从 .net 核心使用 M2MQTT 连接到 AWS IoT

Question

我设法手动创建了 AWS IoT 配置，下载了证书并创建了一个可以订阅主题的控制台应用程序。我现在尝试自动创建事物，这导致 AWS 将证书密钥作为字符串提供。我不确定如何使用这些。我已经下载了根 ca，我假设我将其用于所有事情。

我的基于文件的证书订阅者如下所示：

            Console.WriteLine("AWS IOT Dotnet core message listener starting");
            string iotendpoint = "blahblah-ats.iot.ap-southeast-2.amazonaws.com";
            int BrokerPort = 8883;
            string Topic = "topic_1/";

            var CaCert = X509Certificate.CreateFromCertFile(@"root-CA.crt");
            var ClientCert = new X509Certificate2(@"device.pfx", "password");

            var IotClient = new MqttClient(iotendpoint, BrokerPort, true, CaCert, ClientCert, MqttSslProtocols.TLSv1_2);

            try
            {
                IotClient.Connect(Guid.NewGuid().ToString());
                Console.WriteLine("Connected to AWS IOT");

                IotClient.MqttMsgPublishReceived += Client_MqttMsgPublishReceived;
                IotClient.MqttMsgSubscribed += Client_MqttMsgSubscribed;

                IotClient.Subscribe(new string[] { Topic }, new byte[] { MqttMsgBase.QOS_LEVEL_AT_LEAST_ONCE });

                Console.ReadLine();

            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.Message);
                return;
            }

要从文件中加载证书，我试过这个：

    var keyText = File.ReadAllText("keys.json");
    var keys = JsonConvert.DeserializeObject<Keys>(keyText);
    var bytes = Encoding.ASCII.GetBytes(keys.PrivateKey.ToCharArray());
    var ClientCert = new X509Certificate2(bytes);

与：

    class Keys {
        public string PublicKey {get;set;}
        public string PrivateKey {get;set;}
    }

以及来自 AWS 的 json 文件中的密钥：

{
    "PrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA4mh2PQ581XN9BmoCvDjlaktm/6gQgqGBItZThcQVMTjveU8H\npjOU2E/9lq7vmdO+96NuuMr9MKtFD+ZWtVExLjMq9hH0MvIvosVt9+6Ggcwz7Kdr\nigprfBMVORV0rgcK+nsd2DmBNrs339fqbTn5UAIFFBpqkNReW7LMl9h6g8hu4aYQ\nJTohDwSmgmNJKlzMJGtVfPggqt+bBi3lUf9NEOEz...
-----END RSA PRIVATE KEY-----\n",
    "PublicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mh2PQ581XN9BmoCvDjl\naktm/6gQgqGBItZThcQVMTjveU8HpjOU2E/9lq7vmdO+96NuuMr9MKtFD+ZWtVEx\nLjMq9hH0MvIvosVt9+6Ggcwz7K...
-----END PUBLIC KEY-----\n"
}

加载证书时出错：

System.Security.Cryptography.X509Certificates.dll 中出现“Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException”类型的未处理异常：“找不到请求的对象。”

有人能看出这里有什么明显的错误吗？我不懂证书...

更新：

使用 AWS 开发工具包生成的 PEM 文本更正确，但我仍然收到连接错误 - M2MQTT 说存在证书问题，它没有私钥。需要吗？

    var pemText = File.ReadAllText("thing.crt");
    var bytes = Encoding.ASCII.GetBytes(pemText);
    var ClientCert = new X509Certificate2(bytes);

Answer 1

最终破解的解决方案如下所示：

    var keyText = File.ReadAllText("keys.json"); // saved from AWS SDK when creating IoT Cert.
    var keys = JsonConvert.DeserializeObject<Keys>(keyText);
    var rsa = RsaHelper.PrivateKeyFromPem(keys.PrivateKey);

    var pemText = File.ReadAllText("thing.crt");
    var bytes = Encoding.ASCII.GetBytes(pemText);

    var ClientCert = new X509Certificate2(bytes);
    ClientCert = ClientCert.CopyWithPrivateKey(rsa);
    ClientCert = new X509Certificate2(ClientCert.Export(X509ContentType.Pfx,"12345678"), "12345678");

来自https://github.com/dejanstojanovic/dotnetcore-token-authentication/blob/asymmetric_rsahelper/Sample.Core.Common/Helpers/RsaHelper.cs的RSAHelper

从https://github.com/aspnet/KestrelHttpServer/issues/2960 导出和导入 PFX 以解决错误的最后一招：“安全包中没有可用的凭据”

侧边栏 - 为什么我们（作为一个行业）总是把概念上简单的东西搞得这么复杂？ :)