koobas.hobune.stream
UnityWebRequest tomcat redirect and self signed SSL certificate
I am trying to call Tomcat Rest server via UnityWebRequest. When Tomcat is configured for HTTP everything its fine, but when i try to add SSL and HTTPS it seems to not work.
Tomcat has self signed certificate, and a redirect URI for HTTPS.
When i try to call over UnityWebRequest i get message: "Unknown Error" , and Status code: "0".
public MRestRequest{
string url = "http://127.0.0.1:8080/Rest/test/get"
www = UnityEngine.Networking.UnityWebRequest.Get(url);
}
public IEnumerator iSendRequest(Action<MRestRequest<T>> onSuccess, Action<MRestRequest<T>> onFailure)
{
yield return www.Send();
if (www.isNetworkError || www.isHttpError)
{
Debug.Log(www.error);
Debug.Log(www.responseCode);
onFailure(this);
}
else
{
Debug.Log(this.getJson());
onSuccess(this);
}
}
Is there a way to make this work over UnityWebRequest, or i should use some other external library, and which one?
Is this problem because of self signed certificate or rediret URI?
I have tried adding the following:
System.Net.ServicePointManager.ServerCertificateValidationCallback = AcceptAllCertifications;
public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
{
return true;
}
but it seems like UnityWebRequest doesn't use c# HttpClient.
I had the same issue and solved it like this :
First thing to do was to switch to Unity beta 2018.1. There you have the UnityWebRequest.certificateHandler This allows to set up custom certificate validation. one last thing to do is to create an object extending CertificateHandler to manage Certificate validation. (See here in Unity beta documentation)
Here is the code :
MyMonoBehaviour :
IEnumerator GetRequest(string uri){
UnityWebRequest request = UnityWebRequest.Get(uri);
request.certificateHandler = new AcceptAllCertificatesSignedWithASpecificKeyPublicKey();
yield return request.SendWebRequest ();
if (request.isNetworkError)
{
Debug.Log("Something went wrong, and returned error: " + request.error);
}
else
{
// Show results as text
Debug.Log(request.downloadHandler.text);
}
}
AcceptAllCertificatesSignedWithASpecificKeyPublicKey :
using UnityEngine.Networking;
using System.Security.Cryptography.X509Certificates;
using UnityEngine;
// Based on https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#.Net
class AcceptAllCertificatesSignedWithASpecificKeyPublicKey : CertificateHandler
{
// Encoded RSAPublicKey
private static string PUB_KEY = "mypublickey";
protected override bool ValidateCertificate(byte[] certificateData)
{
X509Certificate2 certificate = new X509Certificate2(certificateData);
string pk = certificate.GetPublicKeyString();
if (pk.ToLower().Equals(PUB_KEY.ToLower()))
return true;
return false;
}
}
@goddatr Thanks a LOOOT man!!! If someone doesn't know his public key just print out pk variable and copy it to PUB_$$anonymous$$EY, or find it in certificate under the public key field.
Hello, I had to implement this when using HTTPS. $$anonymous$$y question is: how do I get my RSAPublic$$anonymous$$ey? Where is it? What is it?
Thanks!
Thank you. good solution. Ignore PUB_$$anonymous$$EY and always return value is ture and work fine.
Thanks for this solution - it pointed me into the right direction. For any of you who also don't like the fact that the pk string must be read from the debugger in order to be set correctly, here is a slightly more sophisticated solution. Warining however: Im not a cryptography expert...
For tomcat and java you can easily create self-signed certs using the keytool. You likely have created on, if you end up here... (use google if you need to know more about creating self signed certs with keytool).
You can (text-) exoprt a certificate using the keytool (as text) via:
keytool -export -alias keyAlias -keystore keystoreFile.jks -rfc -file mySelfSignedSSL.cert
This will give you a text file (`mySelfSignedSSL.cert`) containing the certificate data. No the fun part: Strip of the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- part and you've got a standart (base64 encoded) string representation of your cert including the public key. However, you can not use this string in the solution above for two reasons: First, it contains more data than the key bytes, second: the character encoding is different (so the same byte sequence will result in different characters).
Anyhow, you can readily perform an analogous test with this standard certificate representation - just like that:
protected override bool ValidateCertificate(byte[] certificateData) {
string serverCertificate = loadMySelfSignedSSLString();
X509Certificate2 certificate = new X509Certificate2(certificateData);
byte[] serverKey = Convert.FromBase64String(serverCertificate );
X509Certificate2 serverCert = new X509Certificate2(serverKey);
if (certificate.Thumbprint.Equals(serverCert.Thumbprint)) {
return true;
} else return false;
}
You can write a simple parser for the complete cert file (simply remove first an last line) - this way you can easily distribute the complete certificate file with your game and use HTTPS / SSL self signed certs. If the server certificate changes, just ship a new .cert file...
