我正在使用Google AnalyticsAPI,我按照这个SO问题来设置OAuth:https://stackoverflow.com/a/13013265/1299363
这是我的OAuth代码:
public void SetupOAuth ()
{
var Cert = new X509Certificate2(
PrivateKeyPath,
"notasecret",
X509KeyStorageFlags.Exportable);
var Provider = new AssertionFlowClient(GoogleAuthenticationServer.Description, Cert)
{
ServiceAccountId = ServiceAccountUser,
Scope = ApiUrl + "analytics.readonly"
};
var Auth = new OAuth2Authenticator<AssertionFlowClient>(Provider, AssertionFlowClient.GetState);
Service = new AnalyticsService(Auth);
}
PrivateKeyPath是Google API控制台提供的私钥文件的路径.这在我的本地机器上完美运行,但当我把它推到我们的测试服务器时,我得到了
System.Security.Cryptography.CryptographicException: An internal error occurred.
使用以下堆栈跟踪(删除不相关的部分):
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +33
System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromFile(String fileName, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx) +0
System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags) +237
System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags …我正在尝试X509Certificate2从字节数组中的PKCS#12 blob 构造一个并且得到一个相当令人费解的错误.此代码在具有Windows XP管理员权限的桌面应用程序中运行.
堆栈跟踪如下,但由于_LoadCertFromBlob已标记,我因试图进行故障排除而丢失[MethodImpl(MethodImplOptions.InternalCall)].
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptogaphicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
编辑: blob是由BouncyCastle为C#生成的真正的PKCS#12,包含RSA私钥和证书(自签名或最近注册CA) - 我要做的是转换私钥和证书从BouncyCastle库到System.Security.Cryptography库,从一个导出到另一个导入.此代码适用于已经尝试过的绝大多数系统; 我从未见过该构造函数抛出的特定错误.这个盒子可能是某种环境怪异.
编辑2:错误发生在不同城市的不同环境中,我无法在本地重现它,所以我可能最终不得不将其粉碎到破损的XP安装.
既然你问过,这里是有问题的片段.该代码采用BouncyCastle表示中的私钥和证书,从个人密钥库中删除相同专有名称的任何先前证书,并通过中间PKCS#12 blob将新私钥和证书导入个人密钥库.
// open the personal keystore
var msMyStore = new X509Store(StoreName.My);
msMyStore.Open(OpenFlags.MaxAllowed);
// remove any certs previously issued for the same DN
var …我在Azure网站(不是托管服务)中有网站,我需要在那里处理带有私钥的.pfx证书.
var x509Certificate2 = new X509Certificate2(certificate, password);
但我遇到了以下异常:
System.Security.Cryptography.CryptographicException: The system cannot find the file specified.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& pCertCtx)
at System.Security.Cryptography.X509Certificates.X509Certificate.LoadCertificateFromBlob(Byte[] rawData, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(Byte[] rawData, String password, X509KeyStorageFlags keyStorageFlags)
在文章http://blog.tylerdoerksen.com/2013/08/23/pfx-certificate-files-and-windows-azure-websites/我发现它发生是因为默认情况下系统使用用户的本地目录存储密钥.但Azure网站没有本地用户配置文件目录.在同一篇文章中,作者建议使用X509KeyStorageFlags.MachineKeySetflag.
var x509Certificate2 = new X509Certificate2(certificate, password, X509KeyStorageFlags.MachineKeySet);
但现在我还有其他例外:
System.Security.Cryptography.CryptographicException: Access denied.
at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
at System.Security.Cryptography.X509Certificates.X509Utils._LoadCertFromBlob(Byte[] rawData, IntPtr password, UInt32 dwFlags, Boolean persistKeySet, SafeCertContextHandle& …我试图导出没有私钥的证书,如BASE-64编码文件,与从Windows导出它相同.从Windows导出时,我可以在记事本中打开.cer文件.
当我尝试以下操作并在记事本上打开时,我得到二进制数据......我认为它是......不可读的.
X509Certificate2 cert = new X509Certificate2("c:\\myCert.pfx", "test", X509KeyStorageFlags.Exportable);
File.WriteAllBytes("c:\\testcer.cer", cert.Export(X509ContentType.Cert));
我尝试删除'X509KeyStorageFlags.Exportable',但这不起作用.我错过了什么吗?
