需要使用pfx证书将消息从.net core发布到aws。连接到客户端 ID 时出现错误。
我的工作服务源代码如下
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
DateTime registryValue = DateTime.Now;
try
{
string application = Configuration[Constants.Application];
string sourceName = Configuration[Constants.SourceName];
string certificateSubject = Configuration[Constants.CertificateSubject];
string iotEndPoint = Configuration[Constants.IotEndpoint];
int brokerPort = Convert.ToInt32(Configuration[Constants.BrokerPort]);
string topic = Configuration[Constants.Topic];
string ggcRootCaCertificate = Configuration[Constants.GgcRootCaCertificate];
string storeName = Configuration[Constants.X509Store];
string clientId = Configuration[Constants.ClientId];
Logger.LogInformation($"ggcRootCaCertificate: {ggcRootCaCertificate}.");
string machineName = Environment.MachineName;
EventLog eventLog = new EventLog(application, machineName);
EventLogEntryCollection eventLogEntryCollection = eventLog.Entries;
//int logCount = eventLogEntryCollection.Count;
//if (logCount <= 0)
//{
// Logger.LogInformation("No Event Logs in the Log :");
//}
X509Store store = new X509Store(storeName, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
var clientCert = store.Certificates.OfType<X509Certificate2>().FirstOrDefault(x =>
x.SubjectName.Name.Contains(certificateSubject));
if (clientCert == null)
{
Logger.LogInformation("Certificate not installed in the system");
}
X509Certificate x509Certificate = X509Certificate.CreateFromCertFile(Path.Join(ggcRootCaCertificate));
MqttClient mqttClient = new MqttClient(iotEndPoint, brokerPort, true, x509Certificate, clientCert, MqttSslProtocols.TLSv1_2);
if (clientId == null)
{
clientId = machineName;
}
mqttClient.ProtocolVersion = MqttProtocolVersion.Version_3_1_1;
mqttClient.Connect(clientId);
Logger.LogInformation($"Connected to AWS IoT with client id: {clientId}.");
RegistryKey registryKey = Registry.LocalMachine.CreateSubKey(Constants.RegistryPath);
DateTime calculatedLogTime = DateTime.Now;
EventLog log = new EventLog(application);
var totalEntries = log.Entries.Cast<EventLogEntry>()
.Where(x => x.Source == sourceName)
.Select(x => new
{
x.MachineName,
x.Site,
x.Source,
x.Message,
x.TimeGenerated,
x.TimeWritten
}).ToList();
registryValue = Convert.ToDateTime(registryKey.GetValue(Constants.LastEventLogFetch));
if (totalEntries.Count > 0)
{
int i = 0;
List<dynamic> termsList = new List<dynamic>();
if (registryValue == null || registryValue == DateTime.MinValue)
{
var Entries = totalEntries.OrderByDescending(x => x.TimeGenerated).FirstOrDefault();
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(Entries.Message)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime.AddMinutes(-1));
}
else
{
calculatedLogTime = registryValue.AddMinutes(1);
var Entries = totalEntries.Where(x => (x.TimeGenerated <= calculatedLogTime && x.TimeGenerated >= registryValue)).ToList();
if (Entries.Count > 0)
{
foreach (var item in Entries.GetRange(0, Entries.Count))
{
termsList.Add(item.Message + "Message from vm 30.31");
}
mqttClient.Publish(topic, Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
Logger.LogInformation("Message published", Encoding.UTF8.GetBytes($" {JsonConvert.SerializeObject(termsList)}"));
registryKey.SetValue(Constants.LastEventLogFetch, calculatedLogTime);
}
else
{
Logger.LogInformation("Event log count is zero. Can't send message");
}
}
}
else
{
Logger.LogInformation("Event log count is zero");
}
}
catch (Exception ex)
{
Logger.LogInformation(ex.Message, DateTimeOffset.Now);
Console.WriteLine(ex.Message);
}
Logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now);
if (registryValue > DateTime.Now)
{
await Task.Delay(60000, stoppingToken);
Logger.LogInformation("Registry value is greater than current time. So task delay will be one minue");
}
else
{
await Task.Delay(1000, stoppingToken);
Logger.LogInformation("Registry value is less than current time. So task delay will be one second");
}
}
}
Json 设置如下,
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AccuTabSettings": {
"Application": "name",
"SourceName": "Source",
"CertificateSubject": "CN=AWS IoT Certificate",
"IotEndpoint": "1.1.1.1",
"BrokerPort": 800,
"Topic": "device/client_id",
"GgcRootCaCertificate": "F:\\Certificates\\ggc-root.ca.crt",
"X509Store": "MY",
"ClientId": "pqr"
}
}
连接客户端时出现问题=>“根据验证程序,远程证书无效:RemoteCertificateNameMismatch,RemoteCertificateChainErrors”
RemoteCertificateNameMismatch没有足够的信息来调试
RemoteCertificateChainErrors对于 .NET Core 7.0:
当您添加 AddHttpClient() 方法时,在 Web 应用程序项目的 program.cs 类中:
builder.Services.AddHttpClient("HttpClientName", c =>{}).ConfigurePrimaryHttpMessageHandler(() =>
{
var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
return handler;
});