通过证书请求Https站点
前几天在做与平安银行对接接口,主要是给平安银行推送用户数据(申请贷款的用户),平安银行提供的是https的地址,请求https地址的时候还要发送证书,刚接到这个任务的时候一头雾水,百度上各种所搜,最后还是给解决了。
幸好前几天在博客园里看到一篇文章,给了我很大帮助,地址:http://www.cnblogs.com/caiwenz/p/3913461.html
现在来看程序怎么实现。
首先看一下证书,下图是平安银行接口人给发送的证书,里面的证书有java使用的,有PHP使用的,也有.NET使用,当我打电话向平安银行接口人咨询.NET需要用到那个证书时,对方的回答他也不知道,然后只能去百度了。
其中红色框圈住的是.NET需要的证书
public class HttpHelper
{
/// <summary>
/// 证书路径
/// </summary>
public string CertificateFilePath { get; set; }
/// <summary>
/// 证书密码
/// </summary>
public string CertificateFilePwd { get; set; }
public HttpHelper()
{
//ServicePointManager.ServerCertificateValidationCallback += ServerCertificateValidationCallback;//验证服务器证书回调自动验证
}
/// <summary>
/// 发送POST请求
/// </summary>
/// <param name="url">请求的地址</param>
/// <param name="Content">请求的内容</param>
/// <param name="isLoadCert">是否加载证书</param>
/// <returns></returns>
public String Post(String url, String Content, bool isLoadCert)
{
string html = "";
HttpWebRequest webReqst = (HttpWebRequest)WebRequest.Create(url);
if (isLoadCert)
{
//创建证书
X509Certificate2 cert = CreateX509Certificate2();
//添加证书认证
webReqst.ClientCertificates.Add(cert);
}
webReqst.Method = "POST";
webReqst.KeepAlive = true;
webReqst.ContentType = "application/x-www-form-urlencoded";
try
{
byte[] data = Encoding.Default.GetBytes(Content);
webReqst.ContentLength = data.Length;
Stream stream = webReqst.GetRequestStream();
stream.Write(data, 0, data.Length);
HttpWebResponse webResponse = (HttpWebResponse)webReqst.GetResponse();
if (webResponse.StatusCode == HttpStatusCode.OK && webResponse.ContentLength < 1024 * 1024)
{
StreamReader reader = new StreamReader(webResponse.GetResponseStream(), Encoding.Default);
html = reader.ReadToEnd();
}
}
catch(Exception ex)
{
throw ex;
}
return html;
}
/// <summary>
/// 创建证书
/// </summary>
/// <returns>X509Certificate2对象</returns>
public X509Certificate2 CreateX509Certificate2()
{
X509Certificate2 cert = null;
try
{
cert = new X509Certificate2(CertificateFilePath, CertificateFilePwd);
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(ServerCertificateValidationCallback);
}
catch (Exception ex)
{
throw ex;
}
return cert;
}
/// <summary>
/// 验证证书的回调函数
/// </summary>
/// <param name="obj"></param>
/// <param name="cer"></param>
/// <param name="chain"></param>
/// <param name="error"></param>
/// <returns></returns>
private bool ServerCertificateValidationCallback(object obj, X509Certificate cer, X509Chain chain, System.Net.Security.SslPolicyErrors error)
{
return true;
}
}
程序比较简单了,主要是请求证书,以前没搞过。
调用
1、把证书放在电脑的一个盘中,记录.pfx证书的路径,还需要知道证书的密码
2、调用
<!-- 平安银行证书路径-->
<add key="CertificateFilePath" value="D:\证书\证书\store.pfx" />
<!-- 平安银行证书密码-->
<add key="CertificateFilePwd" value="XXXX" />
<!--平安银行请求的地址-->
<add key="PingAnUrl" value="https://XXXX7" />
HttpHelper helper = new HttpHelper();
helper.CertificateFilePath = WindowsServiceCommon.GetConfigSetting("CertificateFilePath"); //ConfigurationManager.AppSettings["CertificateFilePath"].ToString();
helper.CertificateFilePwd = WindowsServiceCommon.GetConfigSetting("CertificateFilePwd"); //ConfigurationManager.AppSettings["CertificateFilePwd"].ToString();
var html = helper.Post(WindowsServiceCommon.GetConfigSetting("PingAnUrl"), XmlContent, true);
这样就成功的吧数据Post到指定的地址上。