编辑 - 我试过了
File.WriteAllText("c:\\testcer.cer",Convert.ToBase64String(cert.Export(X509ContentType.Cert)))
然而,这似乎有效,错过了"-----开始证书-----"和"-----结束证书-----"
在新建X509Certificate2(string, string)IIS进程的实例时,只会崩溃.没有.Net异常,除了我的事件日志中没有任何内容
Faulting application name: w3wp.exe, version: 8.0.9200.16384, time stamp: 0x50108835
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405
Exception code: 0xc0000374
Fault offset: 0x00000000000ea485
Faulting process id: 0x102c
Faulting application start time: 0x01ce10301e250c4d
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5e55321c-7c23-11e2-93f9-00155d8a0f17
Faulting package full name:
我很震惊,不知道从哪里开始寻找.将调试器附加到进程时,我可以打破到这一行,但是当踩到它时,整个事情就崩溃了.
_certificate = new X509Certificate2(pfxFile, pfxPassword);
pfxFile是一个有效的路径,如果我改变它,我立即得到一个正确的.Net PathNotFound异常.
服务器是Windows 2012,运行IIS8和.Net 4.5.
更新
本文介绍了解决方案的相同问题,以确保应用程序池标识启用了LoadUserProfile.
我在我的店里的X509Certificate2证书,我想导出到一个字节数组用的私有密钥.证书字节数组必须是这样的,当我稍后将从字节数组导入证书时,私钥将具有私钥.
我尝试了许多方法,但没有成功使用私钥导出证书.
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert = store.Certificates[1];
byte[] certBytes = cert.GetRawCertData(); // Obviously does not work!
是否可以使用私钥将证书成功导出到字节数组?
非常感谢帮助.
我使用以下代码并获得HttpRequestException异常:
using (var handler = new HttpClientHandler())
{
handler.ClientCertificateOptions = ClientCertificateOption.Manual;
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(new X509Certificate2(@"C:\certificates\cert.pfx"));
// I also tried to add another certificates that was provided to https access
// by administrators of the site, but it still doesn't work.
//handler.ClientCertificates.Add(new X509Certificate2(@"C:\certificates\cert.crt"));
//handler.ClientCertificates.Add(new X509Certificate2(@"C:\certificates\cert_ca.crt"));
using (var client = new HttpClient(handler))
{
var response = client.GetAsync("https://someurl.com/api.php?arg1=some&arg2=test").GetAwaiter().GetResult();
// ^ HttpRequestException: An error occurred while sending the request.
}
}
例外:
WinHttpException: A security error occurred
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
System.Runtime.CompilerServices.ConfiguredTaskAwaitable+ConfiguredTaskAwaiter.GetResult() …我从网上搜索它,找到许多样本从.net中的文件生成一个新的x509Certificate2,但没有一个示例显示如何从.net开头生成一个全新的x509Certificate2.
有没有人可以告诉我如何在.net中做到这一点?
非常感谢你.
我正在尝试以编程方式在我的本地计算机的证书存储中导入X509证书(pfx/PKCS#12).此特定证书具有一系列证书,证书路径如下所示:
我使用的代码如下所示:
cert = new X509Certificate2(pathToCert, password);
if (cert != null)
{
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
if (!store.Certificates.Contains(cert))
{
store.Add(cert);
}
}
此代码确实导入了证书,但它似乎忽略了链.如果我检查商店中的证书,则证书路径仅显示:
但是,当我手动导入pfx时,它确实显示完整路径.我在这里跳过一步,还是我错过了一些参数?有人可以对此有所了解吗?
我正在构建一个受ACS保护的Azure WCF服务,该服务要求客户端通过证书进行身份验证.
我希望客户端(和服务器)从X509Store而不是从文件系统加载他们各自的密码证书.
我正在使用此代码:
private static X509Certificate2 GetCertificate(string thumbprint)
{
var certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint, false);
certStore.Close();
if (certCollection.Count == 0)
{
throw new System.Security.SecurityException(string.Format(CultureInfo.InvariantCulture, "No certificate was found for thumbprint {0}", thumbprint));
}
return certCollection[0];
}
问题是,它没有加载验证所需的私钥.我试图将return语句修改为:
return new X509Certificate2(certCollection[0].Export(X509ContentType.Pfx, "password"));
但是,这会因CryptographicException"Spcecified网络密码不正确"而失败.
编辑: 如果您没有传递密码参数,.Export()方法可以正常工作.
对此有何帮助?
x509certificate2 ×10
c# ×8
.net ×5
pfx ×2
pkcs#12 ×2
.net-core ×1
asp.net-core ×1
azure ×1
base64 ×1
certificate ×1
cryptography ×1
x509 ×1