Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UWP TLS can't connect #202

Closed
adrha opened this issue Mar 19, 2018 · 8 comments
Closed

UWP TLS can't connect #202

adrha opened this issue Mar 19, 2018 · 8 comments

Comments

@adrha
Copy link

adrha commented Mar 19, 2018

Hi,
Since days i'm trying to implement TLS for my UWP App.
The client works fine unencrypted but as soon as i want to use TLS with my pfx certificate (cert and key file), the client returns me an error.

I'm new in handling certificates in UWP but i'm sure this should work!

  • I implemented the client in a C# CLI with TLS and this worked without any issues.

It doesn't matter if i read the pfx certificate directly via the File.ReadAllBytes() or via the X509Certificate, i get the same error...

My code to setup the client:
var certificate = new X509Certificate("client.pfx");
var options = new MQTTnet.ManagedClient.ManagedMqttClientOptionsBuilder()
.WithAutoReconnectDelay(TimeSpan.FromSeconds(5))
.WithClientOptions(new MQTTnet.Client.MqttClientOptionsBuilder()
.WithClientId("efgjbjucgufgugf")
.WithTcpServer("192.168.0.205", 8883)
.WithTls(true, true, true, certificate.Export(X509ContentType.SerializedCert))
.Build())
.Build();

Trace - The german error means "The requested object could not be found"

[2018-03-19T19:04:11.5091413+01:00] [3] [ManagedMqttClient] [Info]: Started
[2018-03-19T19:04:11.8143834+01:00] [4] [MqttClient] [Verbose]: Trying to connect with server.
[2018-03-19T19:04:11.8385155+01:00] [4] [MqttChannelAdapter] [Verbose]: Connecting [Timeout=00:00:10]
[2018-03-19T19:04:12.3575775+01:00] [4] [MqttClient] [Error]: Error while connecting with server.
MQTTnet.Exceptions.MqttCommunicationException: Das angeforderte Objekt wurde nicht gefunden.

Initialize ---> System.Runtime.InteropServices.COMException: Das angeforderte Objekt wurde nicht gefunden.

Initialize
at Windows.Security.Cryptography.Certificates.Certificate..ctor(IBuffer certBlob)
at MQTTnet.Implementations.MqttTcpChannel.LoadCertificate(MqttClientTcpOptions options)
at MQTTnet.Implementations.MqttTcpChannel.d__16.MoveNext()
--- End of inner exception stack trace ---
at MQTTnet.Internal.TaskExtensions.d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at MQTTnet.Adapter.MqttChannelAdapter.d__14.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at MQTTnet.Client.MqttClient.d__22.MoveNext()

[2018-03-19T19:04:12.8565384+01:00] [4] [MqttChannelAdapter] [Verbose]: Disconnecting [Timeout=00:00:10]
[2018-03-19T19:04:12.8960224+01:00] [4] [MqttClient] [Info]: Disconnected from adapter.
[2018-03-19T19:04:12.9023137+01:00] [4] [MqttClient] [Info]: Disconnected.

Thanks!
@masquare
Copy link

masquare commented May 16, 2018
edited
Loading

Hi there,

I'm facing the exact same problem.

I found out, that the problem occurs in constructing the Certificate from the IBuffer (see source here). It's no problem to parse the certificate from an *.crt-file. However, then the MQTT client is lacking the private key required for authentication purposes.
As soon as I try to parse the *.pfx, the problem occurs.

I also tried parsing the *.pfx-file with the X509Certificate2 class first (which works). But after exporting it from the X509Certificate2 object and putting it into the Certificate, it fails:

X509Certificate2 x509Cert = new X509Certificate2("mqtt-client.pfx", ""); //works
Certificate cert = new Certificate(x509Cert.Export(X509ContentType.SerializedCert).AsBuffer()); //same exception

@433MHz do you have any solutions regarding this issue?

@adrha
Copy link
Author

adrha commented May 16, 2018

Hey,

I changed my approach to have an encrypted connection.
I used a signed certificate from Let's Encrypt with the certbot on my broker.

Trusted certs are no problems for the client in UWP.

Think about using a trusted cert!

