connection.
// Type CNTL-C to terminate the server.
TcpClient client = listener.AcceptTcpClient();
ProcessClient(client);
}
}
static void ProcessClient(TcpClient client)
{
// A client has connected. Create the
// SslStream using the client's network stream.
SslStream sslStream = new SslStream(
client.GetStream(), false);
// Authenticate the server but don't require the client to authenticate.
try
{
sslStream.AuthenticateAsServer(serverCertificate,
false, SslProtocols.Tls, true);
// Display the properties and settings for the authenticated stream.
DisplaySecurityLevel(sslStream);
DisplaySecurityServices(sslStream);
DisplayCertificateInformation(sslStream);
DisplayStreamProperties(sslStream);
// Set timeouts for the read and write to 5 seconds.
sslStream.ReadTimeout = 5000;
sslStream.WriteTimeout = 5000;
// Read a message from the client.
Console.WriteLine("Waiting for client message...");
string messageData = ReadMessage(sslStream);
Console.WriteLine("Received: {0}", messageData);
// Write a message to the client.
byte[] message = Encoding.UTF8.GetBytes("Hello from the server.<EOF>");
Console.WriteLine("Sending hello message.");
sslStream.Write(message);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
sslStream.Close();
client.Close();
return;
}
finally
{
// The client stream will be closed with the sslStream
// because we specified this behavior when creating
// the sslStream.
sslStream.Close();
client.Close();
}
}
static string ReadMessage(SslStream sslStream)
{
// Read the message sent by the client.
// The client signals the end of the message using the
// "<EOF>" marker.
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
// Read the client's test message.
bytes = sslStream.Read(buffer, 0, buffer.Length);
// Use Decoder class to convert from bytes to UTF8
// in case a character spans two buffers.
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
// Check for EOF or an empty message.
if (messageData.ToString().IndexOf("<EOF>") != -1)
{
break;
}
} while (bytes != 0);
return messageData.ToString();
}
static void DisplaySecurityLevel(SslStream stream)
{
Console.WriteLine("Cipher: {0} strength {1}", stream.CipherAlgorithm, stream.CipherStrength);
Console.WriteLine("Hash: {0} strength {1}", stream.HashAlgorithm, stream.HashStrength);
Console.WriteLine("Key exchange: {0} strength {1}", stream.KeyExchangeAlgorithm, stream.KeyExchangeStrength);
Console.WriteLine("Protocol: {0}", stream.SslProtocol);
}
static void DisplaySecurityServices(SslStream stream)
{
Console.WriteLine("Is authenticated: {0} as server? {1}", stream.IsAuthenticated, stream.IsServer);
Console.WriteLine("IsSigned: {0}", stream.IsSigned);
Console.WriteLine("Is Encrypted: {0}", stream.IsEncrypted);
}
static void DisplayStreamProperties(SslStream stream)
{
Console.WriteLine("Can read: {0}, write {1}", stream.CanRead, stream.CanWrite);
Console.WriteLine("Can timeout: {0}", stream.CanTimeout);
}
static void DisplayCertificateInformation(SslStream stream)
{
Console.WriteLine("Certificate revocation list checked: {0}", stream.CheckCertRevocationStatus);
X509Certificate localCertificate = stream.LocalCertificate;
if (stream.LocalCertificate != null)
{
Console.WriteLine("Local cert was issued to {0} and is valid from {1} until {2}.",
localCertificate.Subject,
localCertificate.GetEffectiveDateString(),
localCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Local certificate is null.");
}
// Display the properties of the client's certificate.
X509Certificate remoteCertificate = stream.RemoteCertificate;
if (stream.RemoteCertificate != null)
{
Console.WriteLine("Remote cert was issued to {0} and is valid from {1} until {2}.",
remoteCertificate.Subject,
remoteCertificate.GetEffectiveDateString(),
remoteCertificate.GetExpirationDateString());
}
else
{
Console.WriteLine("Remote certificate is null.");
}
}
public static void DisplayUsage()
{
Console.WriteLine("To start the server specify:");
Console.WriteLine("serverSync certificateFile.cer");
Environment.Exit(1);
}
}
class Program
{
static int Main(string[] args)
{
string certificate = null;
certificate = "Certificate.cer";
try
{
LocationSslTcpServer.RunServer(certificate);
}
catch (Exception e)
{
Console.WriteLine(e.StackTrace);
Console.ReadLine();
}
return 0;
}
}
提前感谢您的帮助!
我成功地使用X.509数字证书生成器:
- 创建CA证书(CA.pfx)
- 创建用CA证书(Client.pfx)签名的客户端证书
- 创建用CA证书(Server.pfx)签名的服务器证书
- 在受信任的根证书文件夹中安装CA证书(CA.pfx)
- 在个人文件夹中安装客户端和服务器证书(Client.pfx和Server.pfx)
对于步骤4和5:从搜索框(靠近Windows开始按钮-桌面左下角)输入错误:证书,然后选择管理计算机证书