TCP TLS communication in Xamarin Forms Application

Question

TCP TLS communication in Xamarin Forms Application

iSukhi 6

I want to establish connection between the client and server over TCP using TLS in my Xamarin forms Application. I am facing issues making a successful connection using certificate. Please guide me.

JarvanZhang 23,971 Reputation points

2021-03-30T11:11:39.307+00:00
Hi, iSukhi-8842. First create a TcpClient, and then use SslStream to authenticate the connected client through the TLS protocol.

using (var tcpClient = new TcpClient("10.1.10.250", port)) using (var ssl = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(CertificateValidation))) { ssl.AuthenticateAsClient("10.1.10.250", null, System.Security.Authentication.SslProtocols.Tls12, false); if (ssl.CanWrite) { ... } else throw new SocketException(); }

You could google with the keyword as Versatile Digital DNA Simple Client–Server in C# to check the related document to get how to write a client server in c#.

And here is the similar issue case, you could refer to the function code:
https://stackoverflow.com/questions/54914621/access-self-signed-x509certificates-in-xamarinforms-for-mqtt-tls-connection-to-a
iSukhi 6 Reputation points

2021-03-31T11:52:44.89+00:00

I tried your code and it is giving certificate mismatch exception.
Wha is certificate pinning?
Do i need to do it while doing local tcp communication?
I followed https://stackoverflow.com/questions/54914621/access-self-signed-x509certificates-in-xamarinforms-for-mqtt-tls-connection-to-a
for the reference.

iSukhi 6

This is my code:

X509Certificate vCert;

    bool CertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors certificateErrors)
    {if (vCert == null)
        { using (var waitHandle = new EventWaitHandle(false, EventResetMode.AutoReset))
            {Task.Run(async () =>
                {
                using (var assetStream = await Xamarin.Essentials.FileSystem.OpenAppPackageFileAsync("CA_Certificate.cer"))
                using (var memStream = new MemoryStream())
                {
                    assetStream.CopyTo(memStream);
                    vetaarCert = new X509Certificate(memStream.ToArray());
                    waitHandle.Set();
                }
            });
            waitHandle.WaitOne();
        }
    }
    bool result = vCert.Equals(certificate) ? true : false;
    return result;
}

JarvanZhang 23,971 Reputation points

2021-04-01T08:15:44.28+00:00

Could you post the details about the error log?

1 answer

Your answer

JarvanZhang 23,971 Reputation points

2021-03-30T11:11:39.307+00:00

Hi, iSukhi-8842. First create a TcpClient, and then use SslStream to authenticate the connected client through the TLS protocol.

using (var tcpClient = new TcpClient("10.1.10.250", port)) using (var ssl = new SslStream(tcpClient.GetStream(), false, new RemoteCertificateValidationCallback(CertificateValidation))) { ssl.AuthenticateAsClient("10.1.10.250", null, System.Security.Authentication.SslProtocols.Tls12, false); if (ssl.CanWrite) { ... } else throw new SocketException(); }

You could google with the keyword as Versatile Digital DNA Simple Client–Server in C# to check the related document to get how to write a client server in c#.

And here is the similar issue case, you could refer to the function code:
https://stackoverflow.com/questions/54914621/access-self-signed-x509certificates-in-xamarinforms-for-mqtt-tls-connection-to-a
iSukhi 6 Reputation points

2021-03-31T11:52:44.89+00:00

I tried your code and it is giving certificate mismatch exception.
Wha is certificate pinning?
Do i need to do it while doing local tcp communication?
I followed https://stackoverflow.com/questions/54914621/access-self-signed-x509certificates-in-xamarinforms-for-mqtt-tls-connection-to-a
for the reference.
iSukhi 6 Reputation points

2021-03-31T11:54:55.497+00:00

This is my code:

X509Certificate vCert;

bool CertificateValidation(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors certificateErrors) {if (vCert == null) { using (var waitHandle = new EventWaitHandle(false, EventResetMode.AutoReset)) {Task.Run(async () => { using (var assetStream = await Xamarin.Essentials.FileSystem.OpenAppPackageFileAsync("CA_Certificate.cer")) using (var memStream = new MemoryStream()) { assetStream.CopyTo(memStream); vetaarCert = new X509Certificate(memStream.ToArray()); waitHandle.Set(); } }); waitHandle.WaitOne(); } } bool result = vCert.Equals(certificate) ? true : false; return result; }
JarvanZhang 23,971 Reputation points

2021-04-01T08:15:44.28+00:00

Could you post the details about the error log?

Answer 1

I would say you could do it using MQTTnet but I am having similar issues connecting to aws.

private async Task OnConnectToIoTHubCommandAsync()
{
const string server = "sample.amazonaws.com";
const string clientId = "XXXXXXXXXXKELYG82g";
const string machineId = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX";
const string topic = "helloServer" + machineId;

            byte[] caCertRawBytes;
            byte[] clientCertRawBytes;

            using (var stream = await FileSystem.OpenAppPackageFileAsync("AmazonRootCA1.crt"))
            {
                using (var memoryStream = new MemoryStream())
                {
                    stream.CopyTo(memoryStream);
                    caCertRawBytes = memoryStream.ToArray();
                }
            }

            using (var stream = await FileSystem.OpenAppPackageFileAsync("Private.pfx"))
            {
                using (var memoryStream = new MemoryStream())
                {
                    stream.CopyTo(memoryStream);
                    clientCertRawBytes = memoryStream.ToArray();
                }
            }

            var caCert = new X509Certificate(caCertRawBytes);
            var clientCert = new X509Certificate2(clientCertRawBytes, "PfxPassword"); 

            var source = new CancellationTokenSource();
            var token = source.Token;

            var mqttOptions = new MqttClientOptionsBuilder()
                                  .WithTcpServer(server, 8883)
                                  .WithTls(new MqttClientOptionsBuilderTlsParameters
                                  {
                                      UseTls = true,
                                      Certificates = new List<X509Certificate> { caCert, clientCert },
                                      AllowUntrustedCertificates = false,
                                      IgnoreCertificateChainErrors = false,
                                      IgnoreCertificateRevocationErrors = false,
                                  })
                                  .Build();

            // Create a new MQTT client.
            var mqttClient = new MqttFactory().CreateMqttClient();
            await mqttClient.ConnectAsync(mqttOptions, token);
            await Task.CompletedTask.ConfigureAwait(false);
        }

The output is an authentication failed see inner exception but the only thing in there is a System Exception exception and a timeout. I'm posting because my problem seems to be closely related to yours. The pfx file is a combination of the thing cert and the private key.

BREIL Patrick 1 Reputation point

2021-06-30T15:16:56.953+00:00

I had the same problem while logging in.
By only putting the pfx in the list of certificates it works correctly, just clientCert for your example.

Share via

TCP TLS communication in Xamarin Forms Application

1 answer

Your answer