'Cannot find the requested object' exception while creating X509Certificate2 from string

前端未结

关注

 2  1054

I am trying to create X509Certificate2 from string. Let me show an example:

string keyBase64String = Convert.ToBase64String(file.PKCS7);
var cer


                      
              相关标签:


      
      
        
          2条回答        

        
                         				            
            
           
            
                              
                
              
              
                
                  一整个雨季        
                
              
                            
                2021-01-11 13:05
              
            
            
                                                                       
If file.PKCS7 represents a PKCS#7 SignedData blob (what gets produced from X509Certificate2.Export(X509ContentType.Pkcs7) or X509Certificate2Collection.Export(X509ContentType.Pkcs7)) then there are two different ways of opening it:


new X509Certificate2(byte[])/new X509Certificate2(string)


The single certificate constructor will extract the signing certificate of the SignedData blob.  If this was just being exported as a collection of certs, but not signing anything, there is no such certificate, and so it fails with Cannot find the original signer. (Win 2012r2, other versions could map it to a different string)

X509Certificate2Collection::Import(byte[])/X509Certificate2Collection::Import(string)


The collection import will consume all of the "extra" certificates, ignoring the signing certificate.



So if it's really PKCS#7 you likely want the collection Import (instance) method.  If it isn't, you have some odd variable/field/property names.
                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
            
           
            
                              
                
              
              
                
                  再見小時候        
                
              
                            
                2021-01-11 13:09
              
            
            
                                                                       
The constructor of of X509Certificate2 expects to get a the certificate file name, but you are giving it a key (X509Certificate2 Constructor (String))

I assume that keyBase64String  is the certificate key, and that the certificate is installed on the machine that executes the code. Try this:

var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certCollection = store.Certificates.Find(X509FindType.FindByThumbprint, keyBase64String , false);
//var certCollection = store.Certificates.Find(X509FindType.FindByKeyUsage, keyBase64String , false);
//var certCollection = store.Certificates.Find(X509FindType.FindBySubjectKeyIdentifier, keyBase64String , false);
var cert = certCollection[0];


You can also try FindByKeyUsage, FindBySubjectKeyIdentifier, or other types of X509FindType Enumeration
                                                                        
                                                        
            
            
              
                
                0
              
                 
                
               讨论(0)
              
              
                                                   
              
                                                            
            
                      
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
          	          
                             
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复