I didn't followed this problem any longer, but i would be interested, if you get an answer :)

@asthomas
Copy link
Contributor

This worked for me:

// ClientCertificateFile names a PFX file including the private key (and certificate chain)
// If you do not use X509KeyStorageFlags.Exportable then Export will not export the private key
X509Certificate2 cert = new X509Certificate2(ClientCertificateFile, "", X509KeyStorageFlags.Exportable);
MqttClientOptionsBuilder optionsBuilder = new MqttClientOptionsBuilder()
    .WithTcpServer(address.ToString(), port)
    .WithTls(true, false, false, cert.Export(X509ContentType.Pkcs12))
    .WithCommunicationTimeout(new TimeSpan(0, 0, 0, 30, 0));
MqttClientConnectResult result = await Client.ConnectAsync(optionsBuilder.Build());

@lore4
Copy link

lore4 commented Sep 5, 2018

Hi,
sorry @chkr1011 to bump up this issue, but I am experiencing the "Cannot find the requested object." error while connecting to AWS IoT with MQTTnet 2.8.1.
Can anyone point me to what I am missing, please?

As @asthomas suggested, I am using a PFX file which includes the private key, client certificate, and certificate chain (i.e. VeriSign). My code looks like that:

var mqttFactory = new MqttFactory();
// Client options.
Client = mqttFactory.CreateManagedMqttClient();
X509Certificate2 xcert = new X509Certificate2("CertificateCAPvt.pfx", "", X509KeyStorageFlags.Exportable);

MqttClientOptionsBuilder clientOptionsBuilder = new MqttClientOptionsBuilder()
                        .WithTcpServer("xyz.amazonaws.com", 8883)
                        .WithTls(true, false, false, xcert.Export(X509ContentType.Pkcs12))
                        .WithCommunicationTimeout(new TimeSpan(0, 0, 0, 30, 0))
                        .WithClientId(Guid.NewGuid().ToString("D"))
                        .WithCleanSession(true)
                        .WithKeepAlivePeriod(new TimeSpan(0,0,0, 10, 0));

ManagedMqttClientOptionsBuilder managedClientOptionsBuilder = new ManagedMqttClientOptionsBuilder()
                        .WithClientOptions(clientOptionsBuilder.Build());
this.RemoteOptions = managedClientOptionsBuilder.Build();
await RemoteClient.StartAsync(RemoteOptions);

However, on startAsync method a MqttManagedProcessFailedEventArgs is thrown with message "Cannot find the requested object.".

In order to check that certificates and key are correct, I tested them via MQTTfx and the result is positive (e.g. it connects, subscribes, etc. )

May anyone point me in the right direction, please? ;-)

@lore4 lore4 mentioned this issue Sep 6, 2018
Closed
@lore4
Copy link

lore4 commented Sep 10, 2018
edited
Loading

There is a brief update: the very same code works like a charm in a .NET Core application (i.e. Console App .NET core); it connects, subscribes, publishes, and exchanges messages.
I believe that the issue relives in using MQTTnet with TLS in UWP. Could it be?

@chkr1011
Copy link
Collaborator

This is quite strange. Because the UWP implementation cannot be changed. It is just a flag indicating that the underlying stream should use TLS. But the flag says "SocketProtectionLevel.Tls12". Is it maybe a different version of TLS?
Best regards
Christian

@lore4
Copy link

lore4 commented Sep 17, 2018
edited
Loading

Hi @chkr1011 , that seems definitely strange... Amazon states that they use TLS 1.2 on their pages and tutorials; so, there should not be any issue :
I may give a try to change the version on the client, but still I cannot figure it out why in uwp the same code returns an error, while in .NET core it works perfectly.

P.S. I did some testing by changing tls versions and mqtt protocol versions, but the issue is still the same :(

@lore4
Copy link

lore4 commented Sep 24, 2018

For completeness, here the StackTrace of failed event arg:

   at Windows.Security.Cryptography.Certificates.Certificate..ctor(IBuffer certBlob)
   at MQTTnet.Implementations.MqttTcpChannel.LoadCertificate(IMqttClientChannelOptions options)
   at MQTTnet.Implementations.MqttTcpChannel.<ConnectAsync>d__13.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MQTTnet.Internal.TaskExtensions.<TimeoutAfterAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at MQTTnet.Adapter.MqttChannelAdapter.<ConnectAsync>d__20.MoveNext()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@asthomas @adrha @chkr1011 @masquare @lore4