HTTPS Xamarin iOS support for clientcertificates?

0 votes
asked Feb 22 by gtseg (160 points)
edited Feb 22 by Lukas Matyska

Hi,
We would like to use your HTTPS library in our Xamarin project, but it doesn't appear to attatch client certificates to requests. This is a known issue for other projects as the version of .Net used in Xamarin doesn't support it, but as your libraries list support for Xamarin, we thought to ask. Using the latest Xamarin, in iOS 12.1, on an iOS 12 phone, the following code (either with the call back or without, not that the callback is called...) doesn't send the certificate.

HttpRequestCreator request = new HttpRequestCreator();
request.Settings.SslAcceptAllCertificates = true;
request.Settings.SslClientCertificateRequestHandler = new CertRequestHandler(); ;
var fullrequest = request.Create(uriEndPoint);
fullrequest.ClientCertificates.Add(UserData.Cert);
var response = fullrequest.GetResponse();
Stream receiveStream = response.GetResponseStream();
StreamReader readStream = new StreamReader(receiveStream, Encoding.UTF8);                            
string resultString = readStream.ReadToEnd();

Thanks!

1 Answer

+1 vote
answered Feb 22 by Lukas Matyska (55,470 points)
selected Feb 25 by gtseg
 
Best answer

The client certificates are supported for Xamarin.

However, please note that the client certificate has to meet couple of requirements:

  1. It must be time valid: cert.IsTimeValid().
  2. It must have private key: cert.HasPrivateKey().
  3. It must be issued for client authentication: cert.GetEnhancedUsage() is either null or contains ExtendedUsageOids.ClientAuthentication or contains ExtendedUsageOids.AnyPurpose.
  4. Issuer of the client certificate has to match issuer(s) requested by the server.

The first 3 checks can be validated on the client certificate directly. The last check can be validated by the ICertificateRequestHandler.Request() method (your CertRequestHandler class), which contains array of DistinguishedName requested by the server.

Please ensure that the client certificate you used (UserData.Cert) meets all requirements above.

...