c# - .NET Core 自定义服务器证书 CA
问题描述
我想从集群外的 .NET Core 应用程序调用 Kubernetes API。
我有一个带有 HttpClientHandler 的 HttpClient ,我在其中将此回调设置为忽略无效(不受信任)证书,并且它可以工作:
handler.ServerCertificateCustomValidationCallback +=
(message, certificate, chain, errors) => true;
但是在我来自 kubectl 的 kubeconfig 中,我有这个:
...
clusters:
- cluster:
certificate-authority-data: SOME_AUTHORITY_DATA
server: https://myserver.io:443
...
如何在我的应用程序中使用该证书授权数据验证服务器证书?
解决方案
private static byte[] s_issuingCABytes = { ... };
handler.ServerCertificateCustomValidationCallback +=
(message, certificate, chain, errors) =>
{
const SslPolicyErrors Mask =
#if CA_IS_TRUSTED
~SslPolicyErrors.None;
#else
~SslPolicyErrors.RemoteCertificateChainErrors;
#endif
// If a cert is not present, or it didn't match the host.
// (And if the CA should have been root trusted anyways, also checks that)
if ((errors & Mask) != SslPolicyErrors.None)
{
return false;
}
foreach (X509ChainElement element in chain.ChainElements)
{
if (element.Certificate.RawData.SequenceEqual(s_issuingCABytes))
{
// The expected certificate was found, huzzah!
return true;
}
}
// The expected cert was not in the chain.
return false;
};
推荐阅读
- azure - Azure AD Log Analytics 需要资源提供程序 microsoft.insights
- spring - Keycloak 身份验证永远循环
- javascript - TypeError: Object(...) is not a function - ReactJS /GatsbyJS
- game-development - 实例化节点在运行时不可见
- python - 从齐次矩阵确定变换矩阵
- javascript - 具有切口形状的动画背景渐变
- git - 如何在 VSCode 的集成终端中启用 git 自动完成功能?
- javascript - Javascript - 从树中递归删除某种类型的节点,但重新附加并传播符合条件的子节点
- javascript - 我无法验证此选择
- android - 小米 8 切换应用视图 Flutter 应用名称错误